Not so long ago, when automation suppliers talked about the future of manufacturing, cloud computing was central to nearly every conversation. Though the cloud remains poised to play a significant role in manufacturing’s future, there is a great deal more attention being focused on edge computing today.
If you’re unsure about the difference between the two, here is a simplified explanation. Edge computing is the placement of servers or other computing devices—even a microcomputer—on or near a plant-floor device for data collection, analysis and storage. Cloud computing, on the other hand, involves sending plant-floor device data to an off-site server for storage and analysis. Read more about edge computing here.
SCADA/HMI at the edge
Last year at the ARC Forum, Inductive Automation announced its partnership with Cirrus Link Solutions around the release of MQTT modules for Inductive Automation’s Ignition product. Those modules were designed to decouple applications—such as HMI and SCADA—from plant-floor devices and send the devices’ data to an MQTT server, which could then be connected to various applications. By taking this step, Inductive Automation and Cirrus Link addressed the growing network traffic issues and negative impacts of too much direct data polling of plant-floor devices.
Now, Inductive Automation and Cirrus Link are planning to release IgnitionEdge—a set of three products designed for plant floor edge computing applications. The products include IgnitionEdge Panel, which creates local HMIs for field devices; IgnitionEdge Enterprise for synchronizing data collected from an edge device to a centralized server; and IgnitionEdge MQTT to publish field device data through MQTT. Read more about MQTT.
IgnitionEdge products can handle up to 500 tags from PLCs and come with OPC-UA, Modbus, Siemens and Allen-Bradley drivers. The products are also cross-platform, meaning they can work on any platform from Windows and OSX to Linux and even Raspberry Pis.
Though the IgnitionEdge Panel is a straightforward product for creating local HMIs, an added benefit is its ability to buffer data—enabling one week’s worth of data to be stored on the device in the event of failed network connection.
IgnitionEdge Enterprise allows for the creation of a hub-and-spoke architecture so that it can act as a remote server to synchronize data from an edge device to a central Ignition server via the Ignition Enterprise Administration Module. In addition to its remote backup, restoration management, centralized monitoring of performance and health metrics, and remote alarm notification, IgnitionEdge Enterprise has store-and-forward capabilities. This means that, like the IgnitionEdge Panel, it can handle local data buffering to collect historical data for up to one week if the connection to the central several goes down. Once connections are restored, data will synchronize back to the central server.
IgnitionEdge MQTT essentially enables any device to become an edge gateway by converting the device’s data into MQTT and publishing it to an MQTT broker, which can then be accessed by the MQTT Engine Module.
Arlen Nipper, president and CTO of Cirrus Link Solutions, noted a key aspect of IgnitionEdge is its ability to enable devices to deliver the root authority on tag information. With the tag itself becoming the root authority for information about the device, “Human tagging can become a thing of the past,” Nipper said, adding that if a tag is manually changed, that change will be automatically reflected all the way back to the central server.
With IgnitionEdge, people can “stop talking about how to adopt IoT and get on with doing it,” said Don Pearson, chief strategy officer of Inductive Automation. “IgnitionEdge takes any field device and turns into a lightweight IoT-enabled device.”
Cybersecurity at the edge
Bedrock Automation, which made a surprising entry into the automation market just two years ago with a unique approach to designing controllers, I/O and even the backplane, extended its embedded cybersecurity capabilities with the release of Bedrock Cybershield 2.0. A key addition to this upgrade is the incorporation of a certification authority into Bedrock’s hardware root of trust.
Certification authority is a critical aspect for interconnected automation systems, particularly as operations technology (OT) and IT systems converge. Adding this capability into Bedrock Automation’s root of trust means that applications and developers can now receive certificates of authority (CAs) to incorporate Bedrock encryption keys into their software, giving their programs secure access to Bedrock controllers.
Software providers working with Bedrock Automation on this include 3S,which is using its IEC61131 configuration and runtime engines running over TLS (transport layer security) with authentication to the Bedrock system root of trust, and M&M with its software’s Field Device Tool (FDT) for HART configuration. Albert Rooyakkers, founder and CTO of Bedrock Automation, noted that Inductive Automation and other SCADA partners will begin working with Bedrock Automation’s CAs later this year.
Explaining the benefits of adding CAs to Cybershield, Rooyakkers said it extends Bedrock Automation’s embedded security from the controller to the networks, applications and edge devices connected to it. At the ARC event, Rooyakkers provided insight into how this CA approach to cybersecurity will extend even to the people accessing the system via multi-factor authentication with smart cards, biometrics and role-based access management authenticated to the root of trust inside the machine. The biometric and smart card features will be available in subsequent Cybershield releases later this year.
With this approach, “The person operating the workstation has certification authority to access the automation system and so does the workstation itself,” said Rooyakkers. “And with OPC UA, we deploy an open communications standard for Ethernet networks at the control and I/O. OPC UA server runs in the Bedrock Secure Power and UPS products with the client running in the Ethernet I/O module.”
Certification authority adds to the layers of intrinsic security designed into Bedrock Automation’s electronic components and modules, which include strong cryptography, secure components, component anti-tamper, secure firmware, secure communications and module anti-tamper. From embedded cryptography to physical tamper resistance, the design of Bedrock Automation’s products address industrial security concerns with the objective of a “nation-state” defense posture, said Rooyakkers.
Companies can also personalize their own unique root keys with Bedrock Automation’s SCC.X controller, which allows for customer-specific root keys to be placed within the controller in the Bedrock factory at the time of order. Rooyakkers said these unique root keys not only provide an additional layer of protection for user IP, the system modules and applications can be defined by company, plant or other designations desired by the user.
Bedrock Automation also unveiled its new 20-channel discrete output (DO) module—SIO8.20. Key features of the new module include:
- 20 galvanically-isolated DO channels.
- Each of its 20 channels are electronically fused to a programmable threshold up to 1 amp per channel.
- Overcurrent retry enables programming a channel to latch off and retry during overcurrent.
- Fail-safe output protects the module if communication with the controller fails, directing output to a configured fail-safe value or holding it at last known value.
- User-selectable single/dual/triple redundancy.
- A 32-bit Secure ARM and an additional microcontroller on each of the 20 DO channels for speed and diagnostics.
- Support of IEEE 1588 time precision protocol for SOE synchronization with +/- 0.5m sec accuracy on all channels.
Servers at the Edge
One of the most frequently asked questions about the Industrial Internet of Things (IIoT) is: Where do I start? And while there are plenty of entry points to IIoT, one of the most basic approaches involves shoring up your edge computing capabilities.
With a long history in the financial and telecom sectors, Stratus has been turning its attention toward industrial automation and is positioning its fault tolerant servers and high availability software for use across industry. Evidence of this can be seen in Stratus achieving a 40 percent increase year-over-year in revenue from industrial companies in the Americas.
Jason Andersen, vice president at Stratus, said that most of the business Stratus has done in industry comes from the process side, specifically oil and gas, water/wastewater, electricity, food and beverage, and pharmaceuticals. He also noted that Stratus’ primary customer in industry is someone in operations technology, not IT. “We support the whole stack, so it avoids any finger pointing by IT,” he said.
Explaining why off-the-shelf, general business servers are not the best choice for industrial automation applications, Andersen said that Stratus is often brought in to work with industrial companies because “something broke [with a general business server] and it was painful for the company, or they’re looking to upgrade their operating software to enable fail-safe operation and remote management of edge servers.”
Another key aspect of Stratus’ offering for industry, which holds particular appeal for its OT clients, is Stratus’ ability to perform predictive maintenance on its server and software.
Andersen said that most industrial computing today involves providing a platform for HMI and SCADA. “But as companies look to do more with IIoT, they’ll need more software at the edge and it needs to be protected. That’s where we come in,” he said. “We provide a smart connected hub for industry. Like Google Home or Amazon Echo for consumer use, we connect devices to the cloud. We’re essentially selling an on-ramp to the future of IIoT,” he said.
In terms of its use in industry, Andersen said Stratus’ servers and software are “application transparent,” meaning that they can support any industrial software applications. Current industrial automation partners include Rockwell Automation, Wonderware by Schneider Electric, GE Digital and Siemens.