Open networks for the digitalization in production17.02.2021
Practically all corporations know that the thorough digitalization of their production lines is inevitable in order to assert oneself on the market. In order to avoid standing in your own way during this endeavor, existing structures need to be reviewed, new ones created and the paths to the data sources have to be opened. Although the IT and OT areas were separate or partitioned from each other until now, a comprehensive network thinking is necessary. The OT area can profit here from IT because proven solutions are already available in regards to real-time guarantee or the observation of security requirements.
System operators and also mechanical engineers have to rethink. Because it is inevitable to design the future network structure in its totality from the beginning so that it can be operated without reservation for a direct data access for the purpose of process digitalization. The basis for a successful comprehensive digitalization is the use of source data directly from the production process which can be implemented only with an open, convergent network structure. Quick solutions with data acquisition via gateways or via the process image of the PLC limit the data volume and make the “data scientist” not happy. The digitalization and thus the extensive provision of production data is only possible via a cutting-edge network planning with a comprehensive approach.
Criteria for an OT network planning for digitalization production process successfully and comprehensive can basically be described with three keywords. The first is the continuity. With this a direct access to data sources from the process is made possible. Certain rules have to be valid, which brings us to the second keyword, the security that prevents unauthorized accesses. The third is capacity, that is which bandwidths need to be taken into account during planning for the data traffic to be expected. The bandwidth problem is visibly solved when regarding "gigabit". What needs to be changed is the currently existing basic partitioning. What is necessary here is to achieve the necessary flexibility, performance and security in the planning by the establishing of virtual partial networks by logical separation via VLAN (Virtual Local Area Network).
Continuity: Who has the overview?
The future always starts in the present. Precisely that is valid for the "data engineering" which represents a decisive segment of data-science projects. This primarily concerns the collecting, preparing and validating of data, whereby a stock taking should always be at the beginning. In particular for old systems (brownfield) it is important to achieve clarity and an overview of the data sources and their acquisition: Which data is available; which data is needed? What do worst-case and best-case scenarios look like? Which consumer provides what data in which format? How reliable is the data from the PLC or otherwise from the network surrounding the PLC? Can capacity limits be expected? Further points are the network and performance analysis. A cost-benefit analysis always needs to be taken into account and weighed against each other so that the digitalization remains affordable.
The existing network thus needs to be inspected for the demands of the steadily increasing data appetite in regards to the topology, performance of the infrastructure and security requirements to ensure the data flow. For the most part, machine and system networks are designed homogeneous, i.e. a controller for a PROFINET application is declared a "trusted zone" with the background of security and reliability. The new requirements demand, however, a convergent network design and thus a much more global trusted zone.
The controllers are programmed by every trick in the book; each one operates reliably and of course interfaces are planned for the communication in the automation group. This is not sufficient though as a foundation for a sensible and successful digitalization. In a digitalized production there should be one common network; each individual machine is then a part of this (heterogeneous) group in which several applications should run trouble-free next to and with each other. The consequence of that: The mechanical engineer has to rethink; needs clear specifications though from the future network operator. Only in this way is it avoided that the programming and engineering effort for the machines increases significantly.
Accessing data sources
The digitalization has a great "data appetite" that can be satisfied only by the data of the machines. Currently all data comes from the machine controller that is provided via the process image of the PLC or due to additional applications. But do we really receive all data that we need or is some possibly being withheld? Let us take an example from energy efficiency. Today it is already possible to record energy consumptions from the individual consumers directly aside from the PLC. This takes place somewhat cumbersome because there is no uniform standard, but with a uniform language such an OPC UA, doors are opened for this. Instead, machine and system networks are shielded and an energy counter is implemented at the infeed of the control cabinet. The analysis possibility of peaks of the individual consumers, potentials for process optimization and thus saving potentials are lost. This partitioning thus results in only about 40 % of the otherwise possibly 100 % of the process data being used currently. That is a brake shoe, actually a hazard for the comprehensive digitalization idea. Beyond that we block the direct access to "intelligent" sensors and actuators or build up parallel networks.
Security and capacity: Who is allowed in and how much bandwidth?
The next aspects during the planning are network security and capacity. Despite the greatest amount of continuity it needs to be ensured that only those authorized may satisfy their "data appetite". Here too, clear structures help fulfil the necessary security requirements. Above we spoke only about IT and OT levels. It can be clearly seen that a gap has formed between these two levels. It needs to be closed: With a comprehensive network design that plans for an additional level: the IIT level (Industrial Information Technology). With this IIT level we solve problems that are deemed an obstacle till now of a thorough communication: Bandwidth, real-time guarantee, reliability and security requirements. This level features in the future over a high-performance infrastructure with an intelligent network management which allows for a stable and reliable operation for various applications. Virtual separations via VLAN connections ensure the direct access and diagnostics-capable managed switches, which operated as "network policemen", serve as network as well as application monitoring. The right choice needs to be made here.
Plan networks correctly from the start
Help for the comprehensive planning and design are offered today by special tools. More important ahead of the planning is the conceptional proposal under a comprehensive approach. This includes objectives and type of the communication, structures, access rights (security) but above all also the topic of the responsibilities. Indu-Sol (see company box) offers in addition to the software offer PROnetplan and the diagnostics switch familyPROmesh a partnership for consulting, planning and monitoring in OT networks. Evaluation and analysis of the actual conditions and concept design in the sense of a basic engineering to the network and thus creation of optimal conditions for the "data mining". The digitalization threatens to fail if we do not create the conditions for exploiting the data acquisition optimally.
- PROmesh: Powerful industrial switches with integrated network monitoring
- PROnetplan V2: The uncomplicated software for network and bandwidth planning of industrial systems
- Planning of industrial networks: consulting, proof of concept and more