Creating a secure, Internet-based control system

A client in the automotive test industry asked me to design a control system for a high-speed electrohydraulic servo mechanism. I was given free reign in the selection of a control system platform that could handle the task of running a control loop at the specified rate of 10,000 updates per second while facilitating control algorithm experimentation and rapid prototyping of graphical user int...

By Staff August 1, 2004

A client in the automotive test industry asked me to design a control system for a high-speed electrohydraulic servo mechanism. I was given free reign in the selection of a control system platform that could handle the task of running a control loop at the specified rate of 10,000 updates per second while facilitating control algorithm experimentation and rapid prototyping of graphical user interfaces.

I decided to initially adopt the desktop version of National Instruments’ LabView running on a fast Microsoft Windows XP machine. If things went smoothly, I envisioned migrating to the more expensive, and more reliable, LabView RT (this platform consists of LabView plus the LabView Real-Time Module and special-purpose computing hardware which together provide deterministic behavior).

The prototype system graphic above shows the basic setup using a National Instruments multi-function data acquisition board to provide the analog interface to the hydraulic system.

Segmenting the application into its real-time and non-real-time components was the first step in the development process. The real-time segment would run on the computer physically attached to the hydraulic package and communicate over the Internet with a second computer running the non-real-time segment. LabView provides a mechanism known as VI Server, which allows LabView virtual instruments (VIs) to communicate with one another remotely across a network.

Using VI Server functionality, I segmented the application into two pieces: the real-time control loop and the user interface. The control loop is a relatively simple VI which acquires sensor data, executes the control algorithm, and updates the servo valve command signals. The user interface handles things like file I/O signals, data display, and control optimization. Communication between the two VIs is non-real-time and the control loop does not block communication between to the two. In other words, Internet slowdowns don’t impair the behavior of the real-time control loop.

The prototype system using NI’s multi-function data acquistion board as the annalog interface to a hydraulic system.

With the networked system working properly, the next task was to protect it from unauthorized users. The built-in password protection scheme provided inadequate security, so I proposed that we implement a virtual private network (VPN) between my office and the client’s facility. The client agreed to support this since implementing a VPN would also allow its other off-site workers to access company computing resources in a more secure manner. We purchased a pair of VPN routers from Linksys that made it relatively easy to implement a VPN connection between the two locations.

The success of this prototype proves that by using off-the-shelf hardware and a relatively inexpensive version of LabView, we could rapidly develop prototype control software for a high-performance electrohydraulic system. VI Server functionality allowed remote software development (from my home base in Idaho) while VPN technology provided needed network security.

Author Information

Hugh Shane is a consulting electrical engineer with experience in real-time embedded software, digital systems, signal processing, and controls.