Improve process control engineering with better collaboration, security

The process control system can provide a reliable basis for effective and efficient collaboration for engineering projects.

By Manuel Keldenich December 24, 2019

Traditionally, engineering projects were carried out within a department of the operating company itself, maybe with support from a system integrator or a machine builder. This is now changing and sticking with familiar working methods, silo mentality and serial work, plant owners and operators will no longer be able to compete.

New forms of cooperation and knowledge transfer are necessary. One factor is web-based collaboration in engineering, which integrates all stakeholders and ensures that they can work consistently and in parallel. It is no longer necessary to install software on specific workstations for administration, engineering, and plant operation. Thanks to HTML5, it is possible to have secure access to the system and to operate it efficiently just requiring a common browser.

To create an intuitive operating environment means simplifying the operating philosophy across all applications and implemented the concept of ‘one workbench’ for all applications and tasks: An authorized user can toggle between an engineering view and a monitoring & control (operational) view with one single mouse click. Access to operating elements, control sequences, alarms, or interlocks is therefore directly achievable at any time from a single point of entry.

Administration is integrated into this concept. License and user management is controlled from here as well as the administration of all software- and security-related procedures. As the applications are carried out via the browser, local installations, such as on-site updates, become increasingly redundant: The application is in the latest version every time it restarts.

Collaboration benefits

Interdisciplinary collaboration of new project teams assembled from all parts of the world is already a reality for many. For example, consistent, object-oriented data management with centralized data storage ensures that everyone involved in a project can access up-to-date data at any time. At the same time, they bring knowledge from their own working environment to the centrally administered project. A clear session concept with automatic consistency checks ensures that all data is always free of contradictions: A new session starts with each opening of a project and all user activities are recorded in their own change context.

If several users access the public database, it is clearly visible which changes the logged on user has made himself and where object processing is currently restricted due to the work of other users. Individual objects are locked automatically by the system and not manually by the user. If changes have been made and can be shared with other colleagues, they must be published. During the publish process, changed object sets are consistently and controllably introduced into the system automatically. On this basis, change tracking and versioning for the engineering data is also implemented. In this way, the various project statuses can be identified and restored at any time.

These technical principles allow engineering and operational processes to be developed simultaneously. Project engineering that is not dependent on the hardware also offers an extremely high degree of flexibility. The following observation shows what this means in practice: Imagine how much coordination effort is saved if an on-site team in the field has access to all project data via mobile devices during commissioning (for example during loop-check) and can complete changes to the central project in real time. In parallel, employees can toggle between engineering and monitoring & control views with a single click – and all on the same device.

Screens have been designed for typical processes such as hardware engineering or process signal interconnection. Systems have been developed so beginners can quickly access the system via intuitive procedures such as drag-and-drop of objects for interconnection. At the same time, the understanding of the fundamental object model grows. Not only are user groups are supported in a task-oriented manner, but users can also expect assistance corresponding to their level of experience, can be demonstrated by means of ‘spreadsheet engineering’ which offers the ability to quickly query over all objects. The properties of the query results can then be bundled and edited.

Further improvements in efficiency can also be expected through another support of individual working methods: The decoupling of the equipment hierarchy from the target hardware means that planning and assignment of the hardware and thus the distribution of the entire system can take place at the latest possible stage. In future, project engineers will be able to dispense with creating channel driver modules and plan technological projects without hardware addressing. Because signals are assigned to real hardware addresses at a very late stage, it is possible, for example, to first plan the cabinet and then generate the technological plan.

This late binding, on the other hand, makes it possible to first map the process from templates and then plan the control cabinet. The signal mapping between the equipment hierarchy and the technological (hardware) hierarchy is done using a convenient drag-and-drop in the signal editor. In addition to the support of individual procedures, the user benefits from late binding above all in terms of safety and cost-savings, as changes can be considered and implemented quickly and easily right up to the end.

IT security

The implemented security functions then take effect during their subsequent use. Modern encryption processes are obviously used to produce secure communication between web servers and web browsers (client). Access to the system is only possible following authentication and authorization and the overall communication is based on certificates. Users, computers, or devices must identify themselves using a digital certificate which sits in the background before they are granted access to an application. The new control system also fits into the defense-in-depth concept based on the recommendations in IEC 62443. This deeply structured defense concept combines plant and network security with elements of system integrity to form a comprehensive protection concept.

Due to its web-based nature, the new process control system is designed for interdisciplinary collaboration. No matter whether work is dine synchronously or asynchronously, it allows a traceable, versioned processing of projects and thus contributes to time and costs savings. At the same time, the handling of individual control system functions has become clearer and more comprehensible – regardless of whether one or more users access the system.

This article originally appeared on the Control Engineering Europe website. Edited by Chris Vavra, associate editor, Control Engineering, CFE Media,

Author Bio: Manuel Keldenich is a project manager at Siemens Digital Industries.