Smart factory controllers bring security and connectivity
While smartphones have replaced the previous generation of consumer devices in many of the tasks we do every day, edge programmable industrial controllers (EPICs) are replacing PCs, servers, and legacy hardware in the factory environment. Edge controllers are designed to increase the efficiency of existing automation systems, while reducing complexity and cost of ownership.
What is edge computing again?
Edge computing refers to the trend of increasing processing power and storage in devices that reside close to where real-time data is generated by sensors, equipment, and users. For control systems, edge controllers bring general-purpose computing power, connectivity, data processing, and storage to the process level in a compact, industrial form factor, along with input/output (I/O), real-time control and visualization options.
Like the modern smartphone, the modern controller is changing the traditional architecture by providing a platform for innovative software at the edge where data is generated. User management, networking, security, and hardware interfaces are integrated, creating an ecosystem of applications and tools users can work within to deliver a richer functionality to the process than was possible before (Figure 2). One controller can handle many more automation functions, including those that traditionally required a PC or other dedicated equipment.
Consider these examples of what recent edge controller technology developments can do for factory control system architectures.
On-board OPC and more
Integrating multi-vendor programmable logic controllers (PLCs) or aggregating data from heterogeneous devices might be handled using a dedicated OPC server. It could be hosted on anything from a consumer-grade laptop on a shelf, to a rack-mounted server, to a virtual machine (VM) in an information technology (IT)-managed infrastructure. Regardless, this dependence on PCs requires additional licensing costs and management overhead.
IT management complexity, in particular, is a thorn for factory automation. Every new PC requires configuration, user access controls, antivirus, driver and operating system updates, and so on, which invite potential disruptions to production due to maintenance or unexpected downtime. Each of these components may introduce more costs in the form of licensing and long-term support agreements. System ownership also can become contentious when maintenance procedures don’t integrate well with any particular group’s operations.
Unlike legacy PLCs, edge controllers can provide a complete connectivity solution, including acting as OPC or messaging queuing telemetry transport (MQTT) servers. Unlike PC-based solutions, edge controllers require little IT involvement, because they’re built for industrial environments and are secure out of the box.
This shifts the burden away from IT and allows operations and engineering to fully control the automation. Costs vary based upon the specific application, but are often lower because of reduced hardware and software licensing.
When PCs are removed from the communication infrastructure, the architecture’s overall complexity is reduced. Fewer interconnections are required, and control and communication can be managed together.
Benefits of databases at the edge
Database servers are another common feature of the factory environment because of the way they make it possible to store, combine, share and protect process data. In the age of Big Data, cloud analytics, machine learning, and the Internet of Things (IoT), database servers are becoming more important since data is more prolific and complex.
The tradeoff is an increased burden on central servers. There is more network traffic, and data originates from many different devices in different formats. Extra work to normalize data includes processing and sequencing so database schemas don’t become complicated and inefficient.
Edge computing techniques were first developed to address problems like these on the global internet, by decentralizing resources and moving them closer to the requested geographic areas. Edge controllers can do the same thing for factory networks. Because of their ability to run custom applications — in addition to basic control — it’s possible to have a database server running locally on an edge controller.
The edge controller can store and pre-process data, respond to local requests, and forward normalized data to central storage. This reduces the demand on central networks and servers. It also improves responsiveness and flexibility at the process level compared to using flat-file storage. Store-and-forward techniques also can be used to build in fault tolerance where network stability is an issue.
Many potential applications are available, such as data logging and historization. Process data is much more usable when stored in a database, because of the built-in query logic and available administration tools. Users can turn a simple archive of process values and events for a given piece of equipment into a report system to reduce local downtime or increase overall equipment effectiveness (OEE). The system can be queried directly or replicated to central storage.
A local database also could be used as a task scheduler across one or more process areas. Building this kind of logic using process control languages can be cumbersome and inflexible. Database systems and high-level programming languages are better able to create and manage time-based event mechanisms.
An advanced example, combining storage and scheduling needs, is batch and recipe management. Many recipes can be stored in a database and modified without needing to download new control code, with recipe execution triggered by operators or scheduled to run at particular times. The quality of open-source databases (Figure 3) makes it possible to deliver functionality like this on an edge controller even for smaller facilities or low-cost applications without setting up a host PC.
Database connectivity can work in the other direction, as well, since edge controllers can establish their own connections to external on-premises or cloud-hosted databases. If the recipe database from the previous example were moved to cloud storage, it could be shared with controllers across many sites. Each edge controller could establish its own connection and request parameters as needed, while allowing for consistent recipe management across all equipment. Or a combined approach could be used, with the edge controllers housing local replicas of the master database. In either case, this model can be achieved while reducing dependence on factory floor PCs.
Security by design
Connectivity is a principal driver of the developments in controller technology. Edge controllers are designed to support the increasing convergence between information technology (IT) and operations technology (OT), as in the examples for OPC communication and data storage and processing. Cybersecurity is also a key driver in this increasingly connected world. Edge controllers address modern security needs through their design and, operationally, through the way they simplify control system architectures.
In terms of ingrained security, edge controllers embed enterprise-grade standards at the process level. They require user authentication and support multiple access levels. Since they are network-oriented, they also include standard networking protections such as internal firewalls for blocking unsolicited requests, multiple Ethernet interfaces for segregating trusted and untrusted traffic, and SSL/TLS encryption and certification.
By contrast, the typical factory supervisory control and data acquisition (SCADA) architecture involves many point-to-point connections, using unsecured application- and device-specific communication protocols. As these networks grow, potential attack vectors multiply. Maintaining a secure fabric in these types of systems requires heavy IT involvement and increased infrastructure. This also means spending a lot of time getting approvals for network addresses, ports, LAN management and general operations.
Edge controllers absorb the job of legacy hardware, flattens architecture, reduces the overall attack surface while adding a strong layer of security. Rather than requiring either a rip-and-replace approach or heavier infrastructure to secure automation, a network of edge controllers can sit between unsecured and even disparate network segments (separated physically or by subnets, VLANs, or firewalls, for example), establishing a secure, cohesive internal network that can be managed more effectively.
There’s an app for that
Smart edge devices are doing the same thing for the industrial space they did for the consumer space: bringing flexible functionality where it’s needed most. Edge controllers can be used for basic control, but they have the horsepower to run many “apps” an engineer might want at the process level. Examples discussed here have focused on how edge controllers can revitalize and simplify existing factory control systems and infrastructure, but edge controllers provide a platform that also can be used for mobile visualization, text and email alarm notification, integration with MES and IoT systems, or even developing custom applications.
There are limitations, however. Edge controllers require their own resource management, and advanced functionality requires an understanding of the implications for security and administration. But the result can simplify and improve the system architecture.
Keywords: Edge controllers, internet of things, mobile technology
Edge computing is the trend of increasing processing power and storage in devices that reside close to where real-time data is generated by sensors, equipment, and users.
Edge controllers can improve connectivity and require little or no IT involvement.
Smart edge devices bring flexible functionality where it’s needed most.
What benefits can edge controllers bring to your facility?