The merging of automation and IT - Digital Asset ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
© Siemens 2020
The merging of
automation and IT
siemens.com/S7-1500
Author The increasing digitalization of One example of this is communication
processes is being accompanied by via Profinet, which uses TCP/IP and IT
Andrea Rauscher
growing demands for the provision standards. Components that communi-
Product manager SIMATIC
Siemens AG, Nuremberg
and processing of data at the auto- cate via Profinet have an IP address by
Germany mation level: which they are identified in the network.
Automation not only has to collabo- In addition, many components can
Andreas Czech rate more closely with MES, ERP and provide information on the device or
Marketing manager SIMATIC Cloud systems, but must also assume system status via an integrated web
Siemens AG, Nuremberg
tasks in the fields of data processing server – for example, for some years
Germany
and analysis. The once distinct now users have able to access diagnostic
boundaries between automation and data and process data from the CPU via
IT are becoming increasingly blurred, the integrated web server in the Simatic
so that the PLC must also be capable S7-1500 CPU and ET 200SP or ET 200pro
of supporting secure and transparent CPU through the network and a browser.
administration of devices from the IT What is new, however, is that in the
viewpoint as well as the simple course of digitalization, there has been a
integration of production data in an significant increase in the degree of
IT environment. system networking and the spread of IT
functions within the automation level. In
It is only at first glance that the network-
addition, industrial systems no longer
ing of operational technology (OT) and
communicate only with each other, but
IT seems to be a departure from the
increasingly also with higher-level sys-
previously standard architectures in
tems, for example in the field of inven-
automation technology. For some time
tory control, as well as with Cloud-based
now, automation components have
applications.
included functions based on the same
mechanisms and protocols that IT sys-
tems also use.
© Siemens 2020
Accordingly, there is also a growing
demand for standardization and effi-
cient, secure administration and mainte-
nance of network-compatible compo-
nents at the automation level.
Transparent view of the network
One of these requirements is the desire
to gain simple access to all participants
in a network using the IP addresses that
users are familiar with from other areas.
Until recently, this possibility was severe-
ly limited in the field of automation,
since networks are typically divided into
several subnets, whereby direct access
via the IP address is only possible within
one network. For example, the central
controller of a machine can be reached
from the production network, but not
the subordinate automation compo-
nents, although they are also connected
to this PLC via Profinet. For this purpose
a separate connection from the router
had to be set up, making it a relatively By means of IP forwarding, the controller can forward received IP frames to directly accessible IP
complex task to integrate all network- subnets
compatible automation components in a
common device management system.
This is now possible with the current Furthermore, in the case Simatic S7-1500
One effect of this was to complicate
Simatic S7-1500 controllers. As from CPUs, this function can also be combined
central diagnostics or centrally controlled
firmware version 2.8, the controllers with IP accessibility via a communication
updates for the automation components.
can forward IP telegrams from one module such as the Simatic CP 1543-1, so
The configuration and parameterization
integrated CPU Profinet interface to that the OPC UA server of the CPU can
of devices was previously also limited to
another integrated Profinet interface. also be reached via the communication
one (sub)network.
This enables a connection to lower-level module, or can act as an OPC UA client
Such functions will be familiar to users devices to be established without addi- to send data via the CP 1543-1. This
from the IT world, but if they are to be tional hardware expenditure, for diag- means, for example, that production
supported at control level, components nostics and commissioning purposes for data can be read out and forwarded via
such as controllers must support IP example. OPC UA standard communication to
forwarding (routing of IP telegrams). integrate machines into an existing
automation and communication infra-
structure, including a connection to
SCADA and MES systems or Cloud solu-
tions.
Extended options for web-based
diagnostics
Another widespread option for data
access to the controller also comes from
the IT world. Modern automation com-
ponents often already have an integrat-
ed web server, which is used to provide a
wealth of data for system diagnostics
and maintenance: diagnostic buffers,
alarm lists, actual/target topologies,
module states and network information,
especially from the different bus sys-
tems. The Simatic S7-1500 controller’s
web server also supports a wide range of
maintenance functions, such as creating
The new features of firmware version 2.8 are available for all CPU variants of the Simatic and restoring backups, loading new
S7-1500, including the new CPU 1513pro-2 PN which, thanks to its IP65/67 degree of protection, firmware versions and performing wiring
can also be used on the machine itself without a control cabinet tests.
2
© Siemens 2020
Defense-in-depth for networked systems
The increasing networking of OT system, ensuring that any attack is On the one hand, the defense-in-
and IT ensures greater data trans- discovered as quickly as possible depth concept makes things
parency – but also has a downside: and major losses can be avoided. harder for attackers as several
There is also the risk that unau- Network security includes all coordinated security levels must
thorized persons can gain access measures to inhibit unauthorized be overcome. And even if one
to valuable data. In order to pro- access to automation networks single vulnerability can be exploit-
tect systems and plants against and eavesdropping or falsification ed, the attack remains without
attacks and unauthorized access, of industrial communication. One consequence or is limited in its
manufacturers such as Siemens part of this involves a password- impact as other security measures
recommend a “defense-in-depth” protected CPU, authentication of then kick in.
concept based on plant security, communication partners and
More on defense-in-depth:
network security and system secured communication. The
integrity as recommended by current firmware version 2.8 of siemens.com/industrial-security
ISA 99/IEC 62443. Simatic S7-1500 now additionally
supports secure email transmis-
In addition to technical measures,
sion with attachments. System
organizational measures such as
integrity ultimately includes all
guidelines and processes as well as
security measures that serve to
the monitoring of automation
protect automation systems and
systems for anomalies are incorpo-
terminal devices.
rated as protection for the overall
The corresponding functions and infor-
mation can be easily displayed using a
web browser.
Here too, some requirements in this
respect have changed considerably in
recent years. Not only has the amount of
data provided via the web server in-
creased, but the type and utilization of
the data, including visualization, has also
become more diverse. The data should,
for example, also be displayed on mobile
devices, or the contents of a page should
be dynamically reloaded, for example if
the current operating or status data from
several devices or machines is on one
single page. One way to transfer such
data between the web client and the
A JSON RPC2.0 interface facilitates the use of current process values from the automation system
automation level is JavaScript Object in user-defined web pages
Notation (JSON). Data is exchanged
between the applications in an easy-to-
read text form so that developers can compatible with other frameworks such The IIoT migrates to the controller
implement their own website content as Microsoft .Net, Java, GNU Wget or
The next stage in development is already
and evaluations without the need for cURL. In this way, users can utilize
on the horizon: As the core component
special automation knowledge. Since automation data in many other applica-
of automation, controllers will also
data transmission via the JSON interface tions based on web technologies. This
assume the task of a data aggregator
only supports secure communication via applies, among other things, to data
and supplier. This immediately creates
HTTPs, users also gain a certain amount analysis and visualization in MES or
points of contact to Industrial Edge
of security during data transfer (see inset SCADA systems, but also to applications
Computing, which relocates data pro-
box). In addition to the usual browser in the context of the Industrial Internet
cessing from the Cloud closer to the
frameworks, the JSON interface is also of Things (IIoT).
source of data and thus reduces latency
and costs of data transmission, improves
3
© Siemens 2020
The Siemens ecosystem for Industrial Edge Computing supports users in the development, implementation and maintenance of Edge Computing
applications and devices.
the protection of sensitive data and This not only means that numerous Editorial version is published at
simplifies efficient administration of the applications in the field of data analysis SPS-Magazin, edition 2-2020.
networked systems. and process optimization can be imple-
mented but also that very specific tasks
Usually, Edge applications run on sepa-
can be performed in automation
rate PC-based systems. Ideally this
projects. Among other things, this
intelligence should be relocated directly
means that information from different
to the automation level so that data can
bus systems can easily be read out and
be processed where it is created.
modified or that user-specific protocols
Siemens is currently preparing a technol-
can be integrated into the standard
ogy module for Simatic S7-1500, which is
automation. In this way, the PLC assumes
just one example of how the company is
a further bridging function between OT
using Industrial Edge. Thanks to Edge
and IT: As an Edge Device it enables
Runtime, this module facilitates easy
users to combine the advantages of a
implementation of Siemens Industrial
Cloud with the strengths of a local
Edge applications at control system level
solution and brings the IIoT directly into
or realization of users’ own applications
the automation system.
in high-level languages such as C/C++.
Published by For the U.S. published by
Siemens AG Siemens Industry Inc.
Digital Industries
Factory Automation
P.O. Box 48 48 100 Technology Drive
90026 Nürnberg Alpharetta, GA 30005
Germany United States
Subject to change without prior notice
Produced in Germany
PDF 0320
© Siemens 2020
You can also read
