11.

2016 Issue 97
ISSN 1470-5745

The Journal of Industrial Networking and IoT

OPC UA enables sensor to

cloud connectivity 19

Embedded encryption Automotive supplier Lower cost of ownership Evolution of control

down to last meter 8 launches IoT initiative 24 for IoT networks 30 system integration 34

www.iebmedia.com/ethernet n www.iebmedia.com/wireless
 CONNECTS THE WORLD OF
AUTOMATION WITH THE
INTERNET OF THINGS

The WAGO PFC200 – Move Securely Beyond

the Field Level
• High-performance controller with integrated 3G modem and standard Mini-SIM card
• Wireless data transmission over great distances
• GPRS Internet connectivity and bidirectional SMS communication
• Highest security standards via IPsec and OpenVPN
Visit us in Hall 7,
www.wago.com/pfc200 Booth 130

IEB97_p2.indd 2 03.11.1644 10:52

GET CONNECTED… www.iebmedia.com/ethernet n www.iebmedia.com/wireless

Contents
Emergence of OPC UA Contents
The OPC Unified Architecture (UA), released
in 2008, has come into its own in 2016 as Industry news 4
the overwhelming technology solution for
connectivity from the sensor to the cloud. Embedded data encryption down to the last meter 8
By creating a platform independent, service- OPC UA and how it impacts Oil & Gas applications 12
oriented architecture that integrates all the
functionality of the individual OPC Classic
specifications into one extensible framework,
Preemption standard enables high priority frames and traffic 16
OPC UA is functionally equivalent to OPC
Classic but capable of doing much more.
OPC UA industrial networks for digital factory infrastructure 19
Early in 2016, a series of announcements at Smart connectivity transmits data from machines to the cloud 22
the Hannover Fair underlined the reasons
why OPC UA has come so far so fast. As a Automotive parts supplier launches IoT initiative 24
way to connect OT and IT interests, it offers
platform independence (from embedded Exploring fundamentals of automation network efficiency 26
microcontrollers to the cloud), built-in
security features (encryption, authentication Container and microservices cloud architecture and platform 28
and auditing) and extensibility (ability to
continue to add new features). Lower cost of ownership for industrial IoT networks 30
Throughout the rest of 2016, there has been
a series of announcements for companion The evolution of control system integration and networking 34
specifications and working agreements aimed
at technology collaboration and the next Adapting machines to go global with modern industrial networks 37
level of refinements that will create stronger
industrial automation and IoT solutions. One panel PC coordinates 21 robots in manufacturing cell 39
The latest of these was at the AUTOMATICA
trade fair where VDMA Machine Vision Virtual private network for secure remote access 41
(an association of 3,100 machine vision
members) and the OPC Foundation signed Digital wiring devices using Node-RED development tools 44
a Memorandum of Understanding on the
preparation of an OPC UA Machine Vision New Products 45
Companion Specification. The resolution was
preceded by an international study under the Private Ethernet 50
lead of VDMA Machine Vision last summer. It
was aimed at showing which standards are
important to prepare the sector for the future. Industrial Ethernet Book
The next issue of Industrial Ethernet Book will be published in January/February 2017
“We want to make machine vision fit for Deadline for editorial: December 22, 2016 Deadline for artwork: January 13, 2017
Industry 4.0 and for the factory of the future.
We are aiming at straightforward integration Product & Sources Listing
of machine vision systems into production All Industrial Ethernet product manufacturers (not resellers) are entitled to free of charge
control and IT systems via OPC Unified entries in the Product locator and Supplier directory sections of the Industrial Ethernet Book.
Architecture,” said Dr. Klaus-Henning Noffz, If you are not currently listed in the directory, please complete the registration form at
CEO of Silicon Software and in charge of www.iebmedia.com/buyersguide/ to submit your company details.
standardization issues at the Board of VDMA
Machine Vision. Update your own products
If you wish to amend your existing information, login to the Editor section
“Camera interfaces and standards for www.iebmedia.com/buyersguide/register.htm and modify your entry.
communication and networking of various
machine vision components within the system Do you want to receive issues of Industrial Ethernet Book? Call, mail or e-mail your details, or
are already there, tremendously facilitating subscribe at www.iebmedia.com/service/
the work of systems integrators. What is
missing is a generic interface for machine
vision systems at user level,” added Dr. Horst Editor: Al Presher, editor@iebmedia.com
Heinol-Heikkinen, Managing Director of Contributing Editor: Leopold Ploner, info@iebmedia.com
ASENTICS and a VDMA board member. Advertising: map Mediaagentur Ploner, info@iebmedia.com
The fact is that OPC UA has become, or Tel.: +49-(0)8192-933-7820 · Fax: +49-(0)8192-933-7829
certainly is in the process of becoming, the Online Editor: Adela Ploner. info@iebmedia.com
industrial operability standard for information
Circulation: subscriptions@iebmedia.com
integration both at the device level and within
the enterprise. It also looks to be one of the
Published by
enabling technologies that will be required for
the Industrial Internet of Things and Industrie IEB Media, Bahnhofstrasse 12, 86938 Schondorf am Ammersee, Germany
4.0 to reach their lofty goals. ISSN 1470-5745
Al Presher

1 1. 2016 i n d u str i a l e th e r n e t b o o k 3
 Wireless network for high
Industry news

capacity onshore wind farm

Wireless communications system to provide enhanced site security for Pen y Cymoedd onshore wind farm. It
will be the highest capacity onshore wind farm in England and Wales, delivering up to 228 megawatts.

SECURE WIRELESS COMMUNICATIONS will

SOURCE: ABB
connect closed-circuit television (CCTV)
cameras at two new substations being supplied
by ABB for the Pen y Cymoedd wind energy
project, being developed in south Wales by
Vattenfall, a leading European utility.
The full 76-turbine development, for which
ABB is also providing the grid connection
and the related electrical transmission
infrastructure, is due for completion later this
year and will be the highest capacity onshore
wind farm in England and Wales, delivering up
to 228 megawatts.
The two new substations will step up the
voltage from 33 to 400 kilovolt (kV), ready
to feed into a new 400 kV National Grid
substation. Pole-mounted CCTV cameras
around the perimeter fences of both substation
sites will be connected into a highly resilient
wireless mesh network using ABB’s wireless
routers. The two sites will be linked by optical Around the perimeter fences of both substation sites, pole-mounted CCTV cameras will be connected into a highly
fiber and connected to a control station with resilient wireless mesh network using wireless routers. Both sites will be linked by optical fiber and connected to a
a network video recorder to provide recording control station with a network video recorder to provide recording and monitoring.
and monitoring.
“Our advanced wireless network solution will routers are designed to cope with almost any substation automation, control and protection
ensure that data is directed efficiently through physical challenge, a necessity when routers equipment as part of the overall substation
intelligent routers to where there is capacity,” are routinely installed in outdoor locations in solution. ABB’s sMicroSCADA control and
said Massimo Danieli, Managing Director the field. As the network grows, each smart Relion protection equipment, working in
of ABB’s Grid Automation business unit. router will automatically reconfigure itself, combination with a STATCOM (Voltage Source
“This minimizes delays and gives customers making expansion relatively simple. The mesh Converter based reactive power compensation)
real-time visibility and control of their assets network design offers inherent reliability, solution, will be used to control and regulate
and it is another example of ABB’s Internet of as the network can handle any outage by the output of the wind turbines to ensure they
Things, Services and People approach, a key redirecting data intelligently and seamlessly. remain within National Grid’s rigorous power
element of our next nevel strategy.” In addition to the wireless communication quality standards.
Physical and cyber security is critical for system, ABB is also supplying switchgear,
utility communication networks. ABB’s wireless transformers, and IEC 61850 compliant Industry news by ABB.

PLCopen news: SafeMotion, OPC UA client and libraries

TO HARMONIZE SAFETY SOLUTIONS for users,
especially in production environments with
heterogeneous networks, PLCopen started a
working group on SafeMotion, which created
a generic proposal to solve the motion
control safety aspects over the different
networks like ProfiSafe, Safety over Ethercat,
CIP Safety over Sercos, OpenSafety, CC-Link
IE and Mechatrolink, as well as user area’s as
described in OMAC.There are many SafeMotion
related commands, and it makes no sense that
a function blocks is created for all of them
while the functionality is mostly the same.
The documents for “PLCopen SafeMotion”
version 0.99 Release for Comments are
available on the PLCopen website.
OPC-UA client
PLCopen together with the OPC Foundation has
published a new edition of the definition of a
set of function blocks providing OPC-UA client
functionality.
With this functionality on a controller, it
becomes possible to initiate a communication
session to any other available PLCopen OPC-UA
Server. The controller can exchange complex
data structures horizontally with other
controllers independently from fieldbus system
or vertically with devices using an OPC-UA
server call in an MES/ERP system in order to
collect data or even write new production
orders to the cloud. It allows a production
line to be independently active in combination
with integrated OPC-UA Security features.
PLCopen compliant user libraries
To ease the development of user libraries,
PLCopen together with its members created
guidelines on how to create PLCopen compliant
function blocks. Included examples show the
basic code, including an object oriented
approach as provided by the 3rd edition of
the IEC 61131-3 standard.
News report by PLCopen.

4 in d u s t r ial et h er ne t b o o k 11.2016
 Looking at Industrial Ethernet’s
Industry news

role in Chilean miner rescue

Most people don’t know that an Industrial Ethernet switch played a role in the rescue of 33 Chilean miners
back in 2010, in part because of its suitability for harsh industrial environments. The switch, mounted in the
Phoenix capsule, was used to transmit video images back to a control room on the earth’s surface.

BASED ON A TRUE STORY, the movie “The 33”

SOURCE: RED LION

depicts a disaster that strikes when a mine
in Chile collapses on August 5, 2010. In the
movie, as in real life, 33 miners are trapped
underground for 69 days, with more than
2,000 feet of rock blocking their rescue. The
story details the many different strategies and
efforts attempted to free the trapped miners,
as well as their struggle to survive with little
food and water in extremely hot, dark and
humid conditions.
Watching the film reminded me of the actual
event back in 2010 and, what few people may
know, that small industrial Ethernet switches
played a role in the successful rescue mission.
When someone asks me about examples of
unusual applications for industrial Ethernet,
this one is definitely at the top of my list!

Underground rescue
The miners were ultimately reached
underground by drilling a narrow diameter
tunnel down to them, and a rescue capsule
was lowered to where the miners were trapped.
They were removed one at a time using the
capsule, which was risky considering it could
have become stuck in the long tunnel.
The ‘Phoenix’ capsule weighed 924 pounds,
had an interior height of 6 feet 4 inches and
a diameter of just 21 inches. A team of NASA
consultants and Chilean navy engineers helped
construct the device. The tunnel rescue is
actually the setting for the final scene of the
movie. A happy ending indeed as all 33 of the
trapped miners were rescued.
One of Red Lion’s Sixnet industrial Ethernet
switches was mounted in the Phoenix, which
transmitted video images back to a control
room on the surface. The network-transmitted
video feed was used to inspect the rock
In transporting digital data from the field level into a cloud, existing security mechanisms must be applied intelligently.
structure of the tunnel walls and movements
of the capsule, and helped rescue teams get
a better understanding of the conditions that
the Phoenix would be facing in the tunnel.
The camera could look up, down and inside the
capsule so that rescue teams would know what
would happen during its movement. One note
is that, for the actual rescue and transport of
the miners, the switch was removed to help
make the Phoenix as light as possible.
Red Lion worked with local partner
Transworld and donated compact 4-port
Ethernet switch for use in the pod. The switch
that was used endured 95-degree Fahrenheit
temperatures and high humidity to transmit
the video images. A difficult environment,
but one that industrial-grade Ethernet could
definitely handle!
An Industrial Ethernet switch like this
is ideal for this kind of extreme situation
because of its small size and light weight,
high heat and humidity tolerance, and ability
to be deployed quickly and easily.
While it’s too late for a “spoiler alert” to
save revealing the end of the movie, you
already know that all 33 miners were rescued
after 69 days…and now you know that
industrial Ethernet played an important role in
the actual rescue. Rugged industrial Ethernet
switches, which are designed and built to
handle extreme conditions, not only worked
well in the Chilean Miner rescue, but are also
well suited for other harsh environments.
Tracy Courtemanche, Director of Red Lion
Controls.

Phoenix Contact acquires share in Dutch cybersecurity company

Phoenix Contact Innovation Ventures has
acquired a share in SecurityMatters B. V.
The company, based in Eindhoven, is a
leading supplier of cybersecurity solutions for
industrial control systems.
Since its implementation in 2013,
SecurityMatters has distributed the platform
for network monitoring and anomaly
detection, SilentDefense. The application areas
include the power generation, transmission
and distribution, water supply, the area of
infrastructure solutions, chemistry, oil and gas
as well as industrial production technology.
“SecurityMatters offers solutions for the
area of critical infrastructure and Industrie
4.0. Especially in the industrial environment,
there is a great market potential where
cybersecurity solutions are required already
today. The product range of SecurityMatters
perfectly suits the expertise of Phoenix
Contact, especially as regards Industrie 4.0,”
said Marcus Böker, Managing Director of
Phoenix Contact Innovation Ventures.
Phoenix Contact Innovation Ventures has a
minority share in SecurityMatters.
Industry news from Phoenix Contact.

6 in d u s t r ial et h er ne t b o o k 11.2016
 general system pack

www.ethernet-powerlink.org O ve r
3,200
OEMs
Leading manufacturers ...
Countless applications ...
High-quality products ...
... trust in powerlink

IEB97_p7.indd 7 03.11.1644 10:42

 Embedded data encryption
Applications
Technology

down to the last meter

Holistic security requires adherence to three basic principles. Defense-in-depth stacks or layers security
solutions. The minimum need-to-know principle assigns users and processes only the maximum permissible
rights, while redundancy ensures that failure of components does not interfere with safety functions.

SOURCE: WAGO
Encryption of sensitive data (SSL/TLS) during storage and transmission is a prerequisite for effective networking (segmentation/firewall/VPN). But a secure standard configuration
along with user authentication and allocation of user roles are also requirements that typically need to be reviewed regularly in audits.

NETWORKED PRODUCTION OF THE FUTURE will
require reliable automation technology and
secure communication paths throughout the
entire production process. Production data
is considered the most valuable asset of the
automated future – and must therefore be
protected.
In times of Industrial 4.0 and Industrial
Internet of Things (IIOT), automation
solutions increasingly rely on open and
networked system architectures of standard
components. Ultimate productivity gains
are finally made possible by the transparent
access to the production data. However,
maintenance, service and legal documentation
requirements for complex systems can or
should not be provided by on-site personnel;
remote access is necessary. The resultant cross-
linking of functional units results in increased
safety requirements and applies not only to
spatially limited industrial plants, but also
to distributed systems of energy technology.
Growing requirements
Against this background, automation systems
are exposed more than ever to the “dangers”
of the IT world. Any security breach can
have fatal consequences for companies and
employees.
In the summer of last year, the German
federal government adopted an IT security
measure, which is aimed primarily at critical
infrastructure operators (KRITIS). In addition
to regular security audits, it also reports
the reporting of IT security incidents to the
Federal Office for Information Security (BSI).
In addition, the IT baseline catalogs define
possible scenarios and protective measures
based on ISO 27002.
These, in turn, build on the various industry-
specific policies and recommendations
that require companies to ensure the
confidentiality, integrity, authenticity, and
availability of data. These regulations also
increase the requirements for manufacturers
of automation technology and present them
with new challenges.
Holistic security
In order to build a secure system architecture,
three different basic principles must be
considered. The “defense-in-depth” concept is
about stacking or layering security solutions so
that in case of circumventing another layer,
another protection still provides protection.
The “minimum need-to-know” principle
assigns users and processes only the maximum
permissible rights. The “redundancy principle”,
in turn, relies on technologies to ensure that
the failure of individual components does not
interfere with the safety functions.
It is also intended to minimize the
impact of an unrestricted requirement for
system resources. Concrete technical and
organizational measures are, among other
things, the lasting basic protection and system
hardening by means of “patch management”
(update capability) as well as the long-term
availability of the operating systems.
Encryption of sensitive data (SSL/
TLS) during storage and transmission is
a prerequisite as well as a corresponding
network concept (segmentation/firewall/
VPN). A secure standard configuration and
user authentication as well as the allocation
of user roles are also part of the requirements
catalog. These measures and processes are
typically reviewed regularly in audits.

8 in d u s t r ial et h er ne t b o o k 11.2016
IEB97_p9.indd 9 03.11.1644 17:16
 Adequate solutions

SOURCE: WAGO
Applications

Today, WAGO already fulfills all relevant

Technology

guidelines in the area of IT security and even

a large number of the requirements from the
BDEW white paper for applications in the field
of energy and water supply, which are part of
the “critical infrastructure” (KRITIS).
The controller family PFC 100 & 200 from
WAGO takes these developments into account.
They are characterized by a cross-platform
real-time Linux, which is available as an
open-source operating system, is scalable and
updateable, and supports tools such as Rsync,
Fail2Ban and virus scanners. Various interfaces
and fieldbuses such as CANopen, PROFIBUS DP,
DeviceNet and Modbus-TCP can also be operated
independent of the manufacturer. There are
different requirements for the level of a safety
solution, depending on the application and
the risk analysis. The WAGO-PFC family is in
any case designed to implement the currently
highest safety requirements according to ISO
27002. It provides onboard VPN functionality
based on the so-called Strongswan package,
a secure communications solution for Linux®
operating systems. In addition, the data can
already be encrypted in the controller using
SSL / TLS-1.2 (Secure Sockets Layer / Transport
Layer Security) encryption.
A VPN tunnel is then built directly over
IPsec or OpenVPN and transfers the data, e.g.
to the cloud. While IPsec encrypts to operating
system level 3 or Layer 3 of the OSI layer In transporting digital data from the field level into a cloud, existing security mechanisms must be applied intelligently.
model, OpenVPN ensures data integrity on To avert damages that could hurt the company and also gain competitive advantages, it is essential that data is
exchanged and stored securely at all times.
the application layer (Layer 5). This results in
tamper-proof and tamper-proof communication
connections between the controllers and be optimized with analysis methods from the automation capabilities. Finally, the core
network access points. An upstream VPN router big data environment with little effort. of the “Industrial Internet of Things” is to
is no longer required. When communicating use data in a profitable way and to generate
with a PFC100 or 200, an encrypted LAN / WAN Real added value sustainable added value for the company.
connection can be established, the contents Data analytics tools play a crucial role in the However, if you want to achieve this goal, you
of which can only be understood by the two data flow. With the aid of the data collected should consider the necessary measures to be
endpoints. Connections are established only at the field level, they are able to predict taken in IT security.
after successful authentication. An encryption plant and thus production losses in terms For the transport of digital data from the
method is used with pre-shared key, in which of predictive maintenance by, for example, field level into a cloud, the existing security
the keys must be known to both parties prior calculating the wear of certain machine mechanisms must be applied intelligently, not
to communication. This method has the components. least if cloud connections as a complement
advantage that it is easy to realize. This minimizes costly plant failures. In the to the existing automation system
future, such an application can, for example, pre-communicate with a large number of the
Convincingly versatile predict that a certain part of the production protective mechanisms, which in the sense
The controllers of the PFC family can also plant has to be exchanged in three months of “defense in depth” solutions, have been
be used as scalable nodes, which can be thanks to data analytics. The higher-level set up, such as access control, authorization
retrofitted with already existing automation automation system then detects which part is concepts and firewalls. To avert damages from
systems without having to interfere with involved, asks the manufacturer for the current the company and gain competitive advantages,
the actual automation process – the data is delivery time and orders the spare part fully it is essential that data is exchanged and
collected in parallel and can be sent to the automated. stored securely at all times.
cloud, for example via MQTT or OPC UA are Particularly in applications in which plants In the future, this will only be achieved
sent. The user is thus in a position to monitor are operated continuously, such a development by means of a comprehensive IT security
systems adaptively and preventively. Plant is of great relevance - for example in automated concept, which corresponds to the individual
operators have the opportunity to keep an production lines in the automotive industry or requirements of the company in the sense
overview of their production facilities and to in the process and food industry. of a “security by design” principle both
optimize the processes step by step thanks to for processes in the company as well as in
their cloud capability. These complex processes Rethinking-Security production.
can not only be captured and visualized, for Integrated automation solutions will therefore
example by Smartphone or tablet, but can also have to have functions that go beyond mere Technology report by WAGO.

10 in d u s t r ial et h er ne t b o o k 11.2016
Improve reliability, product quality and energy optimization in the facility at a
fraction of the time and cost of wired solutions.

Visualize & Integrate

Software package provides tools to visualize,
analyze and alarm from multiple devices; integrates
with cloud computing and loT platforms

Communicate
Wireless gateway collects sensor data
and delivers to servers

Gather
Wireless, battery operated sensor nodes
monitor temperature, humidity and air pressure

)
!ovides highly reliable environmental monitoring )
%!"
$rate time-stamped data collection for improved
via wireless mesh network with redundant pathways analytic accuracy

)
"
"#

"'
oyment and maintenance with ) "$res data and network security with 128-bit and 256-bit
complete kits featuring wireless technology encryption, authentication and network access control

)
$"
#
"#"

overhead by allowing
inter#

$
#

"
#!$

"

ress premise or in cloud

IEB97_p11.indd 11 03.11.1644 11:01

 OPC UA and how it impacts
Applications

Oil & Gas applications

OPC UA’s object- and service-oriented architecture is enabling interoperability with other platforms. For
exchanging information in offshore oil and gas production, the ability to collect and analyze exponentially
growing sets of data is at an unprecedented level, due to wide adoption of Big Data.

OPC UNIFIED ARCHITECTURE is an important

SOURCE: ICONICS
building block that enables users to build
the next generation of automation software
solutions.
The result of a multi-year collaboration of
industry leaders that built an open standard
for exchanging information in a rich, object-
oriented and secure fashion, the key to
the success of the OPC UA standard is that
it represents the answer to a fundamental
need for mapping and exchanging real-life
information in an object-oriented way.

Object-Oriented
The information carried within an object is far
richer than the information carried with simple
raw data, as many automated applications were
designed to process. Rather than analyzing a
single, isolated row of data, however, it’s far
more interesting to analyze the data in terms
of its relationship with other data and in terms
of the operation that can be performed.
Any real-life object carries a tremendous
amount of information within it. For example,
when thinking in terms of objects, the
information carried by an “oil tank” object
is far superior to the simple combination of
individual row data for pressure and tank level.
A physical oil tank is an object that plant
operators can physically interact with by filling
or emptying, by changing a reference pressure
set point or by analyzing how a change of a
parameter affects the others. This information As the scale of Oil and Gas operations continue to expand, managing and extrapolating meaningful relationships from
is logically grouped and must be analyzed all process will only become more and more complex.
together.
In software terms, an object is a collection
of properties (pressure and tank levels), Service-oriented solution Impact on Oil & Gas Industry
methods (fill or empty) and events (tank level OPC UA has a dual nature: it is object- Over the past decade, software vendors have
is too high, pressure is too low). Objects are oriented and it is service-oriented. The used object-oriented and service-oriented
organized in hierarchies in such a way that an service- oriented nature of OPC UA allows for architectures to design products that are
object can contain simpler, smaller objects as broader interoperability with a range of other both scalable and reliable. However, these
properties (the valve of an oil tank can, itself, platforms, as well as for increased visibility successful architectural models only recently
be an object that exposes properties, methods and security. started to be used for the exchange of
and events). When thinking in these terms and Communication over a network has information in offshore oil and gas production.
operating parameters, it’s clear how beneficial always been a potential security risk. OPC More recently, the ability to collect and
it would be to map the data of a tank farm into UA security involves the authentication of analyze exponentially growing sets of data is
a hierarchy of objects. clients and servers, the authentication of at an unprecedented level, due to the wide
The object-oriented nature of OPC UA users, the integrity and confidentiality of their adoption of Big Data. At the same time, mobile
software technology enables re-usability communications, and the verifiability of claims devices are transforming the way people
of assets across on-shore and off-shore of functionality. The OPC Unified Architecture interact with the environment, connecting to
operations and provides a common object security model secures communications, while a tremendous amount of information anytime,
management method to support complex and its encryption ensures that data security is anywhere.
flexible data models. held to the highest standards. As the scale of Oil and Gas operations

12 in d u s t r ial et h er ne t b o o k 11.2016
NEW
ix Industrial Series
Rugged, Compact and High-Speed I/O Connectors
provide Ethernet connectivity solutions for Industry 4.0

Security System

PLC
FA Camera

Motors & Drives Industrial Robots

70% space saving vs RJ45

Consider replacing the RJ45 with the new ix Industrial series

With a 70% size reduction compared to a conventional RJ45, the new ix Industrial connector provides more
connections in less space on the PCB - space that can now be used more efficiently. The robust metal lock prevents
accidental disconnection of the plug from the socket, reducing the downtime of industrial equipment.
Cat.6A High-Speed, 10Gbps performance supports Ethernet connectivity in compliance with IEC/PAS 61076-3-124.

Hirose’s core technologies in miniature connectors offer you a clear commitment for a new standard of Ethernet
connection suitable for Industry 4.0 applications.

CONNECTING THE FUTURE

www.hirose.com/eu
info@hiroseeurope.eu
IEB97_p15.indd 15 29.10.16 11:00
 increase, managing and extrapolating

SOURCE: ICONICS
Applications

meaningful relationships from data will only

get more complex. In addition, the need for
remote access to data and remote collaboration
will increase along with the number of widely
dispersed assets and mobile workers.
With mobile solutions now able to connect
to OPC UA, BACnet, SNMP, Modbus TCP/IP, Web
services and more, there is unlimited potential
gain in tapping into the Industrial Internet
of Things. With simple connectivity, mobile
devices are enabling operators, field service
workers, managers, executives and others in
the industry to securely visualize oil fields,
offshore rigs, pipelines and refineries. Anyone
with a mobile device can use best in class apps
to remotely monitor assets, instantly access
operational key performance indicators and
respond to alarms and alerts in real time.
Slowly, but surely, the industry has
adopted real-time monitoring and wireless
communication systems, experiencing
significant gains in efficiency, safety and cost
savings. Recent advances in mobile technology
spark change in how quickly the industry
adopts and leverages products that software
vendors now provide.

OPC UA standard
OPC UA does not replace existing standards
such as OPC, but rather complements them
by providing a common interoperability
layer for exchanging information and
orchestrating processes. OPC UA embodies all
the functionality of the existing OPC servers
and allows for backward compatibility with
previous standards.
One of the key problems with standards of
this magnitude is that implementing them
can be quite challenging. The OPC Foundation
has taken many steps to guarantee that the
implementation of the standard would be a
relatively straightforward and easy process.
To facilitate the adoption of the new
standard and to reduce the barrier to entry, the
OPC Foundation developed an OPC UA software
development kit (SDK). The SDK is the entry
point to jump-start your existing applications
and make them OPC UA-enabled. The SDK
consists of a series of application programming
interfaces and sample code implementations.
To that end, the UA specification is written
to be platform- agnostic and, for that reason,
the SDK comes in different flavors to facilitate
adoption on different platforms. The .Net,
ANSI C and Java sample implementations are
provided to OPC Foundation members.
Each “flavor” of the SDK is designed to fit
special needs in terms of platforms, memory
and processor requirements, but they are all
capable of seamless interoperation with each
other. The .Net version of the SDK is more
suited for rich client/server implementation,
while the ANSI C version is more suited for
thin implementation for embedded devices,
Since mobile solutions are able to connect to OPC UA, BACnet, SNMP, Modbus TCP/IP, web services and more. Use
of mobile devices is enabling operators, field service workers, managers, executives and others in the industry to
securely visualize oil fields, offshore rigs, pipelines and refineries.
where memory footprint and CPU utilization
are more important. The Java implementation
is more suited for the Web environment and
thin clients, but can also be used in other
environments. Each software vendor can
pick the implementation that they prefer,
depending on the unique requirements for
performance, cross-platform capability and
Internet- friendliness.
In addition to the SDK, the OPC Foundation
has also provided a series of binary adapters.
The adapter can be used to grant direct access
to all legacy COM-based OPC servers from the
OPC UA Client. Simultaneously, the adapter
can also be used to grant access to a subset of
OPC UA server features from legacy OPC clients.
Compliance tools
Software programming is not an exact science.
Even with the availability of the OPC UA SDK
sample code, there is still room for errors
such as misinterpretation of the specification
or simple coding errors. So how do you
reduce the number of errors and guarantee
an unambiguous interpretation of the
standard? How do you ultimately guarantee
interoperability between software produced by
different vendors?
To facilitate the successful adoption of OPC
UA solutions, the OPC Foundation introduced
a series of compliance tools aimed at verifying
that a given product is fully compliant with the
standard. Software vendors can submit their
applications to independent test companies
that will certify the compliance with the
standard using the compliance tools. Having
a certified solution guarantees reliable data
exchange between applications from different
vendors, and is beneficial for everyone.
The OPC UA SDK enables software vendors to
quickly move information horizontally between
devices on different industrial networks from
different vendors, as well as vertically from the
plant through the enterprise of multi-vendor
systems – with stops in between.
Several leading suppliers have partnered to
provide end-to-end solutions that leverage
the OPC Unified Architecture to deliver value
to end-user customers. In April 2013, OPC
UA was selected as the protocol standard for
Master Control Systems (MCS) and Distributed
Control Systems (DCS) in offshore oil and gas
production.
The MDIS (MCS-DCS Interface
Standardization) network chose OPC UA for
its robustness and reliability, to securely
transfer data and ensure that the data is of the
highest quality. Interest in these technologies
continues to increase, ensuring that OPC UA is
on the road to success as the leading standard
for exchanging information throughout the
enterprise for the Oil and Gas industry.
Technology report by Iconics.

14 in d u s t r ial et h er ne t b o o k 11.2016
IEB97_p15.indd 15 03.11.1644 15:25
 Preemption standard enables
Technology

high priority frames and traffic

A new IEEE standard allows high priority frames to interrupt low priority frames in transmission, and
minimizes the latency of high priority traffic. For industrial control systems, it also can further enable the
convergence of multiple networks that use differing technologies into a single Ethernet and IP infrastructure.

A NEW ADDITION TO THE ETHERNET STANDARD,

SOURCE: AVNU ALLIANCE

Preemption (IEEE 802.1Qbu/802.3Qbr), from
the Institute of Electrical and Electronics
Engineers (IEEE) allows a high priority frame to
interrupt a low priority frame in transmission,
minimizing latencies in the high priority
traffic. In Industrial Automation Control
System (IACS) applications, preemption can
further convergence of multiple networks of
differing technologies into a single Ethernet
and IP infrastructure, enabling self-organizing
plant operations and order controlled
production. By highly decreasing the impact
of lower priority traffic on important traffic,
both types of traffic can be mixed on the same
link. This technology could also further allow
the spread of Ethernet for in-car networks and
replacement of previous in-car networks used
for critical control, bringing the autonomous
car closer to mass market.
A switch supporting quality of service
Traffic generator creates priority and best-effort traffic. Switch A to Switch B sends preemptable traffic. A traffic
implements multiple egress queues on each
sniffer is used to validate preemption correctness. The traffic analyser measures overall traffic latency.
port, placing incoming frames into one of
these queues based on each frame’s quality of
service tag. When an egress port has finished Express MAC for transmission on the media high priority frame to transmit and wants to
transmitting a frame, it selects the frame from and a frame is currently being sent from have it transmitted as soon as it is ready. This
the highest priority queue with an outgoing the Preemptable MAC, then the MAC Merge can yield an even lower maximum latency in
frame stored for transmission. Because all of sublayer decides whether to interrupt the controlled environments, for instance when
these queues are serviced by a single Media frame in progress. If interrupting the frame frames are ready at predictable intervals.
Access Control (MAC), once started, a switch in progress will still yield valid sized minimum In an IACS, best effort networks are often
cannot abort or interrupt transmission of a segments for both the current transmission designed around the modelled worst case
frame, even when a frame becomes available and for the remaining portion of the frame delay from message transmission to receipt
on a far higher priority egress queue. data, then it will interrupt the frame in through the network. The biggest variable in
progress by sending a 4-byte checksum. This this equation is presence of PC-centric traffic
MAC sublayers share link will indicate to the link partner that the frame on the network. Quality of Service mitigates
At its core, preemption allows two different is not complete. significant proportions of this risk through
MAC sublayers to share a single link. The After the minimum recovery period, 96 bit implementation of high priority queues, but
MAC sublayer is responsible for enforcing times, the station may then send the frame there remains a risk of a time critical packet
frame transmission and reception rules for from the Express MAC. If nothing else is to becoming available in an egress queue shortly
the Ethernet media. This is achieved by the be transmitted after waiting the minimum after the switch starts to service a lower
addition of a MAC Merge sublayer below these recovery period, the continuation of the priority packet. At 100MBps the maximum
two MAC sublayers to both direct received interrupted frame may be sent. In this way, Ethernet frame size is 1,518 bytes with a
traffic to the proper MAC and coordinate the effective maximum latency of a link can transmission time including Preamble, SFD
the transmitting of frames from both MAC be reduced for Express traffic as it becomes and inter packet gap but excluding VLAN
sublayers onto the link that they share. This no longer necessary to wait for longer frames tagging, of 123.04µs.
allows one MAC - an Express MAC - to carry already in progress. Frames of 124 bytes or Let’s work through an example. Say a high
higher priority traffic with a lower maximum larger can be preempted depending on the speed packaging machine with 9 axes where
latency, while the other MAC - a Preemptable supported minimum of the receiving station. application demanded communication rates are
MAC - is used for frames where latency and This technology can also be used to largely a factor of the mechanical bandwidth
delay is less of a concern. Frames from the inhibit the Preemptable MAC from beginning of gearboxes, transmission belts etc. Each
Express MAC are always given priority to the transmission, even if no frame is currently 1ms, a high priority frame of 150bytes (typical
media over other traffic. ready from the Express MAC. This can be useful in IACS applications) is transmitted. It has
If a frame arrives from higher layers at the if the system is aware that it will soon have a a transmission time of 12.64µs (@100MBps)

16 in d u s t r ial et h er ne t b o o k 11.2016
 Engineer a Better Network
Introducing the industry’s first field-hardened
SDN-enabled Ethernet switch.
Today’s power system engineers need the convenience of Ethernet combined with
low latency and fast healing to support mission-critical substation applications.
The SEL-2740S Software-Defined Network Switch and SEL-5056 Software-Defined
Network Flow Controller provide an innovative solution that employs software-defined
networking (SDN) to enhance the dependability, performance, configuration, and
management of proactive OT and dynamic IT networks.

Engineer a better network—it starts with the SDN-enabled SEL-2740S.

• With failover times of less than 100 microseconds, ensure the performance of
mission-critical applications under all conditions.
• Simplify the design, testing, and implementation of critical power utility and
industrial OT networks by using the SEL-5056 Flow Controller.
• Strengthen cybersecurity through deny-by-default network access control.
• Seamlessly integrate with existing network infrastructure through OpenFlow 1.3
standard support.

Order your evaluation system to see the advantages of SDN for yourself.
For details, visit www.selinc.com/betternetwork.

IEB94_p9.indd 9 29.04.1617 12:20


Technology
802.3 Ethernet with Preemption disabled (left). 802.3br Ethernet with Preemption enabled (right).
and must be delivered from server to client
within a maximum time of 250µs. Its worst
case transmission time (through a two layer
star network and excluding switch latencies),
must be considered to be 135.68µs because of
the possibility of a low priority maximum size
packet being serviced just before the higher
priority packet becomes available.
Not a problem, except that IACS applications
are characterized by a very large number
of servers connecting to a single client. In
this example, how many servers can transmit
‘simultaneously’ and still meet their timely
delivery requirement? The simple answer is
determined by the maximum delivery time
minus the worst case interruption all divided
by server transmission time, in this case: (250
– 123.04)/12.64. The result is 10.04, but the
number of devices must be an integer, so a
maximum of 10 devices can be serviced. In
this worst case example, the next 750µs has
no network traffic.
Now apply preemption, where every 124
bytes the maximum size packet can be
Evaluate validate preempted traffic format. Compare express and preempted traffic latency and jitter.
18
pre-empted – i.e. every 11.44µs the packet can
be pre-empted. Now the IACS designer only
needs to consider a worst case interruption of
11.44µs. The calculation is the same, but the
answer is very different: (250-11.44)/12.64 =
18. For the IACS, the effective bandwidth of
the network has been increased by 80%. In
a linear network, as the number of switches
that the packet must go through grows, the
cumulative effect and benefit increases.
In this example the benefit to the IACS
of scheduling are only incremental because
elimination of the last 11.4µs only results
in adding 1 whole device to the network.
However, looking at the same equation, but
from the perspective of the lower priority
packet, the worst case delay must assume that
all 18 IACS devices transmit simultaneously
and all interrupt its progress. The additional
delay of waiting to send after eighteen 150
byte frames would be 244.8µs. If this cannot
be accepted then additional techniques, like
scheduling, must be applied to ensure that
start points of transmissions are appropriately
SOURCE: AVNU ALLIANCE
in d u s t r ial et h er ne t b o o k
SOURCE: AVNU ALLIANCE
sequenced. For data streams, like video
streaming, this size of delay will not be visible
to the user. Similarly, if there are multiple
high priority streams from multiple disciplines
traversing the network, then preemption alone
may not allow the designer to guarantee all
maximum latencies are met and it may be
necessary to implement further enhancements
like scheduling.
In this sample Industrial Automation
Control System application, moving to Gbps
offers a greater reward. It reduces all of the
transmission times by a factor of 10, but it
does not change the fundamental dynamics
of the mechanical system so the application
driven packet rates do not change. Applying
the same mathematics (maximum delivery time
– worst case interruption)/(server transmission
time) shows the maximum number of devices
that can be on a network without preemption
is 188, and with is 196; this is only a 4%
improvement.
This migration to Gbps is not practical for
many systems; in brownfield, retrofit and
high electromagnetic noise environments,
preemption (and scheduling) may be far more
easily deployable.
A public demonstration showing
interoperability and benefits of using
preemption was shown in the Avnu Alliance
booth at the 2016 IEEE-SA Ethernet & IP @
Automotive Technology Day by three member
companies that play roles in the automotive
and industrial ecosystem: test tool supplier
(Ixia), silicon supplier (Renesas) and
conformance test provider (University of New
Hampshire Interoperability Lab).
The Avnu Alliance is a community building
an ecosystem for diverse applications where
precise timing is critical to moving data
across today’s crowded networks. The Alliance,
in conjunction with other complimentary
standards bodies and alliances, drives
ecosystems built on open standards in
professional AV, automotive, industrial control
and consumer industries.
Paul Brooks, Business Development at Rockwell
Automation, Peter Scruton, Manager, Embedded
Systems Technologies at The University of
New Hampshire InterOperability Laboratory
(UNH-IOL)and Bogdan Tenea, Product
Specialitist at Ixia.
11.2016
 OPC UA industrial networks for

Technology
digital factory infrastructure
To achieve a complete integration of the IT and automation infrastructures, from sensors to the cloud, the
OPC UA unified architecture is a vital technology. The goal is end-to-end engineering that unites product
design and production engineering, and creates a new level of performance for flexible automation systems.

SOURCE: SIEMENS
Flexible
Technologies

Automation
End-to-End Semantic
Engineering Integration of Data

Digital Infrastructure
Processes

Sales /
Inbound Outbound Services
R&D Engineering Production
Logistics Logistics

The essential technology areas of the digital factory require a common digital infrastructure.

THE INTEGRATION OF DIFFERENT SYSTEMS
into an IT or automation infrastructure is
complicated because there are no standardized
interfaces and protocols. So what sort of
communication architecture is required for
networking the ten-thousand devices in the
digital factory? In this respect, industrial
networks and the OPC Unified Architecture
are regarded keys to the digital infrastructure.
The extent of the challenge becomes clear
when one considers the application scenarios
in the digital factory in closer detail. These
can be divided into three areas. Firstly, the
end-to-end engineering means that the data
from product design can be used for the
production engineering, to create control
programs, for example.
This enables different aspects of an event to
be recorded and developed in a standardized
data model, which simplifies changes, helps
to avoid errors, and considerably reduces the
engineering times, including the time required
to implement production.
Secondly, flexible automation is aiming to
resolve the (apparent) contradiction between
flexibility and automation, in order that a
variety of products can be manufactured in
the same plant. Collaborative robots, which
assist their human colleagues, are one
example of how the consistent performance
capability and precision of a machine can
ideally complement the human capabilities of
handling complex and dynamic situations. This
aspect includes such new production methods
as 3D printing. And thirdly, with the collection
and integration of data across the entire life
of a machine, new services become possible,
for maintenance purpose, for example.
Vertical and horizontal integration
Present-day solutions usually follow a typical
“automation pyramid” pattern. In other words,
the individual layers, from the sensor, via the
controller and HMI level, to the MES and ERP
system, are hierarchically constructed and
often permit no direct access from the top level
systems to the layers further below – unless
explicit routing through the intermediate
layers is provided for this purpose.
The digital factory, on the other hand,
emphasizes the horizontal integration (that
is, between components on the same level)
and the vertical integration (communication
between layers) of the communication levels.
On the one hand, this breaks up the previously
rigid cellular organization in the digital factory
(for example, by means of freely mobile,
autonomous robots); the machines therefore
need an information infrastructure that is no
longer organized on a strictly hierarchical
basis, but takes into account the respective,
dynamically changing environment.
The integration of data as a source of
information for analytical, data-based
services leads, on the other hand, to the
breakup of the horizontal layers. Because in
order, for example, to gain new insights for
predictive maintenance, a high density of
data is necessary at all levels, starting with
design and engineering, through quality data
in production, to sensors that deliver their
measured values to the IT systems (cloud)
when a machine is used.
Under certain circumstances, this data is
not relevant for the PLC that controls the
production machine, or would misuse the
resources of the controller for data routing
exclusively. It is therefore reasonable that,
although the sensors act on the one hand as a
source of information, on the other hand they
deliver their results directly to the data pool
in the cloud in different cycles, resolutions or
with different measured values.
Ultimately, such as digital factory may be

1 1. 2016 i n d u str i a l e th e r n e t b o o k 19
 SOURCE: SIEMENS
Technology

Different aggregation levels and a factory backbone in a ring structure form the “Industrial Network Topology“.

imagined, not as an unchangeable system,
but rather as an organism that continually
adapts itself (autonomously or by means
of engineering) to the new requirements.
Accordingly, such an architecture must be
flexible and easy to maintain, in order that
the complexity can be intelligently mastered.
a network topology. On the one hand, this
permits fast communication between the
devices in the individual cells and, on the
other hand, it ensures a high-performance
link between office network and the various
sub-areas.
In order, however, to meet the aims and
requirements of the digital factory, an
end-to-end network topology is simply not
enough. What is required is a communication
protocol that is open and standardized,
provides sufficient semantic information and

SOURCE: SIEMENS
Demands on the data networks
The communications infrastructure that is
necessary as a basis for the architecture
outlined must therefore satisfy different
requirements. On the one hand, properties
such as the use of open standards, availability,
quality of service and, above all, security
are demanded that already characterize an
Industrial Ethernet today. As on the other
hand, however, the connection to IT systems
for data-based services and an increased
transparency across all levels are required, a
link between office and production networks
is necessary.
Although this ensures the performance in the
Industrial network by means of safeguarding
mechanisms, it nevertheless permits access to
all layers, devices and components. This points
to the use of different aggregation stages and
the introduction of a factory backbone as With the CP 443-1 module, Siemens supports the OPC UA architecture for Simatic S7 400 automation system.

20 in d u s t r ial et h er ne t b o o k 11.2016
translation options, is easy to expand and client and server functionality of OPC UA. In it is no longer to be a matter of technical
maintain, offers maximum security in various this way, other systems can access the data parameters, such as the transmission power

different versions, and also has memory and
processing requirements that are low enough
to be implemented on small devices.
Communication for digital factory
The answer to these demands is the Unified
Architecture protocol of the Open Platform
Communications Foundation (OPC UA). The
most important thing about OPC UA is that
it is not only a protocol, but also a complete
architecture that provides software stacks
suitable for the transmission definition for
device and software suppliers, as well as
engineering tools for the system integrators.
In this way, OPC UA offers major advantages.
Firstly, the information model ensures
that all data is transmitted on a type-safe
basis. Even complex data types (structures)
are possible. Apart from the exclusively
areas of the Simatic S7 400 CPU, previously
released in the engineering phase, via the
standardized interface. Thanks to this module,
existing plants can be retrofitted with OPC UA
communication options.
Until OPC UA can be used as an integrated
communication architecture, however, further
standardized tasks must be completed, as
some areas of industrial communication are
not yet fully covered.
For example, on the level of the sensors,
only a few series of devices, or technologies
such as radio frequency identification (RFID)
systems, are specified for OPC UA. In addition,
definitions are required at a higher level if
Technology
of an RFID reader, or the access to process
data exclusively. Instead it will be necessary,
to standardize functional characteristics
according to industry and application which
correspond more with the engineering context
of the plant engineer and less with that of the
software designer.
Yet, apart from these future tasks, OPC UA
today is a unique communication architecture
in terms of its scope and is indispensable for
the vertical and horizontal integration within
the digital factory.
Markus Weinländer, Siemens AG, Digital Factory/
Process Industries and Drives

MORE
data values, OPC UA also transmits semantic
information between the communication
partners. As the architecture functions on an

IIoT
object-oriented basis, the semantics are woven
into an object context – thus comprising
more than just a “speaking” identifier, but
always referring to the overall object with its
properties and methods.
Function calls via the network permit
a certain amount of control over the
communication partner. Finally, events
Data.
are supported as ad-hoc communication or
message brokers for the connection to the
Processes.
cloud. Devices.
The fail-safe nature of the implementation
is enhanced by interfaces that introduce their Locations.
specification to the engineering environment
(browseable interfaces). For each device,
a description file can be imported into the
engineering or read from the device available
online that offers a detailed specification of Red Lion has been connecting devices and moving data for
the interface. years, enabling customers to easily advance to the Industrial
Internet of Things (IIoT). Our IIoT-ready industrial automation
The correct use of the interface in the user
and networking products:
program is ensured by the development tools.
Another key point is the protection against • Connect: Extend equipment lifespan with protocol conversion
unauthorized access. As a defense mechanism, • Monitor: Improve process visibility with visual management
for example, OPC UA uses X.509 certificates • Control: Push control to the edge with remote monitoring
and corresponding security protocols. • Network: Expand network reliability with industrial Ethernet
For actual use in different applications, Learn more today at www.redlion.net/moreIIoT
industrial associations collaborate with the
OPC Foundation on “Companion Specifications”
that supplement the standards of OPC UA
for a specific domain. One example is the
collaboration with PLCopen, in which the
shared block and access procedure for data
has been defined in a programmable logic
Hall 8 Booth 427
controller (PLC). Hall 3.1 Industry Forum 4.0
Suppliers such as Siemens integrate these
mechanisms to enable the integration based
on OPC UA of the controller, for example, Connect. Monitor. Control. I www.redlion.net
with devices from other manufacturers or © 2016 Red Lion Controls, Inc. All Rights Reserved.
with PC/IT systems. For example, the CP 443
1, which is used as a connection module
in the Simatic S7 400 system, supports the

1 1. 2016 i n d u str i a l e th e r n e t b o o k 21
 Smart connectivity transmits
Applications
Technology

data from machines to the cloud

Connectivity solutions need to be smaller, more powerful and smarter for Industry 4.0 and the IoT to
succeed. Connectors will become active players in passing more information such as energy consumption over
networks. But ultimately, process data needs to be aggregated, enriched and analyzed in IT systems.

WHILE A WEALTH OF MACHINE DATA is already

SOURCE: TE CONNECTIVITY
available today at field level, extracting this
data is often not possible. TE Connectivity
(TE) is therefore currently developing smart
connectivity technology that will bridge the
world of automation and IT. Pilot projects in
the company’s own factories have shown that
productivity can be increased cost-effectively
by adopting this approach.
Connection technology not only has
to become increasingly smaller and more
powerful in the course of factory digitalization
associated with Industry 4.0 and the Internet
of Things (IoT); it also has to become
smarter. In other words, components such as
connectors will become active players that,
for example, pass on information on energy
consumption in a network. To ultimately gain
a detailed insight into the processes, the data
has to be aggregated and enriched so that it
can be analyzed in IT systems.

Proof of practicality
The pilot projects carried out by TE, which
delivered a significant improvement in
overall equipment effectiveness (OEE) – what
previously took a year was achieved within
three months – revealed that the first step is to
establish a digital infrastructure in factories.
Apart from standardizing Manufacturing
Execution Systems (MES) and extending the
network infrastructure, this also includes
connecting machines to IT systems. Obstacles
have to be overcome in the implementation;
something which applies not only in TE
factories but more or less in all factories. For
example:
While larger systems, such as stamping
machines, are connected to a network and
hence also to an MES or SCADA system
(Supervisory Control and Data Acquisition),
many peripheral machines, such as reelers
which roll and unroll reels, are not. Only a
fraction of the information available in the
machines is also actually available for analysis–
according to findings by TE, on average only
five percent of sensor data is processed in
the controllers. Significant effort is required
to access the remaining data, ranging from
reprogramming controllers through to
extending the capacity of the network.
The machine data models are generally
not uniform, which is why they have to be
adapted individually. More than 60 percent of
According to findings by TE, only a fraction of the information available in machines is also actually available for
analysis. On average, only five percent of available sensor data is processed in the controllers.
the costs in the pilot projects were consumed
by manpower that had to be invested in order
to interpret and structure the data. Apart from
the huge costs that this inevitably entails,
the ability to roll out such solutions is also
limited by the availability of employees with
the necessary skill set of production and IT
know-how.
In blunt terms, automation technology and
IT are two very different things. The former
is based on deterministic processes and uses
software that has to survive the entire lifetime
of a machine, based on quality-driven methods
such as the V-Model.
The software in the digital factory, on the
other hand, will change constantly, owing to,
for example, new functionalities or security
updates; these are gaining in importance as
production processes become networked with
the cyber world. This evolution simply cannot
be achieved with deterministic machine
control solutions.
Comprehensive analyses
There are various options for integrating
participants in a network and recording,
transmitting and analyzing a variety of
data, without the costs necessarily having
to rocket. One such possibility is to install
additional sensors in the machines for sole
use by applications that have nothing to do
with control tasks.
This is already practiced today, for example,
when counting good parts. An MES places an
order and, as soon as this is completed, the
machine can be used again elsewhere. But also
special tasks, such as predictive maintenance
of motor or press bearings, can be performed
in this way.
A second option is to install gateways, but
only data that is offered by the controllers is
normally available in this case. This approach
is therefore primarily used to monitor the
status of machines.
The third option involves equipping

22 in d u s t r ial et h er ne t b o o k 11.2016
SOURCE: TE CONNECTIVITY
There are a variety of options for integrating participants in a network and recording, transmitting and analyzing a
variety of data, without the costs needing to sky rocket. One possibility is to install additional sensors in the machines
for sole use by applications that have nothing to do with control tasks.
machines with smart field devices that
allow them to be modeled in detail in IT
systems and enable the performance to be
analyzed precisely using methods such as SPC
(Statistical Process Control).
One example of this is an I/O module,
IoT OmniGate I/O Module, from TE into
which a mini-computer has been integrated.
I/O modules capture data from sensors
and actuators and forward this data to the
controllers using a higher-level bus system.
The smart I/O module, which acts in
addition as a so-called edge computer, allows
a further path to be configured in addition to
this real-time communication path; data for
smart applications in the sense of Industry
4.0 and IoT can be aggregated in the machine
over this second path and then transmitted to
IT systems.
What are the advantages of the IoT
OmniGate approach for applications? Because
I/O modules are already available in machines
today, they can be replaced ease without
necessarily changing their architecture and
interfaces. Moreover, the semantics of the
data models used to describe the automation
components can be drawn on to create
new databases. Hence there is no need to
reconsider each time how to save the data of
specific components.
A software tool to configure the smart I/O
1 1. 2016 i n d u str i a l e th e r n e t b o o k
Precise and simple!
Time synchronization
using IEEE 1588/PTP
ş 7LPHV\QFKURQL]DWLRQYLD
(WKHU1HW,3RU3URĬQHW
ş +LJKHVWWLPLQJDFFXUDF\LQ
QDQRVHFRQGUDQJH
ş 5HGXQGDQF\WKURXJKDXWRPDWHG
VZLWFKLQJRIUHIHUHQFHFORFNV
ş /RFDOJHQHUDWLRQRIWLPHFRGHVOLNH
module will be presented as a prototype by
,5,*%'&)RU33;3XOVHV
TE for the first time at SPS IPC Drives 2016
as well as part of the IoT OmniGate family.
It can be used, for example, to determine
compatibility with the software of the sensors
and controllers, and to generate IP interfaces
for passing on the extracted data in structured
form to other systems such as ERP systems.
This means that the data no longer has to be
requested from different locations, and also
that its format is always the same, simplifying
work considerably.
Conclusion
Smart connection technology is a core element
of digitalizing factories. TE Connectivity is
currently developing solutions that will allow
OMICRON Lab IEEE 1588/PTP
machine data to be extract, aggregated,
pre-evaluated and then forwarded to (cloud-
Timing Solutions:
based) IT systems. This will enable problems OTMC 100
to be identified early on, thus avoiding, for ,(((373*UDQGPDVWHU&ORFN
example, downtime or costs for excessive
energy consumption. TICRO 100
In addition, even installed machines ,(((3737LPH&RQYHUWHU
can be connected to IT systems with smart
connectivity technology, without the need
for such expensive tasks as reprogramming www.omicron-lab.com/timing
controllers.
Daniel Walldorf, Industrial IoT Platforms &
Ventures at TE Connectivity.
Smart Timing Solutions
 Automotive parts supplier
Applications

launches IoT initiative

Recognizing the need for connectivity, data access and scalability, automotive parts supplier HIROTEC
developed a “six week sprint” strategy to capitalize on connectivity benefits and turned to an IoT platform to
enable company-wide, device-to-cloud connectivity through one overarching toolset.

SOURCE: KEPWARE
HIROTEC AMERICA is part of the HIROTEC
Group Companies, and globally recognized
as a Tier-1 parts and tooling supplier for the
automotive industry. The parts and tooling
supplier designs and builds roughly 7 million
doors and 1.5 million exhaust systems a
year, making it one of the largest private
production companies in today’s global
automotive market.

The Challenge
Operational downtime is a significant issue
facing Original Equipment Manufacturers
(OEMs). In most cases, the machinery involved
runs without condition-based monitoring—
essentially operating until a failure occurs. At
that time, appropriate personnel are contacted
to assess the situation and make the repairs
as expeditiously as possible to prevent
dramatically delaying production schedules.
Outside factors like weather or traffic patterns
might also add to possible downtime scenarios
and lead to organizational inefficiencies and/
or misallocation of resources.
HIROTEC sought to eliminate this trend of
reactive maintenance and lost opportunities
by utilizing the information and systems it
had on hand to gain deeper insight into its
operations and processes. The automotive
supplier had long collected industrial data
from sensors and machines across customer
production facilities and its own systems
to support its decisions and track business
progress.
However, volumes of this data were
manually separated and stored across
multiple sources—making it inaccessible to
collective and systematic analysis. In order
to improve quality, reduce downtime, and
optimize production schedules, HIROTEC
needed to implement a modern, automated
solution that could gather maintenance and
operational information into one source and
offer actionable recommendations to its
quality professionals.
“A lack of data was never an issue for us,”
said Justin Hester, Senior Researcher for
HIROTEC. “As one of the largest automotive
manufacturing suppliers in the world, we
collect volumes of datasets on a daily
basis. The problem we were faced with was
transitioning from a data-heavy organization
to a data-smart organization. We realized
Instead of integrating multiple solutions across business functions, HIROTEC turned to KEPServerEX and the
ThingWorx IoT Platform solutions to enable company-wide device-to-cloud connectivity using one toolset.
that in order to bolster profits from untapped
machine-generated information, we needed to
look towards modern solutions that automated
the process and enabled timely, data-driven
decisions.”
The Approach
Recognizing the need for connectivity, data
access, and scalability, executives at HIROTEC
worked to develop a competitive strategy to
capitalize on the potential benefits of the
Internet of Things (IoT). The initiative began
with identifying the fundamental technologies
that would fuel the IoT effort. After
evaluating several traditional IoT offerings
from traditional industrial automation
vendors, HIROTEC found that many solutions
were restricted to a single business aspect,
protocol, or standard.
Not wanting to waste time and effort
integrating multiple solutions across several
business functions, HIROTEC finally turned to
Kepware’s KEPServerEX and the ThingWorx IoT
Platform (both solutions from PTC) to enable
company-wide device-to-cloud connectivity
through one overarching toolset. Working
together to deploy a single source of smart
solutions for the IoT, the ThingWorx platform
would be able to provide analytical insight
into HIROTEC’s data through industrial
data streamed from the IoT Gateway for
KEPServerEX, an advanced plug-in capable of
pushing information from KEPServerEX into
Big Data and analytic software applications.
To support the company’s long-term
IoT vision, HIROTEC collaborated with
representatives at PTC to build an IoT
framework supported by short, six-week agile
sprints. Where a full IoT implementation
may have taken years to generate a proof of
concept, the Scrum model provided company
executives with visible and quantifiable
progress in just weeks.
“We see and speak with many manufacturing
organizations, and it is clear they are
interested in the Internet of Things. They see
the potential and would like to do something
with the technology. Despite the desire that
exists, many remain frozen because the
prospect of a full-blown implementation is so
daunting and uncertain,” said Hester. “This
is why we advocate so strongly for the short-
sprint model we have adopted at HIROTEC.
We don’t want to boil the ocean; we want to
start with low-hanging, solvable problems and
build out our case and experience.”

24 in d u s t r ial et h er ne t b o o k 11.2016
SOURCE: KEPWARE
HIROTEC is planning to expand its IoT efforts to include every aspect of its business from operations and IT to
financial forecasting, customer relations, and sales.
Test bed in Detroit
Michigan was chosen as the test bed for the
first small sprint because of the unique data
types generated among its eight Computer
Numerical Control (CNC) machines. Kepware’s
IoT Gateway for KEPServerEX collects data
from the CNC machines and streams it in
real-time to the Cloud, where the ThingWorx
IoT Platform provides analytics and data
visualizations. This solution gives HIROTEC
labor-free access to a customized visualization
of both the operations and conditions of its
industrial devices and systems.
“When first embarking on our IoT journey,
HIROTEC’s core objective was to remain
flexible in our ability to connect things,”
said Hester. “The offerings and expertise by
Kepware and PTC have enabled us to stay true
to our goal by effortlessly adapting to our
business processes and developing the right
IoT strategy for our teams. The IoT Gateway’s
ability to seamlessly put data into ThingWorx
to generate real-time insight into operations
fuels our sprint framework and allows us to
stay nimble in our decision making.”
The Results
Since implementing Kepware’s IoT Gateway
and the ThingWorx IoT Platform, HIROTEC has
gained increased visibility into the processes
of its CNC shop and deeper insight into
operations.
The company realized early on that
having access to CNC machine uptime data
significantly impacted the shop’s scheduling
process, which was previously set on
conjecture and after-the- fact analysis.
Manufacturing leadership can now leverage
real-time data from the shop floor and tie it
to the scheduling ERP system, optimizing the
scheduling of parts to CNC modules.
This process also provides greater insight
into asset and resource allocation by
automatically formulating smarter questions
1 1. 2016 i n d u str i a l e th e r n e t b o o k
about current needs and priorities and
determining the most effective course of
action. Because of this, HIROTEC has improved
productivity across the shop and increased its
ROI.
The company has also improved
collaboration between its Operations and
Information Technology (IT) departments. By
working daily with Research and Development
engineers, IT teams quickly gained access to
corporate roadmaps and strategic goals, and
were empowered to contribute at a more
strategic level. Not only has the development
of cross-functional teams improved
communications across the entire business,
but the added perspective helps promote
quicker and more efficient responses to IT
jobs.
HIROTEC anticipates its IoT efforts to
impact every aspect of its business from
Operations and IT to financial forecasting,
customer relations, and sales. As it moves
forward with sprint projects, HIROTEC will
continue to see what is useful about the
varied sets of contextualized data and use
it to create common business processes and
analyses. The auto parts supplier eventually
plans to use this insight to create an
IoT-ready production line and enable remote
equipment monitoring and management from
a centralized dashboard to promote predictive
and proactive maintenance.
“In just six short weeks, we’ve gained more
visibility into our operations than ever before,
reinforcing our investment and belief in the
power of the IoT,” said Hester. “With data-
centric knowledge generated from KEPServerEX
and ThingWorx, we can now make smarter and
timelier decisions that not only impact our
CNC shop, but also help us identify how we
can operate more efficiently and profitably
across all of our facilities.”
Application Report by Kepware.
25
 Exploring fundamentals of
Technology
automation network efficiency
Efficient network design can reduce bandwidth usage leading to lower error frequency, and enable fast
forwarding of frames to avoid transmission disturbance. The reliability of EtherCAT systems can be influenced
by lower protocol complexity, as well as the reduced frame traffic on the communication connections.
HIGH-PERFORMANCE SYSTEMS can be seen
as particularly sensitive, in our everyday
perception, while more robust systems are
thought to be lacking in performance. This
applies to computers and cameras, as well as
for cars: for example, race cars are fast, yet
fairly unreliable while robust off-road vehicles
are tough, but comparatively slow. The same
goes for the field of industrial communication,
where performance (communication efficiency)
and reliability (the impact of errors on a
system) are closely connected.
However, this connection, depending on the
technology, is often surprising. The thought
that high efficiency leads to a destabilization
of the system in case of an error is not
applicable in many ways.
The following article demonstrates this
concept, highlighting different scenarios
using EtherCAT as an example.Industrial
communication encompasses various effects
that influence error situations in different
ways. Determining what happens, when
it occurs, where it happens, and for which
reason are the key questions that must be
answered quickly (which is not always easy)
when an error occurs. On the other hand, one
has to keep an eye on data consistency when
dealing with error cases.
In many applications, Ethernet has
become very popular. The robustness of the
physical data transmission with 100 Mbit/s
(Fast Ethernet) has proven itself extremely
successful in the industrial field. Therefore,
the efficiency of the protocol layers above the
physical level, with regard to their reliability,
must be discussed.
Single frame for I/O operations
One approach for evaluation is the
investigation of the protocol overhead. Using
an individual Ethernet frame for every network
participant results in significant overhead,
since even at minimum frame size, a total of
84 bytes must be sent, whereas the typical
payload is smaller than 8 bytes (e.g., CAN
between 1 and 8). This leads to an overhead
of more than 90 percent.
The usual setup of a machine shows a linear
topology for the communication system,
whereas the Fast Ethernet infrastructure
requires active coupling of the interfaces. The
26
Cycle 1 1 2 3 4
Cycle 2 1 2 3 4
Cycle 3 1 2 3 4
Cycle 4 1 2 3 4
Cycle 5 1 2 3 4
Cycle 6 1 2 3 4
1 2 3 4
Cycle 7
A random cycle error impacts the individual frame in six out of seven cases.
coupling is carried out by a Bridged LAN, or
Switched Ethernet, whereas the switches are
often an integrated part of the network nodes,
as with I/O devices or drives. Since all data is
processed in each node, one can alternatively
collect the complete user data information in
one common frame and, similar to EtherCAT,
process while the frame runs through the
system. This method of protocol processing
can be referred to as a shared frame solution.
The result is an overhead of less than 50
percent, even if the number of connected
network nodes is small. If the total payload
of the system is more than 400 bytes, this
influences the overhead in the shared frame
solution by less than 10 percent.
Even if the physical layer (PhL) of Ethernet
is robust in general, strong electromagnetic
interfering signals can lead to communication
errors. When comparing the effects of such
interference in the traditional, individual
frame approach to those in the shared frame
principle, the latter shows a far smaller error
probability within the network cycle.
Normally, most networked applications can
overcome one single error without any harm,
but if there are two errors following directly,
it is already a critical situation. Thus, the
relation between communication errors per
cycle corresponds with the critical situations.
Related to the quite realistic example noted
at the beginning of the article, this means a
much higher number of corrupted frames are
created with the individual frame approach
than compared with the shared frame solution
because the latter uses only one sixth of the
transmission time. As a result, the disturbance
influences the common frame only in one out
of every six cases.
in d u s t r ial et h er ne t b o o k
SOURCE: ETG
5 6 7 8
5 6 7 8
5 6 7 8
5 6 7 8
5 6 7 8
5 6 7 8
5 6 7 8
Erroneous bits offer no impact
In motion control applications, complex
algorithms are used to interpolate the target
value and the actual values in case of a single
communication error. The individual frame
approach leads to unforeseeable results,
especially when several axes are coupled.
As a result, the much higher rate of
erroneous cycles in this approach results in
a series of cascaded and, therefore, critical
situations. Additionally, the low efficiency of
this solution (around 10 percent) increases
the rate of erroneous cycles and makes reliable
control of the application much more difficult.
Control of speed and position also relates
to motion. Regarding the position, the
control of a value is much more critical than
speed when dealing with small, incremental
changes. The pre-planning of interactions can
help to ensure readiness in cases of error. In
addition, the programming motto “keep values
as long as nothing changes” helps to reduce
the effects of errors in general, as well as to
avoid bundled errors.
The mentioned circumstances show that
there is no direct dependence between the
number of errors in one cycle and the resulting
control error. Single errors can even be more
critical than bundled errors.
The individual frame approach
Another problem of a solution with single
frames for each node centers on the isolation
of errors. Generally, Ethernet avoids the
transmission of disturbances, since each
connection is controlled by a special
transceiver. In today’s Ethernet, the PhL is
not a bus but rather a collection of peer-to-
peer connections. This can cause errors, for
11.2016
instance, because power supply disturbances any measures. The earliest time that such an
can impact several nodes at a time. A error can be reported is one incoming cycle
comparable source for errors would be a poor later. Until the error time-out is triggered, the
connection to the protective conductor when system normally needs three cycles.
the direct shield method is used. EtherCAT instead creates direct feedback
EtherCAT documentation does not with the slaves. Fast forwarding enables the
recommend this, but it is mandatory in some incoming data to appear in the master right
consortiums especially because multi-protocol after the output data have been transmitted.
devices must follow that approach and may In case feedback fails to appear, the master
not use alternative methods. Since grounding can start the according actions immediately
in cabinets is sometimes worse than expected, and, thanks to very little forwarding variance,
disturbances on the shield can appear where precise timeout becomes possible.
different parts of the cabling are joined. In principle, EtherCAT acts like a traditional
In such a case, the diagnosis is very fieldbus, arranging for the repetition
difficult – which is the reason why this kind immediately. The latter makes error handling
of disturbance transmission should be avoided within the master more complex. In addition,
if possible because of its potential affect on the availability of actual process data is more
applications. If you use common frames, such preferable than bandwidth (with EtherCAT,
as with EtherCAT, this type of disturbance
transmission only affects the same frame
only about 15 percent), so processor
performance is often leveraged to repair old Unlock new
several times.
In case of short individual frames with the
process data. Thus, EtherCAT aims for short
cycle times, which thereby reduces the effects
services with your
typical switch forwarding method, which is of possible errors. machine data.
defined by the IEEE standard and is normally
at least 10 times slower than EtherCAT, several Higher efficiency benefits
frames are transmitted on different network Last, but not least, when compared to
participants during the same time period. solutions based on individual frames, EtherCAT
During that process, a huge time delay leads facilitates significantly shorter cycle times (in
to several different affected frames in the case this example, by a factor of 6), which leads
1 0 1 0 1 0 1
1 1 0 1 0 1 0
0 1 1 0 0 1 0 1
1 0 0 1 1 0 1 0
0
1
0
1
1
0
0
1
1
0
0
1
1
0
TAGNAME
DATABASE
of a disturbance transmission. to much higher precision as well as increased
1 0 0 1 0 1 0 1 0 1 1 0 1 0 1
0 0 1 1 1 0 1 0 1 1 0 1 0 1 0
0 1 0 1 0 1 0 1 1 1 0 1 0 1 0
1 1 1 0 1 0 1 0 0 1 1 0 1 0 1

As a result, data from different cycles or process robustness. This enables much higher
0 0 0 1 0 1 0 1 1 1 0 1 0 1 0
0 1 1 0 1 0 1 0 1 1 0 1 0 1 0
1 0 1 1 0 1 0 1 0 1 1 0 1 0 1
1 0 0 1 1 0 1 0 1 1 0 1 0 1 0

communication types can be affected. For product quality, as well as faster reaction to
1 0 0 1 0 1 0 1 1 0 1 0 1 0 1
0 0 1 1 1 0 1 0 1 1 0 1 0 1 0
0 1 0 1 0 1 0 1 0 0 1 0 1 0 1
1 1 1 0 1 0 1 0 1 1 0 1 0 1 0

this reason, the disturbance transmission is a errors. The shorter cycle time provides an
0 0 0 1 0 1 0 1 0 1 1 0 1 0 1

01 1 1
100 0

very critical factor that almost always entails excellent method to improve product quality,
10 0 1 011
010 0 11 0 0
10 0 0 100 0
100 0 10 1 0
00 0 0 100 0
101 1 01 0 0
000 0
01 0 1

some kind of domino effect. With an EtherCAT even in case of an error; if no errors occur,
1

system, the forwarding times are short so that
even a disturbance at the beginning of a frame
cannot affect the end of a previous frame in
the network.
When several single frames are affected, the
resulting error type is hard to define. Some
input data is new, some is old. Ultimately, the
conclusion that there are only single errors
with that method is not true. Rather, it rather
requires especially sophisticated and complex
error handling strategies.
Additionally, most switches/bridges only
transmit when they have received a frame
correctly (store and forward), which leads
to different frames at each interface and the
disturbance transmission to influence a high
number of frames.
Accelerate error handling
For efficiency reasons, approaches with
individual frames generally do not deliver
prompt feedback. Direct feedback on updates
to the output data would require forwarding
from master to slave and back. This duplication
of the forwarding time would present a
limiting factor for the cycle time. Thus, the
reaction to the loss of individual output
frames is limited to the single components –
without direct notification of the control unit.
In this situation, the master cannot initiate
the quality gets even better. Overall, EtherCAT
offers the best chance to maintain successful
processes, even in environments with heavy
disturbance.
• Remote Access your
Conclusion machines (PLC, HMI, IP
In summary, the EtherCAT approach forms
the basis for reliable network design, reduces
Camera, etc.)
bandwidth usage leading to lower error • Gather time stamped
frequency, and enables the fast forwarding
of frames to avoid transmission disturbance. machine data centrally
Thanks to the peer-to-peer connection via (alarms, KPI, set point,
Ethernet, reflections and other disturbances consumption, ...)
can be avoided. This makes communication
more reliable, since the error probability is low • Use or create your own HMI
and the location of an error can be detected
easily. • Collect data from the field
In addition, the reliability of a system can to create added-value
be influenced positively by lower protocol services
complexity as well as the reduced frame traffic
on the communication connections. Clear
design is the basis for a good automation
system and is mandatory for improved
reliability. Discover eWON
EtherCAT adheres to the fundamental Remote Data
principle of automation technology: efficiency
and reliability are two sides of the same coin! solution at SPS!
Hall10, Stand 420
Dr. Karl Weber is Senior Technology Expert at
the EtherCAT Technology Group.

1 1. 2016 i n d u str i a l e th e r n e t b o o k www.ewon.biz

 Container and microservices
Technology

cloud architecture and platform

A “containers and microservices” cloud architecture offers a standardized set of services that support
applications running inside the container, along with a connection to the cloud host environment. This
potentially offers a powerful secure platform for connecting industrial data to high-value cloud services.

SOURCE: PROSOFT
Using a layered approach to security, a PC’s operating system VPN minimizes the need for user-
installed software. HTTPS is deployed for all communication, requiring a certificate and one-time use
keys to authenticate the gateways, to implement a system that runs on Amazon Web Services.

CONTAINERS AND MICROSERVICES are the terms used to describe an
approach to developing applications for use in a cloud environment. The
term container brings to mind a shipping container, or a standardized
box that is used in shipping to make it easier to move products
overseas, through ports and across railways.
In cloud application development, a container is a standardized set
of services that support the application running inside the container
and provide connection to the cloud host environment. Microservices
are the applications that run inside the containers.
As opposed to writing a single, monolithic program to deliver all user
functions, developers build microservices that perform a very specific
task. Various microservices come together to form what appears to the
user as a complete cloud-based service. Yet, since each microservice
and the container it resides in is fully self-sufficient, these functions
are not dependent on each other.
New approach to development
This concept is a departure from the predominant software development
approach of the recent past. For many years, software developers built
full programs that would install on a computer and run in a specific
computer operating system. All of the functions of the program exist
within the code, and the entire program is installed together.
The program depends on the operating system to provide the required
connections to the world (input devices like the keyboard, output
devices like the monitor and network connections). In addition, all of
the functions within the program depend on each other. This approach
to programming worked well as long as there would always be a fairly
complex host to run the program and the computer operating system.
As more computing functions are moved to cloud hosted systems,
this paradigm is no longer the ideal way to develop computer programs.
Many applications have been ported to the cloud simply by running
a virtual machine with a specific operating system, and installing an
existing PC- or server-based program to that virtual machine. This is a
very inefficient approach since many aspects of the operating system
are not needed by the program. Further, since all of the functions of
the program are interdependent, a failure in any part of the program
can crash the entire service.
Booting up a new VM with the service can take minutes. Reliability
is improved by adding “failover” servers, which are entire copies of the
virtual machine running side by side.
Building cloud solutions
Containers and microservices provide a better way to build software for
cloud deployment. This approach begins with the compartmentalization
of program functions into microservices. A microservice is just a specific
function of the program, such as a payment service on an online retail
site. Overall service may have many microservices providing different
functions. The other key element of this approach is the Container.
The container is a standardized interface between the microservice
and the rest of the world, similar to how the operating system provided
the interface for the monolithic program in the old paradigm. Containers
offer quite a few advantages in the cloud hosted environment. They
are much less resource-intensive compared to virtual machines and
full operating systems, so it’s easy to deploy multiple instances of a

28 in d u s t r ial et h er ne t b o o k 11.2016
particular microservice to handle traffic and provide better reliability.
Containers “spin up” in less than a second, so failure recovery is
extremely fast. Making functions fully independent from one another
also allows the development team to use the best programming
language for each function, rather than choosing one language for
all functions. If one function is most easily deployed in python, and
another function in C++, each function can be developed in the optimal
language for that function and deployed in its own container.
New approach to programming
Think of the old approach of monolithic programs running on virtual
machines such as a warehouse. The warehouse, like the virtual machine,
is designed to house any manner of contents. It is large and time-
consuming to build, and contents are dependent on the integrity of
the warehouse – and can be affected by problems with other contents.
In addition, each warehouse is built with different configurations
(aisles, shelving, doorways), so moving contents from one warehouse
to another will require changing how the contents are stored. When
things are busy, the warehouse may be full, while at other times, it will
be nearly empty. Yet it takes up the same amount of space either way.
By contrast, shipping containers are really very small, modular
warehouses. Each one has standard dimensions, handling provisions,
and configuration. Containers hold all kinds of different contents, yet
it is very easy to manage many containers by stacking them on ships
or in shipyards. Individual containers take up much less space than
a warehouse, and it’s relatively easy to add containers when more
contents need to be stored. In busy times, the shipyard may be full of
containers stacked in rows. When it’s not busy, far fewer containers are
needed. If anything happens to a container, only the contents inside
that container are affected, and a replacement can be ready quickly.
Just as the advantages of shipping containers make logistics
operations more efficient, cloud-native container technologies make
cloud-based programs easier to develop, deploy, and operate.
Architectural benefits
ProSoft Connect technology allows customers to securely access
industrial automation devices such as PLCs and HMIs remotely from
anywhere in the world. Secure remote access allows system integrators,
machine builders, and large end users to troubleshoot problems with
their systems more quickly, to gather data from machines or plants
around the world, and plant operators to manage process equipment
spread globally. The unique advantages of the container and
microservice architecture include enhanced service reliability, improved
security, and superior ease of use.
For manufacturing customers, reliability is always a critical attribute.
Secure remote access services are no different. When a machine is
down, engineers need to access the machine control system and begin
troubleshooting immediately. ProSoft Connect users enjoy highly
reliable service in part because the container/microservice approach
allows the service to run multiple simultaneous sessions with minimal
consumption of cloud computing resources. In fact, there are always
at least three of every service running! There is no need for the “fail-
over” servers that old VM-based systems used for reliability. Even if
all of the current instances of a service were to suddenly stop, a new
instance can be started up in under a second. This means that when
an engineer needs to access a remote machine, ProSoft Connect will
be ready to make the connection.
As more industrial processes connect to the Internet, cybersecurity
is an important aspect of connectivity solutions. The container and
microservice architecture helps ProSoft Connect deliver a higher level of
security for users. First, it is a fully cloud-native solution that requires
virtually no user-installed software. This eliminates a significant attack
surface that past cloud connectivity solutions opened up. User-installed
software is vulnerable to tactics like “watering hole attacks,” where
hackers embed sniffer code inside the software download and use that
1 1. 2016 i n d u str i a l e th e r n e t b o o k
ME_AZ_FA_IEB_85x120mm_E_DU08082016.indd 1
to gain access to equipment. Also, software must be kept up-to-date as
vulnerabilities in the underlying software services are discovered and
Technology
patched. It also requires only a browser and an OS-native VPN client
to work, so these threats are greatly reduced.
Second, the container and microservice architecture enables ProSoft
Connect developers to build a very robust and secure service using
the latest state-of-the-art cloud development tools. Containerized
functions prevent potentially cascading issues, since each function
operates autonomously in its own container. Finally, containers provide
the basic supporting services that a piece of code needs to run. This
means there are fewer components that might be vulnerable to attack,
compared with a full VM and operating system.
The most noticeable advantage of the choice to use containers and
microservices is in the ease of use. ProSoft Connect functions were
built using the best programming language and supporting services
for each function, which contributes to the simple user experience
of the service. For creating VPN connections to remote equipment,
EasyBridge technology forms a Layer 2 connection between the user’s
PC and the remote PLC network. Containerized services running in the
ProSoft Connect service handle the complexity of network routing, so
the user can connect to the remote network just as if they plugged an
Ethernet cable into the remote Ethernet switch.
A Platform for the IIoT
Perhaps the most exciting aspect of this technology and its modular
architecture is the promise of things to come. The Industrial Internet
of Things (IIoT) is a hot topic these days, and for good reason. As
new technologies develop to help manufacturers cut costs, improve
productivity, and deliver products faster, users will have a powerful
secure platform to connect industrial data to high-value cloud services.
Keith Blodorn is the director of ProSoft Technology’s Wireless Program.
While you look ahead
… we have an eye for the rest.
360° Network Reliability
for Smart Factory Automation
• Cybersecurity for your entire network infrastructure
• Single point and multi-point network redundancy
• PROFINET, EtherNet/IP, Modbus TCP, CC-Link, SafetyNet
Moxa Solutions. Protected, easy, intelligent.
www.moxa.com
29
03.08.16 16:17
 Lower cost of ownership
Applications
Technology
for industrial IoT networks
Some costs are often overlooked, and best practices can lower the total cost of ownership (TCO) for
industrial control networks. After purchasing a switch, factors to consider throughout the product life cycle
include installation, configuration, operations, maintenance, downtime, and ongoing technical support.
Different costs incurred within the project life cycle including acquisition, operational and support costs need to be aggregated to create a total cost of ownership.
THE INDUSTRIAL INTERNET OF THINGS (IIOT)
trend is facilitating a growth in connected
devices on networks as well as increasing the
scope and complexity of industrial control
networks that frequently converge with
traditional IT networks. More now than ever
before, concerns about security, availability,
and performance are having an impact
on these industrial control networks. One
consequence of the IIoT trend is that simply
purchasing devices for your network isn’t the
end of your expenditure. In fact, it is often
only the beginning. Network operators are
discovering a host of associated direct and
indirect costs that can often exceed the initial
investment in networking hardware.
This article considers some of the costs that
are often overlooked, and suggests some best
practices and tips on how to lower the total
cost of ownership (TCO) for industrial control
networks. After purchasing a switch, a variety
of factors need to be considered throughout
the product life cycle, including installation,
configuration, operations, maintenance,
downtime, and ongoing technical support.
After taking all of these factors into
consideration, network administrators are in
a much better position to be able to judge
the true TCO of a project and make the right
decisions to ensure that the TCO is kept as
low as possible.
Challenges for complex networks
The time from the start of a project until it
is up-and-running can be broken down into
30
broadly six different stages. The challenge
for network administrators is to have a deep
understanding of each stage of the project
and determine the key features that a device
should include or support that are beneficial
for that particular stage as well as to what
extent these features will be beneficial in the
future when the needs of the network change.
These features and benefits often don’t
appear in the hardware specifications of a
product, but are essential to keep in mind
when purchasing products. For example, the
vendors who provide switches for a project
can allow those who are deploying and setting
up the network to make their quotation
more competitive if the deployment and
setting up can be completed faster. This
will also allow those who are installing and
configuring the network to have more time
for other projects. The six stages are discussed
below, with scenarios provided to give a
fuller understanding of the different factors
affecting the TCO.
Total cost of ownership
After considering some of the challenges of
networks, it becomes evident how the costs
associated with commissioning and operating
a network can easily exceed the cost of the
networking components. Some of the general
steps involved in commissioning, operating,
and supporting an industrial network will
now be considered in order to gain a better
understanding of the TCO.
in d u s t r ial et h er ne t b o o k
SOURCE: MOXA
Installation and integration costs
It is rare to see completely new network
installations in industrial environments. The
majority of network deployments involve a
combination of new equipment and upgrades
using existing SCADA systems, control
networks, and devices.
It should be noted that as no two networks
are the same, each network has its own set
of unique requirements. One of the skills
that a network administrator must have is
the ability to choose and deploy the right
devices to ensure that the current and future
requirements of the network are met. A good
example of this is ensuring interoperability
across all devices on the network throughout
the project life cycle. Although there are
numerous ways to overcome certain problems
that may arise throughout the project life
cycle, one of the best solutions is to choose
products that offer the most flexibility.
For industrial networks, devices are often
installed in control panels with other devices
that run on different voltages, so one solution
is to purchase a power converter to ensure
compatibility. However, this may not be the
ideal solution for all network administrators
due to size constraints of the panel where the
devices are being installed or the additional
costs incurred from purchasing power
converters. For some projects, the cost of
deploying new cables can add significantly
to the overall costs of the project. A better
alternative is to use a device that supports a
wide range of power inputs that will satisfy
11.2016

Multi-protocol Ethernet communications capabilities make it easier to integrate PLCs with SCADA systems.
the present demands of the network, and
provide added flexibility for devices that
must also be added to the network at a later
date. Although the initial expenditure may
be slightly higher for a switch that supports
these features, it becomes clear how costs can
be reduced over the duration of a project by
avoiding additional costs at a later date.
Reduce configuration costs
One of the most time-consuming tasks for
projects in industrial environments, and
therefore one of the most expensive, is
configuring devices on a network so that
they have security settings, redundancy,
interoperability, and efficient performance.
A wide range of options are available, from
very basic switches that offer no support with
configuration, all the way up to large software
packages that cost considerable amounts of
money on a per-annum basis but greatly assist
network administrators with the configuration
process.
As the number of devices on a network
increases, so do the possibilities for savings.
Below are some of the main areas that have
been identified pertaining to the configuration
stage of a project, all of which have a strong
effect on the TCO.
Due to the convergence of industrial
automation and IT systems across IIoT
networks, EtherNet/IP and PROFINET protocols
must have a way to operate together on
the same network. Devices that have been
preconfigured to allow for these disparate
protocols to communicate automatically
allow network administrators to deploy what
is essentially a plug-n-play device. These
devices will also often support automatic
discovery and the ability to assign IP
addresses automatically, allowing a significant
portion of the time required for configuring
these devices to be eliminated. Compare this
with using cheaper devices, which will require
a lot more effort to be spent configuring the
1 1. 2016 i n d u str i a l e th e r n e t b o o k
devices later on in the project.
Configuration costs are not limited to when
the network is being set up for the first time.
Any feature that allows copying and saving
device configurations will provide network
administrators with the ability to reuse these
settings at a later date, and eliminate the
need to manually configure new devices that
are added to the network.
Configuration is also made a lot easier by
an intuitive graphical user interface (GUI).
Some companies will offer an advanced
testing kit, which allows users to test the GUI
and independently validate the claim that
it is intuitive before installing devices on a
network. An intuitive GUI can save network
operators a significant amount of time for the
duration of a project.
Reduce operational costs
A key way to lower operational costs is a
design that requires the minimal amount of
manual work to keep the switches and network
operational. In addition, ensuring product
suitability for deployment in industrial
environments will also help achieve optimal
operational performance.
The two main reasons why devices on
industrial networks malfunction is their
moving parts and the power inputs, which
are often referred to as points of weakness.
Switches that have an absolute minimum
of moving parts are much less likely to
malfunction or break, resulting in less network
downtime and therefore reduced expenditure.
Similarly, if the device supports dual-power
inputs and one of the power supplies fails,
the other power supply will keep the device
running, allowing the faulty power supply to
be replaced without network downtime. For
deployments lasting longer than 10 years,
which is the norm for IIoT networks, there is a
very high chance that network administrators
will encounter one of these problems at some
point during those 10 years.
Technology
SOURCE: MOXA
Reduce maintenance costs
The majority of IIoT networks are controlled by
programmable logic controllers (PLCs). When
the network performs scheduled maintenance
and performs a reboot, a PLC will often take
around 20 seconds to reboot.
If a PLC boots up before the network is
ready to operate, errors will occur that can
cause further delays. Switches that can boot
up in about 10 seconds as opposed to 100
seconds will be ready to operate as soon as
the PLC has rebooted, thereby avoiding the
aforementioned problems.
Being able to view the current status of the
network at a quick glance via software or an
app is one of the easiest ways to monitor a
network. These apps and software sometimes
incorporate an alert system that warns network
administrators that an event is taking place
that has the potential to cause a failure on
the network unless the problem is rectified.
Alerting the system administrator that a
problem could happen later on, as opposed to
a system that merely informs the administrator
that there is a problem now, is an excellent
way of reducing maintenance costs. These
features may increase the purchase price of
the switch but over the course of the project
life cycle are likely to result in substantial
savings.
Reduce maintenance costs
Finding the root cause of downtime on a
large-scale network is very time consuming,
so any tools that assist network administrators
with identifying the point of failure and allow
them to quickly fix it will have significant
advantages.
Another skill of successful network
administrators is to be able to calculate
whether the additional costs of features
that can help reduce downtime are likely
to outweigh the costs of any downtime
experienced.
Devices that can be remotely accessed and
31

Technology
Technology
Batch configuration is one of the most effective ways to reduce configuration costs. Since the number of networked
devices keeps increasing, both time and money can be saved by using mass configuration, instead of configuring
individual devices one by one.
A tool that can play back events to help quickly narrow down the possible cause of the network problem.
configured are very beneficial because they
allow untrained personnel to perform the
time-consuming task of going to the field
site, while the trained specialist can perform
troubleshooting and configuration remotely
from the control center.
In addition, a device that offers playback
support allows the specialist to identify what
occurred at the time the switch went down,
32
and help improve the design of the network
infrastructure to avoid this kind of failure in
the future.
Devices that back up the switch’s
configurations on a dongle are particularly
helpful if the switch malfunctions. To
automatically import all of the settings, all
you need to do is plug the dongle back into
the switch. As no configurations need to be
in d u s t r ial et h er ne t b o o k
performed manually, the amount of network
downtime is reduced.
As network administrators are not always
based in the control room, mobile apps that
support event notifications provide network
administrators with the ability to respond
more quickly to events taking place on the
network, allowing them to get the network
back to normal more quickly than would have
otherwise been possible.
Self-healing redundancy technologies
ensure that networks stay up-and-running
even in the event of a single node failure.
Deploying redundancy technologies that allow
greater flexibility, availability, and scalability
for future network expansion can help avoid
additional expenditure in the future.
Ongoing technical support
When purchasing a switch, a wide range of
options are available, from cheap devices that
offer no ongoing support, firmware upgrades,
etc., to switches where over the course of the
project the ongoing technical support will
cost significantly more than the switch. As
switches are often deployed on networks for
longer than ten years, the technical support
that comes with a switch will significantly
impact costs in long-term deployments. For
example, new security threats are regularly
identified and companies that offer ongoing
technical support will often release a security
update via a firmware upgrade to eliminate
new cyber threats.
Conversely, when a device on a network is
compromised and ongoing technical support
or firmware upgrades are not available, the
network administrator will have to replace
the device or risk the security of the whole
network. Reliable switches that offer free
ongoing technical support complemented by
a long warranty period present significant
advantages for network administrators who
want the lowest TCO for their projects.
Conclusion
After considering the life cycle of a project
and the hidden costs that can be incurred
throughout this life cycle, it is clear that
multiple factors must be considered when
determining the direct and indirect costs of
an entire system.
It should be noted that network
administrators can never be 100% sure what
the future needs of an IIoT network are,
but having a full understanding of the six
stages described above ensures that network
administrators are more knowledgeable about
which devices have the best chances of
lowering the TCO throughout the duration of
a project.
Richard Wood, Product Marketing Manager,
Vance Chen, Product Manager and Yiwei Chen,
Product Manager work at Moxa.
11.2016
 Reader Service Card
IEB issue 97 - November 2016

Service
IMPORTANT: You must update your subscription
annually to continue receiving your free copy
of Industrial Ethernet Book magazine.
Return by mail to: Or fax back to: Or use our online reader service at:
IEB Media +49 8192 933 7829 www.iebmedia.com/service
Bahnhofstr. 12
86938 Schondorf
Germany

Please enter your contact details below: Company Activity (select one)
□ Aerospace/Defence
Name: ___________________________________ □ Electronics Industrial/Consumer
Position: ___________________________________ □ Instrumentation/Measurement/Control
Company: ___________________________________ □ Manufacturing Automation
Address: ___________________________________ □ Metal Processing
___________________________________ □ Mining/Construction
City: ___________________________________ □ Oil & Gas/Chemical Industry
State: ___________________________________ □ Packaging/Textiles/Plastics
Zip Code: ___________________________________ □ Pharmaceutical/Medical/Food & Drink
Country: ___________________________________ □ Power Generation/Water/Utilities
Phone: ___________________________________ □ Research/Scientific/Education
Email: ___________________________________ □ System Integration/Design/Engineering
□ Telecomms/Datacomms
I want to: □ Transport/Automotive
□ Start a new subscription □ Other: _____________________________________
□ Update my subscription
□ Digital edition or □ Print edition Job Activity (select one)
□ Change my address □ Engineer - Instrumentation & Control
□ I do not want to receive promotional emails from □ Engineer - Works/Plant/Process/Test
Industrial Ethernet Book □ Engineer - Research/Development
□ I want to be removed from the □ Designer - Systems/Hardware/Software
subscription list □ Manager - Technical
□ Manager - Commercial or Financial
Signature: _____________________________________ □ Manager - Plant & Process/Quality
□ Scientific/Education/Market research
Date: _________________________________________ □ Other: _____________________________________
IEB Media reserves the right to refuse an application for a free copy of Industrial Ethernet Book or the provision of information on any of the advertisers or articles

IEB97_p33.indd 33 04.11.1644 10:57

 The evolution of control system
Technology
integration and networking
As the times change, control system integration is becoming more vital to industrial organizations looking
to successfully navigate the turbulent seas of new and ever-evolving disruptive technologies. A new survey
looks at the current challenges and future of industrial controls integration and automation networking.
THE OPERATIONAL TECHNOLOGY (OT)
industry, including industrial controls, hasn’t
experienced the same rapid technological
expansion seen by the information technology
(IT) industry. While this disparity wasn’t
widely perceived as an issue for many years,
the recent demand for more data has brought
attention to the technological gap between OT
and IT. As the demand for data dramatically
increases, industrial organizations will heavily
depend on control system integrators to
navigate the convergence of OT and IT.
Integrators’ ability to expertly blend
together the digital world of IT with the
practical world of OT makes them linchpins
in an industrial organization’s efforts to keep
up with the latest technological trends. As
such, control system integrators have a unique
perspective on the technologies and trends
driving this convergence.
In order to better inform and equip
integrators to handle the changing
technological demands, we asked them for
their perspectives on the most important
trends shaping the industry. We surveyed a
pool of over 9,000 integrators to find out:
• What are the current challenges of the
industrial controls industry?
• How are current technologies affecting
integrators and their projects?
• Which technologies and skills are
imperative for the future?
• What does the future hold for integrators
and the industrial automation industry?
In this article, we will examine what
integrators told us in regards to the current
challenges and future developments for
industrial controls professionals.
Technological challenges
Software and Hardware
In our survey, 61% of our respondents said
software is the greatest pain point, while
21% said hardware, and 18% cited other
issues. The main issues cited were software
compatibility, limited selection, complexity,
training, and support.
Unfortunately, many traditional HMI/
SCADA software solutions still operate on a
very limited number of operating systems and
are based on proprietary technology. This can
cause serious issues with compatibility, limit
34
and analyzed has improved tremendously
SOURCE: INDUCTIVE AUTOMATION
in recent years. Integrators can fulfill a
customer’s need for easy data accessibility
by using SQL databases to log historical data
instead of process historians.
Legacy Systems
Legacy HMI and SCADA systems can be
20 years old or older. While a company can
enjoy the reliability of a legacy system, 11%
of respondents indicated that legacy systems
are a challenge. Some organizations want to
maintain their legacy systems in order to save
money. Yet, customers also want to connect
their legacy systems to modern enterprise
systems. This poses a challenge to integrators
looking to incorporate new technology into a
A recent survey by Inductive Automation examines current system.
the current challenges and future developments It’s vitally important that any new
for industrial controls and automation networking technology solution an integrator uses is
professionals. flexible enough to bridge legacy HMI/SCADA
systems to cutting- edge enterprise-level
the available options, and lock an integrator software. Finding such a solution helps to
and their client to one software vendor. The overcome the challenges of unsupported
latter issue can become especially serious hardware, proprietary technologies, and
if a vendor goes out of business or stops unsupported custom code often found in
supporting a product. legacy systems.
To avoid these issues, integrators can
choose a software solution that is grounded Logistical challenges
in open, IT- standard technologies from
vendors with a history of successful industrial Customers and project requirements
implementations. Opting for open solutions In the survey, 38% of the participants
instead of proprietary ones results in easier indicated that their top challenge is
connectivity with enterprise systems and working with customers and defining project
increased access to a wealth of training requirements. Some customers know exactly
and support opportunities from a variety of what they want, while other customers know
sources. that they need a solution but don’t know
where to start. When the customer does not
Data Integration have a concrete direction for their project, it
As industrial organizations begin to connect is almost impossible for the integrator to be
their data from the industrial controls side to successful.
the enterprise level, integrators will definitely To avoid this, the integrator should make
face data integration challenges as indicated every effort at the beginning of a project to
by 12% of our survey respondents. work with the customer to clearly establish the
Traditional SCADA solutions store data in end goal. Without this information, it’s very
costly, proprietary process historians, which likely that the ensuing project will result in
severely hamper their ability to share and lost revenue and increased frustration.
analyze data. Solutions that connect controls
data to an ERP system, for example, can cost Budgets
a fortune and may take months to implement. In the survey, 21% of respondents indicated
Data is simply too valuable to silo away. that budgets can affect their ability to
Thanks to open IT standards like SQL complete or even start a project. Many HMI/
databases, the way data is collected, shared, SCADA software vendors charge for every
in d u s t r ial et h er ne t b o o k 11.2016
client, tag, and upgrade, which can push
software costs into the hundreds of thousands
of dollars. This kind of pricing structure makes
it extremely challenging, if not impossible, for
integrators to provide value to their customers.
Integrators can put themselves at an
advantage by embracing software solutions
with a simpler and less restrictive licensing
model that eliminates surprise software
expenses and offers more value to their
customers. Additionally, software solutions
with an unlimited pricing model can empower
integrators to offer customers more scalability
in the future, without drastically ballooning
the budget for future projects.
Timeframes
All integrators have experienced the dreaded
scenario of unrealistic deadlines. In the survey,
17% of participants said that time-related
issues are the most serious challenge. Several
issues can seriously impact an integrator’s
ability to meet a deadline. These include issues
such as defining project requirements, working
with proprietary and complex software, and
finding enough engineers with specific skills
to complete a project.
One thing integrators can do to meet strict
deadlines more efficiently is to choose a
software package equipped with tools for rapid
project development. This gives integrators
the ability to complete proof-of-concept
prototypes more quickly so that full-scale work
for project development and implementation
can be started ahead of schedule.
The Future of Industrial Controls
Our survey respondents have indicated
that we’re entering an exciting time in the
industrial controls industry. These insights
into the new technologies and skills that will
be vital for integrators in the future reveal
the need to connect SCADA systems with
enterprise systems in order to properly align
OT and IT. Which technologies and skills are
imperative for the future?
IIoT and MQTT
In our survey, 43% of respondents indicated
that the Industrial Internet of Things (IIoT)
and Message Queueing Telemetry Transport
(MQTT) are two big developments to watch.
IIoT incorporates intelligent machines that
collect and share massive amounts of data,
enabling companies to identify inefficiencies,
save money, and improve quality. MQTT is
an extremely lightweight publish/subscribe
messaging protocol that is ideal for remote
M2M devices in situations where bandwidth
and power are at a premium. MQTT decouples
edge-of-network devices from applications;
instead, edge-of-network devices connect
to applications through message-oriented-
middleware (MOM), which reduces bandwidth
Technology
congestion and allows for easy scalability.
IIoT architectures that employ MQTT and
MOM offer a revolutionary solution to the
issues of low bandwidth and the need to
access data from remote devices. IIoT allows
organizations to scale their application
by simply adding connections to the MOM
infrastructure rather than making additional
connections to edge-of-network devices.
Data management and SQL
The convergence of OT and IT and the rise
of IIoT have been triggered by industrial
organizations’ need to access more data. In
the survey, 16% of respondents said that
data management technology is important.
As more industrial organizations look to
connect the industrial controls side with the
enterprise side, integrators must look into
data technologies to stay competitive.
Traditional SCADA systems were simply
designed to acquire time-series data and
store it on process historians. In most cases,
process historians use a proprietary method
of data management, which limits the ability
to connect to other systems. To connect to
other systems, integrators must implement an
incredibly costly solution that still does not
meet all of the organization’s requirements.

Applications
Technology
The scope of Industry 4.0 applications spans from transportation and smart buildings to complex factory automation.
Fortunately, there’s a cost-effective solution
that IT and enterprise software employ: SQL
databases.Integrators can take advantage
of SQL databases’ powerful features by
incorporating them into a SCADA system. SQL
databases free integrators from the restrictive
nature of process historians by allowing them
to log historical data. Once data is in a SQL
database, other systems can access that data
to create relationships and enable better
decision-making.
Virtualization and cloud solutions
Also, 16% of survey participants mentioned
that virtualization and cloud computing are
upcoming technologies to look out for. While
the two terms are often used interchangeably,
virtualization and cloud computing are separate
concepts. Virtualization, which dates back to
the 1960s, refers to the separation of the
application layer from the physical hardware.
Traditionally, when software is installed on a
computer, applications are tied to the physical
hardware. Virtualization refers to the creation
of a virtual machine that mimics a single
physical computer with an operating system
but is actually running on several machines
with pooled resources. Virtualization makes
cloud computing possible.
While most people identify the Cloud as
a means of storage, the power of the Cloud
lies in its ability to provide a wide range of
services and resources such as applications,
networking, and storage. Companies have
rapidly adopted Cloud computing because it
is far more economical than implementing an
on-site solution.
Technologies such as IIoT are paving a new
way for SCADA systems. Using virtualization
and Cloud technologies, integrators have
a wide array of architecture options that
allow for applications and servers to be
hosted in the Cloud rather than a physical
machine. This is ideal for applications where
installing a physical server is not practical, or
creating a fail-safe in the event of an outage.
36
give organizations total control over adding
SOURCE: INDUCTIVE AUTOMATION
and removing users, what information users
can see, what areas users can access, and view
users’ behavior, all with a click of a button.
Another IT security practice involves online
commerce. You can bank online, purchase
items, pay bills, and perform financial
transactions all via the Internet. In order to
perform these financial tasks, a high-level
security technology such as Secure Socket Layer
(SSL) is used to create a secure encrypted link
and to encrypt data. The excellent security and
stability of MQTT make it an ideal protocol for
the IIoT. Similar to SSL, MQTT uses Transport
Layer Security (TLS) which encrypts sensitive
information over networks. TLS uses certificate
authorities and blocks common attack routes
by closing all ports over the network between
edge gateways and MQTT servers.
Virtualization and Cloud computing offer Stability is maintained through stateful
huge benefits: companies can save money by awareness, allowing MQTT to manage
investing less on physical hardware, and global communication paths, connect to other
organizations can quickly and easily connect available MQTT servers, and initiate failover
employees wherever they are. when a failure is detected.
Mobile Devices The future is now
The IoT and mobile technology are set to Our respondents provided a clear picture of
bring people and devices closer together. the current and trends in industrial controls.
Smartphones and tablets are packed full of While integrators are definitely focused on
sensors and wireless radios that allow us to keeping up with the latest technologies,
communicate and interact with devices in our spending more time working with customers
homes, at work, at stores, and in our cars. In and understanding their business needs will
the survey, 14% of respondents indicated that help bring balance to their projects.
integrators must consider mobile devices as New solutions that embrace the best of
they allow people to interface with machines IT such as Java, SQL databases, Python
and devices. Enterprise-level software already and SSL encryption are making it easier to
enables users to view and analyze data integrate SCADA solutions into enterprise
using smartphones and tablets. With home infrastructures. Features like unlimited
automation being incredibly popular in IoT, licensing, web deployment, multiple-OS
the importance of mobile devices in IIoT compatibility, and comprehensive support
becomes crystal clear. With mobile integration, give integrators a greater ability to help
organizations are more empowered to interface organizations scale their solutions with little
with their systems and make smart decisions to no restrictions. Most importantly for the
while in the field and on the move. integrator, development time can be reduced
dramatically, allowing more time to focus on
Security other important issues.
Until recently, security and data encryption Perhaps the most interesting trend is the
were never a major concern for integrators. convergence of OT and IT, which has paved
In the past, most HMI/SCADA systems did the way for a solution with the potential to
not need to connect to other systems and revolutionize the industry. Integrators must
remained self-contained. In some cases, embrace the best of IT and combine it with the
where critical systems were involved, keeping best of OT. As the architectural framework of
off of networks was seen as the best security IIoT becomes more established, more locations
measure. Now, however, more organizations and applications will have access to data.
are looking to bridge the data gap, and 11% of Technologies that combine OT and IT are
the survey participants indicate that security available today, and integrators who use them
is important. in combination with the advancements to
IT has made considerable headway in Internet, wireless, and security technologies
regards to security. Well-established IT have a serious edge in their project
security practices include client authentication development. These solutions empower
and auditing. When sharing data with an integrators to tackle the challenges they face
organization, a client authentication and today, and prepare them for the challenges
auditing system should be implemented of tomorrow.
to manage all of the users. Through client
authentication and auditing, integrators can Technology report by Inductive Automation.
in d u s t r ial et h er ne t b o o k 11.2016
 Adapting machines to go global

Applications
with modern industrial networks
For machines to be ready to go global, there’s no one-size-fits-all solution but there are benefits of choosing
components that meet multiple industry network protocols. Understanding end project goals, available I/O
technology and deciphering which specific features are needed are key to achieving business objectives.

involved in this process, the machine builder

SOURCE: BELDEN
had a secondary goal to simplify their supply
chain and manage a smaller mix of suppliers.
Sourcing and stocking lots of product types –
from different I/O modules and programmable
logic controllers (PLCs), to varying connectors
(4-pole vs. 5-pole) – took up valuable time
and storage space, and strained the budget.
The team therefore needed to source and use
products that offered variety and flexibility so
they could do more with less.

Standard, simplified I/O solutions

To ship machines globally, one customer may need PROFINET components while another might require EtherNet/IP.
Multiprotocol I/O provides a way to meet both needs, since machine builders can change out each input/output (I/O)
module, and in some cases the connectors, to meet varying country-specific requirements.
THERE ARE MULTIPLE STANDARDS being used
in industrial applications today for teams
to understand and consider with PROFINET,
EtherNet/IP and the EtherCAT protocol now
available. It can be challenging, especially for
machine builders that work internationally,
to meet the expectations that come with
this new landscape. One customer may need
PROFINET components, while another might
require EtherNet/IP protocol standards. To
meet both needs, machine builders typically
change out each input/output (I/O) module,
and in some cases the connectors, to meet the
varying country-specific requirements.
Using multiple protocol standards
A machine builder for the packaging industry
had this exact problem, and to address it,
they set out to build a standard machine for
a global food and beverage manufacturer. The
customer needed to meet different, country-
specific Ethernet protocols for its plant
locations in Europe, which required PROFINET
PLCs, and South America, which relied on
EtherNet/IP protocol standards.
Rather than change out each I/O module
on the machines to meet the different
requirements, the goal of the project was to
find an easier and more cost-effective way
to meet the machine requirements for use
globally.
Simplifying complex supply chain
To procure the parts the team needed to do
the job, the machine builder bought and
stored countless product variants through a
wide and complex supply chain comprised of
many suppliers. Because of the complexity
To help the machine builder meet various
protocols with the same machine design,
the team explored using multiprotocol I/O
modules in its network infrastructure to
standardize programming bit-mapping and
speed up engineering times.
The team needed I/O modules that:
• Met multiple industry protocols for
global and regional use, including
PROFINET, EtherNet/IP and EtherCAT
• Allowed the use of current or old
machine designs, while offering the
ability for future upgrades
• Withstood harsh industrial environmental
conditions, such as vibration resistance
in robotic applications and high-
temperature wash-down procedures
• Bridge longer distances (longer than 10
meters) between field-level modules
• Enabled them to stock fewer product
types and variants and streamline their
suppliers
• Offered fast and easy installation
Multiprotocol modules are avaiilable for a range
of networks including PROFINET, EtherNet/IP and
EtherCAT.

1 1. 2016 i n d u str i a l e th e r n e t b o o k 37
 Today’s Machine Building Supply Chain multiprotocol solution. The machine builder
Applications

would no longer need to change the designs

when there were size differences. The team
could instead build a new machine and use
Customer A Customer B Customer C compact modules to connect to the bigger
modules on older machine designs with a
universal mounting clip. This made it possible
to meet the drilling hole dimensions of
older machine designs without needing to
completely re-design the new machine. They
PLC Supplier A would also be able to:
PN PLC • Simplify supplier orders: Fewer orders
overall and product ID numbers to
track for purchasing and procurement
Machine departments; pricing discounts from
PLC Supplier B ordering in bulk
EIP PLC • Streamline machine design, installation
and maintenance: Fewer parts to train
on, easier module replacements, less
downtime and greater overall cost
I/0 PN I/0 EIP I/0 ECAT PLC Supplier C savings and efficiency gains
ECAT PLC
• Reducing storage space: Fewer types
PN = PROFINET of devices to stock, less storage space
EIP = EtherNet/IP needed for spare parts
ECAT = EtherCAT The team ultimately sourced one multi-use,
multiprotocol product from a single supplier,
I/0 Supplier A I/0 Supplier B I/0 Supplier C which not only streamlined the supply chain,
but enabled them to use the same machine
Typical system configuration using multiple protocols.
design and parts to meet the Ethernet
protocols of any country or region.
Today’s Machine Building Supply Chain using Multiprotocol I/O
Key lessons learned
There are valuable lessons to take away from
this use case for other companies across
industrial verticals. First, when teams simplify
Customer A Customer B Customer C
internal and companywide processes, like the
supply chain, it can deliver tremendous value
for customers. The machine builder in this
scenario was able to do much more for his
client once the purchasing processes were
PLC Supplier A streamlined and they had more resources on
PN PLC which to depend. The benefits of this were
indirectly passed along to its client base.
From a communications and implementation
Machine perspective, using existing infrastructure in
PLC Supplier B network upgrades and making them seamless
EIP PLC for the customer is also a good reminder.
Technological hiccups or long implementation
processes can be a big turnoff, and these
situations are easily preventable by having
LioN-Power: I/O Multiprotocol
PLC Supplier C a strong network foundation in place and
ECAT PLC understanding which components can be
swapped out or upgraded to get the desired
PN = PROFINET
outcome.
EIP = EtherNet/IP
There’s no one-size-fits-all solution, but the
ECAT = EtherCAT
benefits of choosing components that meet
A multiprotocol solution can benefit machine builders and end customers by simplifying supplier orders. Fewer multiple industry protocols can get teams
orders overall and fewer product ID numbers are needed to track purchasing and procurement. Reducing storage pretty close. Success starts with understanding
space means less device types to stock, less storage space for spare parts needed. Simplifying machine design, the end goal of the project, the I/O technology
installation and maintenance creates fewer parts to train on, easier module replacements, less downtime, greater that is available, and then deciphering which
overall efficiency and cost savings. specific features are going to help the team
reach the unique business objectives.
The idea behind using multiprotocol I/O meet the needs of the end customer by using
modules to reach these goals was that the old machine designs, while still adhering to Paul Just is a global product line manager at
machine builder would be better able to multiple country-specific standards through a Belden.

38 in d u s t r ial et h er ne t b o o k 11.2016
 One panel PC coordinates 21

Technology
robots in manufacturing cell
The Panel PC handles also handles all robot-to-robot interference detection and OEE (Overall Equipment
Effectiveness) tracking, while managing overall fault detection and annunciation by acting as the HMI for the
machine, and integrating all safety aspects of the machinery.

SOURCE: SODECIA GTAC, CANADA

Robots play the main role in the highly automated assembly of BIW components. They weld the individual stampings and sub-assemblies to form the body.

WITH 32 MANUFACTURING FACILITIES around
the world, Sodecia, Portuguese supplier
to the automotive industry, maintains its
position as a leading solutions provider
and vehicle manufacturer. Based in London,
Ontario, Sodecia’s Global Tech & Automation
Center (GTAC) delivers highly automated
machine lines, on which the components are
manufactured and assembled.
PC-based controls
Sodecia GTAC uses PC-based control
technology in its assembly lines in order to
offer high quality while keeping cost under
control.
“Our current ‘bread and butter’ product
is our successful, turnkey robotic weld cell
solution,” said Brent Lekx-Toniolo, control
system concept developer, Sodecia GTAC.
“Our largest project to-date was completed
in spring 2015 and includes 21 KUKA robots
of various sizes (series KR 210, KR 30 and
KR 6), which are used in the assembly of
body frame and chassis segments (so-called
body in white, BIW), for welding, material
handling and sealant applications,” said Jon
Bysma, Controls Specialist, Sodecia GTAC. “To
begin, an assortment of small stampings are
welded robotically into sub-assemblies. They
are automatically unloaded and transferred
to subsequent stages, where the different
components are assembled to form the BIW.
From here the process splits into two
identical product pipelines – this split creates
redundancy and improves throughput. Various
sensors carry out comprehensive analysis,
for example, to ensure that all fasteners
are placed correctly on the assemblies, and
send the data to the controller. After further
assembly steps, the two pipelines merge back
into one, and the assemblies move on to a
final fixture.”
PC-based control throughout
Sodecia GTAC has been using the PC-based
controllers from Beckhoff for its BIW assembly
lines since 2008.
“To-date, Sodecia GTAC has built 49
manufacturing lines based on Beckhoff
PC-based control, ranging anywhere from
machines with a single robot to lines with
over 20 articulated robots,” said Bysma.
The currently realized welding cell with
21 robots uses a CP6202 Panel PC with
15-inch screen and Intel Celeron ULV
processor. The Panel PC also handles robot-
to-robot interference detection and OEE
(Overall Equipment Effectiveness) tracking,
while managing overall fault detection and
annunciation by acting as the HMI for the
machine, and integrating all safety aspects
of the machinery. The robots are controlled
by KR C4 controllers from KUKA.
“The TwinCAT development environment
and various software libraries reduced the
programming time for the robotic cells by
a wide margin,” said Rob Remillard, Lead
Controls Engineer, Sodecia GTAC. “In TwinCAT,
we can quickly develop sections of code in
any of the IEC 61131-3 languages and then
deploy them in several instances. With other
platforms this isn‘t so easy.”
Integrated safety solution
EtherCAT factors heavily in the application.
The fast communication system handles all
robotic communications, I/O, and the safety
functions via the TwinSAFE I/O terminals.

1 1. 2016 i n d u str i a l e th e r n e t b o o k 39
 SOURCE: SODECIA GTAC, CANADA
Applications
Technology
The assembly cell is controlled from a Beckhoff CP6202 Panel PC with 15-inch screen.
“A total of 228 safety devices are integrated
in this line via TwinSAFE,” said Calvin Wallace,
Regional Sales Manager, Beckhoff Canada.
“The modularity and scalability of this safety
concept is of great benefit for Sodecia GTAC,”
added Brent Lekx-Toniolo. “This way our
safety configuration doesn’t change much,
whether we design a machine with one robot
or a system with 21 robots as in this case. We
simply remove sections we don’t need from
the pre-built framework, but the underlying
functionality remains the same.”
Sodecia even uses the TwinSAFE technology
for robot programming. “During teaching and
program verification procedures, TwinSAFE
handles robot-to-robot lockout,” Bysma said.
“If a robot tech is teaching a robot, all other
robots that could move into that operating
space are locked out by means of an e-stop
signal loss to the other robots. The enabling
switches are all monitored in TwinSAFE.”
Each major automated component in
the Sodecia GTAC robotic assembly line is
connected to an EL6900 TwinSAFE logic
terminal and a series of EL1904 and EL2904
digital inputs and outputs to handle the
processing of the safety I/O, as well as
communication with other safety equipment.
40
The EL6900 serves as master for the safe
communication and evaluates the data of the
safe I/Os. The integrated safety functions
include e-stops, machine monitoring, “AND”
and “OR” functions and decouplers. The
TwinSAFE option card integrated in the AX5103
EtherCAT Servo Drives features motion safety
functions such as STO (Safe Torque Off) and
SS2 (Safe Stop 2) to ensure safe operation of
the welding equipment. Additional safety is
offered by a two-hand function for machine
initiation.
EtherCAT Box modules
In addition to the IP 20-rated EtherCAT
Terminals, machine-mountable EtherCAT
Box I/O modules in IP 67 protection are
also used throughout the assembly line. The
EP1908 TwinSAFE Box, for example, provides
additional safety connectivity to switch plates
at each safety gate entrance. Various EtherCAT
Box modules are also used in non-safety
technology settings, connecting to sensors,
cylinders, air pressure switches, solenoid
valves, as well as measuring devices.
“Benefits from the IP 67 Box modules
include reduced cabinet requirements,
easier mounting and wiring efforts, as well
in d u s t r ial et h er ne t b o o k
as exceptional physical durability,” Toniolo
added. Also, the communication status on
EtherCAT Box modules is easy to diagnose in
the field, as all signal status indicators are
highly visible.
Optimum diagnostic functionality
“EtherCAT also enabled us to implement all
relevant diagnostic functions,” explained
Toniolo. “For just one example, we’ve used this
information to localize cable breakage right
down to the exact cable in the line, resulting
in indicators that blink on the HMI.”
Similarly, TwinSAFE offers an abundance of
diagnostic information, which we‘ve utilized
in the project. Thanks to the openness and
compatibility of EtherCAT, we can easily
integrate and monitor EtherCAT slaves from
other manufacturers with identical diagnostic
functions. He said that the system has only
just scratched the surface of its potential
diagnostics, so the possibilities for building
on in the future are vast.
High system throughput
While never welcome in any manufacturing
environment, unscheduled downtime in the
automotive industry is cost-intensive.
“The new PC-controlled manufacturing line
has achieved an average cycle time of just
under 50 seconds and can produce 72 complex
parts per hour and up to 355,000 parts per
year,” Toniolo explained. As a result of the
functionality inherent in PC-based control and
EtherCAT, Sodecia GTAC has also been able to
reduce time to market significantly.
“Based on a conventional controller, PLC
configuration and programming of a system
with one or two robots would normally
take up to two months. Through the use of
TwinCAT, this timeframe has been slashed
down to two weeks, and the commissioning
time for the control has also been cut by at
least 50 percent: “In the current project with
21 robots, it took around two months from
setting up the production lines, teach-in of
the robots and the PLC programming, right
up to commissioning and production of the
first trial parts for the end customer,” Lekx-
Toniolo said.
“As a strong sign of continuity and
reliability, Sodecia has been using the same
CP6202 Panel PC type since 2008,” Toniolo
said. “It is robust and offers excellent value
for money.” Sodecia GTAC will standardize on
a new multi-touch Panel PC to incorporate
enhanced HMI technologies and functionality
in its assembly lines. “Also, we will evolve
our control programming to utilize TwinCAT
3 so we can better harness the convergence
of automation technology and information
technology.”
Shane Novacek, Marketing Communications
Manager North America, Beckhoff Automation.
11.2016
 Virtual private network

Technology
for secure remote access
With PLCs and machine controllers providing Ethernet ports that support TCP/IP, it is very easy to access
these devices remotely. Virtual Private Network (VPN) connections assure the secure transfer of data from
one network or device, to another network or device over shared or public networks like the Internet.

USING REMOTE ACCESS THROUGH A VPN, both

the machine builder and the end user can
enjoy big benefits. The machine builder can
quickly diagnose problems on the machine,
even before they happen. He can inform the
end user to take preventive actions or help
solve issues by providing remote assistance.
And the end user can also benefit from remote
access, as the machine is easily accessible and
can provide real time production information.
The way Virtual Private Networks function is
by using any IP-type communication, and even
communicating to devices that do not have
an Ethernet connection like a serial device by
using IP-to-Serial conversion. There is almost
no limit to the type of communication, and
the possibilities are endless. Having remote
access to a machine is almost the same as
standing next to it, although the user is still
at a remote location.
Virtual Private Networks
A VPN can be used to establish a connection
between two sites. The connection is secured
by username and password, and the data
transferred is encrypted. This makes it unlikely
that outsiders can interfere with the operation
of the machine or access production data. A
VPN connection is also called a VPN tunnel
because what goes in one side comes out at
the other side without any changes.
To establish a connection between different
sites, various standard products are available.
In this article, an overview is given of the
products and technologies that can be used,
the principle of operation and an explanation
of terminology.
Modern machine control systems can
provide a wealth of information about the
process they are controlling. This can be
production data, as well as data indicating
the electrical and mechanical health of
the machine. For instance, the machine
controller can be registering and reporting
the power consumption of a drive. During the
design of the machine, the load of a drive is
calculated and a threshold is defined during
commissioning. The machine controller can
then monitor the current consumption of
the drive against the threshold, and trigger
an alarm when the current exceeds the
threshold. An additional threshold could be
set for a pre-alarm, warning that inspection
VPN establishes a connection between two sites, secured by username/password. Data transfer is encrypted.
or maintenance must be planned for the drive.
This information is of importance to the
user of the machine in order to prevent
unintended production stops. In the case
where the machine manufacturer has a
maintenance contract with his end-user to
maintain the machine and prevent production
loss caused by standstill, a pre-alarm can
prevent costly repairs.
Monitoring machine response times
or vibrations can help to detect wear of
mechanical parts. This can trigger the
machine builder to pre-emptively send spare
parts to the end-user site, so the worn
parts can be replaced at the next scheduled
maintenance stop. In the end, the end-user
will benefit from a reduction in breakdowns
and emergency repairs.
Ways of access
With the current communication technologies
there are many possibilities to create a
connection to the machine. To name a few:
• Wireless connection through a UMTS or
GPRS connection.
• The machine plugs into the local factory
network.
• There is a direct connection to the
Internet by means of an ADSL, cable,
fiber or similar connection.
Whichever connection type is used, data
SOURCE: OMRON
can be directly transferred between the
machine and the machine builder’s office
independent of the connection between the
two. Router devices can be used to connect a
local network into a bigger network which can
be the Internet or a factory network.
Remote access through VPN
The general technology used for remote access
is called Virtual Private Network (VPN). This
is a connection between two devices where
they start a connection by first finding each
other, then authenticating and negotiating an
encryption. When the connection is active,
the two devices can transfer data in a safe
way and are protected against intruders. From
the user’s point of view, it is just like he is
sitting next to the machine. However that
machine can physically be on the other side
of the world.
Imagine such a device having a WAN (Wide
Area Network) port to connect to a bigger
network or the Internet and a couple of LAN
(Local Area Network) ports to create a local
network. Through the routing capabilities of
the devices, the two distant LAN networks are
connected to each other and act as one. A
device connected to the LAN side of the router
can reach other devices on the other side’s
LAN. This is very convenient as a machine
controller on one side can directly be accessed

1 1. 2016 i n d u str i a l e th e r n e t b o o k 41
 from the other side. Instead an

SOURCE: OMRON
endpoint (router) being a box
Technology

with WAN and LAN ports, it could

also be a PC that connects to the
other network.

Security
Sending data over the Internet or
other networks implies a security
risk. Of course, it is a must to
prevent that somebody can
intercept the data send across
the network and start tampering
with the system. VPN creates a With the current types of communication technologies, there are many possibilities to create a connection to the machine.
secure tunnel and is secure in
the sense that there is authentication of client and connect to the server at the VPN connection. The other VLAN (WAN) is part
when the connection is opened, and that the office of the machine builder. The machine of the factory network and gets its IP-address
data transferred is encrypted. builder may have all of its machines online. and other settings from a DHCP server on the
The authentication can be based on Machines can then report their status directly network. For the factory network, this machine
username/password, pre-shared keys and and continuously, and the machine builder is represented as a single device with only one
certificates or a combination of the three. has the opportunity to react immediately on IP-address.
Often a username plus a certificate is used events, like when there are problems, but also Routing: A router forwards messages from
and encryption can be from a simple to a very to plan scheduled maintenance and/or send one VLAN to another depending on the
high level. Keep in mind that encrypting and consumables on information the machine destination address. It also stops broadcasts
decrypting data takes time. The higher the provides. and multicast message on the factory network
encryption, the more time it takes to prepare entering the local machine network.
the data, and thus a slower transfer time. Solution Details Firewall: When there is an attack from the
An option when a high level of encryption is In a network setup, there are often products factory network, this is stopped by the firewall.
used could be using a device that has enough from different manufacturers used. But these It is also possible to open up the firewall for
processing power to do the encryption/ devices must understand each other and certain types of messages. But this is totally
decryption quickly. Faster devices have often a standardization of protocols is a need. With VPN application specific.
higher price. There is no golden rule to decide technology, there is a lot of standardization DHCP server: This is used to assign
which encryption level to use. It depends on but there is not one VPN standard. Two IP-addresses to devices on the local network
the level of security and communication speed mainstream options are IPsec and OpenVPN and is normally controlling devices have fixed
needed. (also known as SSL) and these two standards IP-addresses. But it could be that a service
made their way to commonly available engineer connects his laptop to this local
Type of data transferred products and services. With commercial-off- network, and then it is convenient that he
In principal, any type of IP-data can be sent the-shelf (COTS) products, anybody can set up gets the correct IP-address assigned.
across the VPN connection. But some practical their own VPN infrastructure. As the machine is part of the factory’s bigger
examples are: network, it cannot be accessed from outside
• Alarms and warnings from machine to VPN use case walkthrough the factory. The factory router that connects
OEM. With the example of a machine controller to the Internet has a firewall and will block
• Bidirectional communication between connecting to the office network of a machine off all incoming traffic. Therefore the router
remote-SCADA or HMI and the machine. builder, standard components can be used to in the machine needs to be the initiator of the
• Recipe or production information to set up a VPN tunnel between the two sites. VPN connection. To let the VPN connection be
and from a remote database server (for In the machine builder’s office, a VPN server established successfully the VPN initiator (the
example, Oracle or Microsoft). can use a network to connect to a machine router in the machine) must have some of the
• New control programs uploaded to the installed in a factory at a distant location (VPN following set up.
machine to deploy modifications or client). The machine’s network is connected Time synchronization: In the negotiation
upgrades. via the VPN tunnel to the machine builders’ and encryption process also the date and
• Status monitoring to assist in fault office network, so there is instant access to time is used. Both the initiator and responder
finding when there is malfunction in the the machine. must have the same time and date. The exact
machine. Could be as simple as checking The machine is hooked up to a bigger factory date and time can be derived from so-called
if a sensor signal is active and learn that network that has an Internet connection timeservers (NTP-servers). A timeserver can be
the sensor needs to be re-aligned. available. The router in the machine is on the Internet or on the factory network.
configured to create a local network LAN in With a timeserver, the date and time is
Client/server, initiator/responder the machine itself and connect one of its automatically set and adjusted regularly.
There is a distinct role for each device in ports (WAN) over the Internet out to the office Domain Name Server: For the VPN initiator
the setup of the VPN connection. One of the network. These local services are: to get to the VPN responder, it needs to know
devices acts as the initiator or client of the VLAN, (Virtual Local Area Network): This is its address on the Internet. However fixed
connection, and the other is the responder used to divide the router’s Ethernet ports into IP-addresses on the Internet are scarce and
or server. The server is waiting for a client to two separate networks. Traffic cannot move quite costly and it is easier to have a domain
connect. As a server, it is not only servicing from one network to the other and vice versa. name and a DNS server to resolve the domain
one but multiple clients. One VLAN (the local network) has its own to an IP-address. The router knows only the
The routers in machines have the role IP-address range, and is one end-point of the name (office.machinebuilder.com) but by

42 in d u s t r ial et h er ne t b o o k 11.2016

At left is the machine builder’s office (VPN server). On the right is the machine network installed in a factory at a
distant location (VPN client). The office network is connected via the VPN tunnel for instant access to the machine.
requesting a DNS server, since the IP-address
is linked to this name, the responder can be
reached. And it doesn’t matter how often the
IP-address of the responder changes. It is
always reachable through its name.
On the responder, the following must be
set:
• As with the VPN initiator time must also
be set correctly in the responder. It can
use the same timeserver as the initiator.
• As the VPN initiator is searching for
the VPN responder per name, the router
must announce his name and IP address
regularly at a DNS-server on the Internet.
This DNS service is called Dynamic DNS.
There are a couple of companies that
offer this service like DYNDNS.
• VPN connection settings of the initiator
must be registered at the responder.
If there is a connection request coming in,
its credentials will be checked and if correct
the connection is accepted and the tunnel is
up. The machine’s network is now connected to
the office network and data can be exchanged
between them directly. For direct wireless or
wired connections, the connection method is
a little simpler but still largely the same.
Connection technology
When creating a VPN tunnel, a connection
must be established from the client to the
server. In many cases, this connection is
over the Internet. There are several ways to
connect to the Internet depending on what
is available at a location. In general there
are three variants: wired or wireless, directly
connected or via a bigger local network.
Wireless
There are locations where only wireless access
is possible, for instance on a remote site
where there is no ADSL or cable connection.
However, if there is a mobile network with
data communication available, accessing
this mobile network requires a subscription
1 1. 2016 i n d u str i a l e th e r n e t b o o k
at a service provider and a SIM-card.
There are different types of wireless data
communication but the most commonly known
are GPRS and UMTS. GPRS is older and a lower
performance technology than UMTS. UMTS has
communication speeds well into the Megabit
per second range. GPRS throughput is limited
to a couple of hundred kilobits per second.
To ensure that data communication is
always possible, GPRS functions as a fallback
when it is not possible to establish a UMTS
link. For both UMTS and GPRS, the cost of the
connection is based on the amount of data
transferred, not on connection time. Therefore
the connection can be up and running all the
time.
Wired, directly connected to the Internet. The
machine’s router can be connected directly to
the Internet. This connection is an ADSL, cable
or fiber connection. A local service provider
installs the connection and the Internet is
directly accessible from the machine.
Wired, connected to a bigger local network.
The router in the machine is connected to a
larger local (Factory) network. From within this
larger network, a connection can be made to
the Internet. The router in the machine must
know how to route out onto the Internet. But
normally these routing settings are available
from a DHCP server on the larger network. All
the above-mentioned connection types feature
that they are up and running all the time, so
there is instance access from one side to the
other.
Routing: An essential part in VPNs is the
routing. For a device on one network to reach
a device on the other side, there shouldn’t be
too many hurdles in setting up the connection
at the device. For the device it is only
important to know to which router address a
message should be sent when it is not on the
local network. It is then up to the router to
handle the rest of the communication.
When a message arrives at the router, it
needs to forward it to a known address. If
SOURCE: OMRON
Technology
the router is in a larger network, it will send
the message to another router. The message is
forwarded until it goes out on the Internet or
an addressed device on the bigger network is
reached. In the case of a direct connection to
the Internet (wired or wireless), the Internet
will take care of getting the message to the
addressee. When the Router is VPN capable and
the tunnel is up then the message is forwarded
over this tunnel and ends up at the other side.
VPN technology
There are many implementations of VPN.
But the two currently in use and proven to
be reliable and safe are IPsec and OpenVPN
(or SSL). Both make use of the same kind of
technologies for compression and encryption.
One difference is that IPsec uses a kind of
username/password for authentication, while
OpenVPN uses certificates that need to be
generated at the server. Also OpenVPN uses
the same method of communication (https://)
that secure websites use. This makes it easier
to let OpenVPN traffic pass firewalls in routers,
as the firewalls judge this traffic to be regular
web-traffic.
Summary
A Virtual Private Network is a secured
connection between two devices/routers/
networks. The connection can be established
over local and public networks. Security is
by authentication and encryption. There
are clients and servers, or initiators and
responders. The clients initiate the connection
to the server and the server can accept
connections from multiple clients. The VPN
connection between the client and the server
is a transparent link between the two. Any
type of data can be sent. And it doesn’t matter
on which side of the VPN connection you are,
and how far apart the two networks are.
René Heijma, European Product Specialist for
OMRON.
43
 Digital wiring devices using
Applications
Technology

Node-RED development tools

The open-source Node-RED development environment is a tool for digitally wiring hardware devices, API
and online services in new and interesting ways. It offers engineers an easy way to connect edge computing
systems to cloud services such as Amazon Web Services IoT, IBM Watson IoT and Microsoft Azure.

WE’RE ALL AWARE OF THE OPPORTUNITIES

the Industrial Internet of Things is poised to
deliver, using Big Data generated by billions
of things to solve problems before they occur,
increasing operator situational awareness on
the plant floor with mobility, and identifying
business opportunities. But developing a
successful IIoT application requires leveraging
completely different technology disciplines
that for the most part were never designed to
work with one another: OT and IT.
To increase the enterprise’s competitive
advantage, operations and information
technology professionals must converge and
create new applications that access, share and
analyze business information by leveraging
new tools like artificial intelligence, machine
learning, and predictive analytics. Building
applications that connect information from OT
devices and data stores to IT resources and
systems has traditionally been difficult. The
two groups use entirely different application
development tools tailored for their specific
disciplines. Enter Node-RED, an open-source
development environment invented by Nick
O’Leary and Dave Conway-Jones of IBM
Emerging Technology Services. Node-RED is
part of the newly launched JS Foundation, and
recently became a Linux Foundation Project.
Node-RED for IIoT
Node-RED is a tool for digitally wiring together
hardware devices, APIs (application program
interfaces), and online services in new and
interesting ways. Node-RED provides engineers
with an easy way to connect edge computing
systems such as automation controllers to
cloud services such as Amazon Web Services
(AWS) IoT, IBM Watson IoT, and Microsoft
Azure. Node-RED is an open-source technology
available on GitHub.com and npmjs.org.
The development environment can run on
almost any platform from OS X, Microsoft
Windows, Linux, and Raspberry Pi to cloud
offerings like IBM Bluemix and AT&T Flow. This
extends to industrial products like hardened
IIoT application development platforms with
built-in industrial protocol support like the
groov Box appliance from Opto 22.
Lowering the technical bar
The Node-RED development environment offers
a gradual and easily approachable learning
VPN establishes a connection between two sites, secured by username/password. Data transfer is encrypted.
curve for users of all levels and requires few
or no programming skills. Instead, Node-RED
takes advantage of pre-programmed, reusable
code blocks called nodes. These nodes make
IIoT application development simpler, easier
to repeat, and faster to scale. Built on the
popular Node.js JavaScript runtime, Node-RED
benefits from a large Node-RED library that
contains over 600 prebuilt and ready-to-deploy
nodes, allowing IIoT application developers to
leverage existing software code and deploy it
directly into their applications.
The development environment is any
standard web browser, and it uses a drag-
and-drop interface. The simplicity of Node-RED
allows IIoT application developers to focus on
identifying an opportunity and developing a
solution, rather than building the components
of an application from scratch. If you want
to create an application to poll data from a
Modbus/TCP slave, log that data to an SQL
database, and move it into a machine-learning
program like IBM’s Watson, there are nodes
for all of those functions already developed
and ready to deploy without having to write,
debug, or support software code. Drag, drop,
wire together, deploy. It’s that easy.
Advanced JavaScript functions can also be
created within the editor using a Function
node. A built-in library saves useful functions,
templates, or node flows for re-use. Flows
created in Node-RED are stored using the
widely known JSON format, which can be
easily imported and exported for sharing with
SOURCE: OPTO 22
other developers and applications, promoting
the idea of social application development.
Rapid IIoT application prototyping
Linking technology assets and services together
to build IIoT applications often requires layers
of complex software development and long
development cycles that quickly erode IIoT
application ROI. Node-RED’s existing pool of
code blocks enables nearly anyone to rapidly
prototype and develop IIoT applications to
connect data streams from industrial assets to
IT assets, bridging the gap between the worlds
of physical equipment and digital computing
systems. Developers can even prototype
applications on low-cost maker boards such
as Raspberry Pi and then seamlessly deploy
them to an industrial-grade suite of products.
OT and IT began to converge many years
ago with the rollout of Ethernet and TCP/IP
on the plant floor. Suddenly systems became
much easier to connect together. Productivity
in the factory and on the plant floor improved
and support costs were lowered, all because
devices began using the same protocols
across the same type of media—TCP/IP and
Ethernet. OT/IT convergence is continuing up
the technology ladder, and the next rung is
software. Node-RED is poised to be a major
contender for standardized IIoT software
application development.
Matt Newton is Director of Technical Marketing
for Opto 22.

44 in d u s t r ial et h er ne t b o o k 11.2016
Industrial managed switches
WAGO: New 852 Series switches are individually
configurable and offer reliable networking of all
ETHERNET nodes to ensure continuous access to
machines and systems.
Rapid Spanning Tree, Dual Homing, Dual
Ring, Jet Ring, ERPS v1/v2 and its fast Xpress
Ring protocols enable the creation of redundant
network structures with short recovery times
of less than 50 ms. This guarantees secure
communication, even when connections are
faulty. Every switch also features a redundant
power supply for uninterruptible data
communication (transmission rate up to 1
GBit/s). This value-add feature contributes to
secure operation of machines and systems on
board ships.
The switches also support up-to-date
security functions, such as Mac Limitation, Port
Security, and authentication per IEEE 802.1x.
IGMP Snooping, broadcast and bandwidth
limitation enable additional data flow control.
The advanced security functions support these
next-generation switches in protecting your
systems against cyberattacks and accidents that
can adversely impact people, machinery and the
environment.
Node-RED on groov box
Opto 22: The Node-RED development
environment is now available for running on
the groov Box industrial appliance, significantly
decreasing IIoT application development time
and complexity. Node-RED makes it easier to
prototype, develop and deploy applications for
connecting physical assets to cloud applications
and IT systems.
With the addition of Node-RED, groov
1 1. 2016 i n d u str i a l e th e r n e t b o o k
provides an efficient toolset for IIoT application
developers and fuses together an industrially
rugged hardware platform, data visualization
for mobile and web clients, robust industrial
automation protocol support including Modbus/
TCP and OPC UA, and advanced data flow
processing. Add these to an ability to connect
multiple data sources including devices,
databases, and third-party APIs (application
program interfaces), and groov becomes a
cohesive platform for IIoT or edge computing
applications.
OPC UA user role system
B&R Industrial Automation: A new user role
system that is part of the Automation Studio
software development environment simplifies
management of OPC UA access rights. This
feature prevents unauthorized users from
accessing an OPC UA system, modifying data or
performing certain actions.
Any number of roles can be defined, which
can then be assigned individual access rights
for each node. Typical access rights include
reading, writing or browsing. It is even possible
to completely hide a node so that it is invisible
to members of a specific role group. To make
configuration even easier, the rights of a parent
node can be inherited by its children.
A user is assigned one or more roles, with
additional protection provided by an encrypted
password. The user role system can also be
updated during operation. This includes, for
example, assigning a username and password
to a new system operator. These functions are
available directly in the application program on
the controller using function blocks.
In order to ensure secure and trusted data
exchange, digital certificates in accordance
with the X.509 standard can be used in the
OPC UA system. The Transport Layer Security
(TLS) subsystem in Automation Studio and
Automation Runtime support the management
of these certificates. Certificates can be
displayed, created and transferred to the
certificate store on the OPC UA server.
Ethernet Plus (PoE+) gigabit
Red Lion Controls: Three new additions have
been added to its N-Tron series of industrial
Power over Ethernet Plus (PoE+) Gigabit
products: NT24k-16TX-POE, 1008TX-POE+ and
1000-POE4+.
These new POE+ switches and injectors
complement Red Lion’s industrial networking
Product News
portfolio to offer customers additional PoE
options that drive operational efficiencies while
addressing industry demands.
The NT24k-16TX-POE is Layer 2
managed Gigabit switch that provides 16
10/100/1000BaseT(X) RJ45 ports. Advanced
PoE management allows quick and easy
allocation of the switch’s 240 Watt PoE power
budget to any of its 16 ports (up to 30 Watts
per port). Additional comprehensive features
include auto IGMP configuration, N-Link and
N-Ring technology, RSTP, N-View monitoring,
CIP messaging, SNTP, IEEE802.1x and Radius
remote server authentication.
The 1008TX-POE+ is an industrial
unmanaged Gigabit switch that provides 8
10/100/1000BaseT(X) RJ45 ports, including
4 PoE+ capable ports (up to 30 Watts each),
jumbo frame support and LED link/activity and
PoE status indication.
The 1000-POE4+ is an 8-port Gigabit
mid-span PoE+ injector that provides 4
10/100/1000BaseT(X) RJ45 ports (data in) and
4 10/100/1000BaseT(X) RJ45 PoE+ ports (data
and power out) that support 30 Watts per port.
CAN-to-Ethernet gateway
HMS Industrial Networks: The new IXXAT CAN@
net NT 200 is a CAN-to-Ethernet gateway which
allows users to connect CAN and Ethernet. CAN@
net NT can be used as CAN-Ethernet-CAN bridge
and as CAN-to-Ethernet gateway. Equipped with
two CAN interfaces, it supports an even wider
range of use cases compared to the well-known
CAN@net II.
A key feature of CAN@net NT especially
useful in building automation is an ability to
separate CAN networks that are distributed
over large areas. CAN@net NT couples the
CAN networks via a backbone Ethernet system,
allowing existing infrastructures to be used.
This segmentation also increases the reliability
and stability of the overall system.
Designed for harsh environments, another
common application for CAN@net NT is remote
access to CAN networks via Ethernet, in wind
power plants or the manufacturing sector.
45
 IoT development kits
Product News
Eurotech: A series of new IoT development kits
based on the ReliaGATE family of IoT gateways is
targeted for use in industrial and lightly rugged
applications.
The kits provide a design environment
allowing engineers to significantly simplify
the development process and reduce Time-
to-Market. Depending on the intended IoT
application final solution, a developer or
solution architect can choose between different
hardware platforms, ranging from small
low-power ARM-based designs to powerful
multi-core, latest-generation Intel Atom
gateway platforms, each featuring an excellent
price / performance ratio in their respective
classes.
In addition to the already available i.MX6
based ReliaGATE 10-20, the ReliaGATE
development kits has added with the following
models:
ReliaGATE 10-05 is an ARM (NXP i.MX285)
powered, very compact and efficient
customizable IoT gateway for industrial
applications at less than 2W.
ReliaGATE 10-11 is an ARM (TI AM335X
Cortex-A8) powered, compact and customizable
low power IoT gateway suitable for intensive
workloads in industrial, lightly rugged and
automotive applications.
ReliaGATE 20-25 is an Intel Atom (E38xx)
powered, high-performance, and customizable
IoT gateway for industrial and lightly rugged
applications.
Profibus device integration
FDT Group: In support of FDT technology, the
certification of the first Device Type Managers
(DTMs) compliant with the FDT 2.0 specification
have been announced. FDT is a widely adopted
standard for industrial device integration.
FDT Technology can be used to integrate
any device, system or network in today’s
complex industrial automation architecture. A
46
Distributed Control System (DCS), Programmable
Logic Controller (PLC), asset management
application or other solution enabled with
an FDT/FRAME seamlessly employs DTMs as
software drivers for intelligent devices supplied
by instrument manufacturers. A Communication
DTM (CommDTM) is the first DTM to be activated
upon communication setup in an FDT/FRAME
system. It standardizes the communication
channel to the corresponding communication
operations of the mapped network protocol.
A Generic DTM has the ability to universally
represent all devices with compliant parameters
of a specific protocol, creating simplicity in the
architecture employed by a single DTM within
the FDT/FRAME system.
Gateway bridge
Hilscher: A new gateway easily interconnects
any two real-time Ethernet networks. The netTAP
151 is a four-port device that exchanges I/O data
between different industrial Ethernet networks
by acting as a protocol converter. Supported
protocols include EtherCAT, EtherNet/IP,
Ethernet POWERLINK, PROFINET and SERCOS.
Because the netTAP 151 is integrated as a
simple I/O device into the primary network, it
is compatible with any PLC. On the secondary
side it works either as an I/O device, or it can
control a subordinate network as a bus master.
The length of the I/O data can be scaled to any
application and the data transmitted can be
mapped at the byte level.
Secure network separation is provided by
two Ethernet controllers in the netTAP 151,
each connected to a dual Ethernet port with
integrated switch. This allows support for star,
ring and inline network topologies without the
need for additional peripherals. Both controllers
handle the protocols independent from each
other and exchange only the I/O data across
a data buffer. An overall data processing time
lower than 10 milliseconds is achieved.
Remote monitoring antennas
Laird: An industry release of four new IP67
rated Yagi antennas increases reliability of M2M
wireless remote monitoring in extremely harsh
operating environments.
in d u s t r ial et h er ne t b o o k
Progressive utilities, oil and gas companies,
water districts and others use wireless remote
monitoring to instantly transmit information
and monitor Remote Terminal Units (RTUs) to
and from a centralized location. Eliminating
travel expenses and personnel resources
dedicated to physically obtain routine
operational and diagnostic data at remote sites
can significantly reduce labor cost and improve
operational efficiency and safety.
Although these M2M solutions have been in
operation for years, ensuring maximum online/
uptime for these RTU’s in extremely harsh
environments continues to be a major challenge.
NEMA (National Electrical Manufacturers
Association) rated RTU enclosures have
historically been installed to provide protection
against windblown dust and rain, splashing
water, and hose-directed water. Until now
compatible fully compliant IP67 rated Yagi
antennas were not available in the marketplace.
Pre-configured micro data centers
Panduit Corp: Pre-configured and factory
assembled micro data centers (MDC) include all
connectivity and cable management components
necessary to enable rapid installation of switch,
server, and storage devices. Available in 24 RU
and 42 RU cabinet configurations and offering
enough room for growth without increasing
the control room footprint, the MDC allows for
installation of standard 29-inch (737mm) depth
equipment.
Each MDC incorporates casters to simplify
deployment and is easily expanded by
purchasing add-on kits from Panduit. All
metal elements within the cabinet are single-
point bonded to ensure effective equipment
grounding. A dynamic rated MDC is available
to support IT equipment under typical shipping
conditions.
11.2016
DIN-rail mountable platform
Moxa: The new MC-1100 DIN-rail mountable
computing platform is designed to meet
the critical challenges of various industrial
automation applications in harsh indoor and
outdoor environments.
The advanced thermal design of the MC-1100
ensures reliable system operation in extreme
temperatures ranging from -40 to 70°C without
the use of a fan. In addition, the MC-1100
complies with DNV, IEC 60945, ATEX, and IECEx
Zone 2 standards, which makes it ideal for
deployment in heavy-industry, oil and gas, and
marine applications.
Featuring a power-efficient Intel® Atom™
E3800 series processor and a variety of I/O
connectivity options, including 4 Gigabit
Ethernet ports, 2 serial ports, 1 VGA port, 1
DisplayPort, and dual storage, the MC-1100
series is built to provide outstanding
performance while enabling a new level of
versatility and control in industrial automation
applications. The MC-1100 also offers a Mini
PCIe socket that supports a variety of wireless
options, including Wi-Fi and 3G/4G LTE.
In order to maximize system uptime, the
MC-1100 supports Moxa’s Proactive Monitoring
and Smart Recovery software tools to help
businesses continuously monitor the status
of their computers and take predictive
maintenance measures.
IO-Link master
Rockwell Automation: The machine mountable,
IP67-rated, Allen-Bradley ArmorBlock IO-Link
master builds on the company’s IO-Link
portfolio with event and process timestamping
capabilities for on-machine applications.
1 1. 2016 i n d u str i a l e th e r n e t b o o k
The new IO-Link master supports up to eight
IO-Link devices, and is based on the IO-Link
specification V1.1. It is capable of storing up
to 40 timestamps of sensor events on each
channel. This event history can help users track
changes and more easily diagnose issues. Input
timestamps of all sensor data also can be sent to
the controller upon a change of state. These and
other diagnostics available through the module
can reduce issue-resolution time by as much as
90 percent, improve preventive maintenance
and optimize overall system performance.
While the new ArmorBlock IO-Link master is
ruggedized for use in harsh applications, the
Rockwell Automation portfolio also includes
an in-cabinet solution for use in decentralized
control boxes. The on-machine option allows you
to mount the module right next to the sensors,
minimizing the number of components in the
cabinet, reducing wiring time and resulting in
increased uptime and lower costs.
Secure Link to IoT clouds
Softing: The dataFEED OPC Suite is a secure IoT
cloud data application that can now be easily
implemented. A new MQTT Connector enables
the integration of automation devices via MQTT
Publisher functionality in IoT cloud applications,
e.g. IBM Bluemix Cloud. Highest security
during transmission is guaranteed through the
encryption of the data using SSL/TLS.
Softing‘s dataFEED OPC Suite combines OPC
Server and OPC Middleware functionality into
one compact software solution. The integrated
MQTT gateway allows easy integration of legacy
and new controllers into IoT solutions. It is also
possible to integrate components without MQTT
support such as, for example, Siemens, B&R and
Rockwell controllers.
Its user interface with intelligent, common
sense default settings and intuitive user
guidance is designed to make it easy for plant
manufacturers and maintenance engineers to
quickly configure their IoT communication.
The modular design of the suite offers the user
the greatest possible flexibility since only the
required functionality has to be licensed.
RFID RF-R300
HARTING: A software virtualisation concept has
been derived from the company’s MICA open
modular platform.
With its modular software design, the new
UHF RFID reader, although equipped with
extremely robust hardware and standardised
software interfaces, is designed for tailored
customer solutions.
Product
Industry News
Standards are an important basis for
meeting increasingly complex requirements.
This naturally relates to both the software
and hardware in industrial components – OPC
UA as communications interface being just
one example. Device software also has to be
subjected to reliable testing, making individual
changes especially for small volumes costly or
impossible.
Additional functions such as project-
specific direction recognition algorithms
and individual decisions based on additional
information from the ETB sensor transponder
etc. can be added later in an extra software
container. This does not limit the system
integrator to specific programming languages:
C, Python, C++, Java – anything supported by
LINUX can be used.
Measurement technology modules
Beckhoff: Ultra-precise, fast and robust
measurement technology modules are becoming
an integrated part of PC-based control solutions.
New EtherCAT measurement technology modules
can be directly integrated into the modular
EtherCAT communication system and combined
with the extensive portfolio of more than 500
other EtherCAT Terminals. New metal housings
optimise shielding and cooling in measurement
technology applications.
At the same time, the durable housings
provide enhanced flexibility at the interface
level, such as for LEMO or BNC plug connectors
or for the established cage clamps as a quickly
customisable standard solution. Measurement
accuracy of 100 ppm at 23 °C, precise
synchronisation of < 1 μs, and the high sampling
rate of up to 50,000 samples per second
guarantee high-quality data acquisition.
High-precision measurement reduces the use
of raw materials and energy in machines and
plants while forming the basis for condition
monitoring and predictive maintenance.
47
 Pump control via multi Ethernet
Product News
Bosch-Rexroth: With the appropriate pressure
and flow rate adjustment for hydraulic pumps,
Rexroth improves the control quality and
energy efficiency of fluid technology. The
control cabinet-based Hydraulic Pump Control
(HPC) control electronics and SY(H)DFED fully
integrated into the valve fit into a wide rage
of automation structures through a multi
Ethernet interface. The IndraWorks trans-
technology engineering environment simplifies
commissioning with software assistants and
predefined technology functions.
System and machine manufacturers achieve
noticeably improved dynamics and precision
in the motion sequences for hydraulic
systems through digitally regulated variable
displacement pumps. The newly developed
motion controls cover a variety of applications
with similar functions. With the intelligent
controllers, machine manufacturers can, in
many cases, also reduce the installed power
and the load peaks in power consumption. The
average power consumption is reduced through
appropriate swivel angle and pressure controls.
With switchable multi Ethernet interfaces for
sercos, EtherNet/IP, PROFINET RT, EtherCAT,
Varan, POWERLINK and optionally for Profibus
for the HPC, the controllers fit, future-proof,
into a wide range of automation structures.
Entry-Level Controller
OMRON Corporation: The NX1P comes equipped
with the built-in EtherCAT port and controls up
to eight servo systems. Motion control for up to
four synchronized axes increases machine speed
and precision.
Electronic cam for continuous and high-speed
machine operation and interpolation for
precise machining improve productivity and
manufacturing quality.
Data can be collected from devices via
EtherCAT and IO-Link for high value-added
manufacturing. EtherNet/IP enables data
sharing with a host PC and between controllers
on different machines. EtherCAT connects I/O
48
devices, motion devices, vision systems, and
safety controllers with a single cable. Machine
information can be checked by monitoring the
status of the connected components.
The NX1P can monitor sensor data through
the IO-Link master unit to reduce downtime
by detecting errors and to perform predictive
maintenance by monitoring status.
Profi Line Modular Switch
MICROSENS: New Profi Line modular switches
provide Power-over-Ethernet with up to 60
Watts.By doubling the performance of end
devices, users can draw on a wide range of new
application options, such as an energy supply
for LED/IR illumination units in the security
environment or the feeding of performance-
driven WLAN and LoRa wireless communications
systems.
The new switches offer increased PoE
performance also numerous features such as
modular extensibility to up to 25 ports for
a demand-oriented, economically efficient
expansion of networks using high performance
Gigabit Ethernet over copper and fiber optic
lines. High fault tolerance is achieved using
a redundant power supply and a ring-shaped
cabling structure, as well as short restore
times via the storage of the firmware and the
configuration file on an SD card.
Flexy OPC UA compatible
eWON: The company’s Flexy product now
features an OPC UA server and can use the
communication protocol for secure and reliable
exchange of data in industrial automation
applications.
in d u s t r ial et h er ne t b o o k
OPC UA has the advantage of being platform-
independent, and it ensures the seamless flow
of information among devices from multiple
vendors. From sensors to cloud, OPC UA is fully
scalable, object oriented and allows use of
structures or models which makes managing
maintenance tasks much easier.
The OPC UA server is particularly valuable when
users need to share key values and parameters
related to equipment on the factory floor. The
system offers quick configuration and operates
completely independent from the PLC.
As of firmware version 11.2, the Flexy features
an OPC UA server that allows easy access to tags
through an OPC UA Client. The OPC UA server
supports DA layer of OPC UA making easy to
configure tags to be published on the OPC server.
Wireless thermal energy harvesting
Emerson: The company has announced the
adoption of advanced thermal energy harvesting
as a power source for its wireless products.
Power Puck thermoelectric energy harvesters
convert ambient heat commonly released in
industrial processes into electricity for powering
Rosemount wireless transmitters.
Perpetua’s Power Puck energy harvesting
solution is especially advantageous to wireless
devices in power intensive applications, where
a conventional power module may require
replacements more frequently. The company’s
Power Puck thermoelectric energy harvester
provides continuous, reliable power for the life
of the transmitter and includes an intrinsically
safe power module for back-up power.
A heat source is all that is required to fully
power wireless transmitters at their fastest
update rate using Power Puck. Configurations
allow connections to most heat sources,
including flat and curved surfaces with
temperatures up to 840°F/449°C. Power Puck
solutions are safe for use in hazardous areas.
11.2016
Smartswarm Modbus eavesdropper
B+B SMARTWORX: The Smartswarm Modbus
eavesdropper can translate SCADA protocols to
IT in real-time without disrupting, interrupting
or reconfiguring your existing networks. By
recognizing and extracting data from Modbus
SCADA systems, it transforms it into actionable
information, and presents it to IT systems
without interfering with the Modbus Master.
SmartSwarm 351 discovers and maps the
network, analyzes message exchanges between
the existing OT master and slave devices, and
uses this information to build a comprehensive
picture of the status of the underlying plant. In
near real time, Modbus data is delivered to IT/
OT systems that normally would not see SCADA
information.
Unlike alternatives, this is accomplished
without disrupting the Modbus Master and
SCADA network communication. Mission
critical process control systems are completely
undisturbed. Connecting to enterprise
applications by a local Ethernet connection or
an internal cellular modem, the gateway can
switch between these connections at any time,
providing redundancy.
Rather than overwhelm the IT/OT system with
meaningless data, SmartSwarm 351 collects,
filters, enriches and aggregates raw data
through simple user configuration, requiring no
programming. Using the newest IoT protocols,
MQTT topics and JSON; payload formats securely
construct the data so it is easily consumable by
upstream IT applications.
Layer 2+ managed Ethernet switch
PLANET Technology: The IGS-604HPT-M12
Industrial Layer 2+ managed Ethernet switch
comes with an IP67-rated industrial case,
4-port 10/100/1000T 802.3at PoE, 2-port
10/100/1000T, and static Layer 3 routing,
1 1. 2016 i n d u str i a l e th e r n e t b o o k
providing a high level of immunity against
electromagnetic interference and heavy
electrical surges which are usually found on
plant floors or in curb-side traffic control
cabinets.
The IGS-604HPT-M12 can be easily mounted
on a DIN rail or wall taking up less space. Each
of the four Gigabit PoE+ ports provides 36 watts
of power, which means a total power budget of
up to 144 watts can be utilized simultaneously
without considering the different types of
PoE applications being employed. It also
provides a quick, safe and cost-effective
Power over Ethernet network solution to IP
security surveillance for small businesses and
enterprises.
Failsafe I/O modules
Siemens : Compact Simatic ET 200MP Failsafe I/O
modules simplify S7 1500 controller distributed
configuration. The F-DI 16x24VDC PROFIsafe
and F-DQ 8x24VDC / 2A PPM PROFIsafe modules
support a “no dip” concept, eliminating the
need to assign PROFIsafe addresses via a DIP
switch. Each module comes with a standard Code
Element Type F Plug.
Featuring low parts variance, the 35mm-wide
modules simplify mounting, ordering, logistics,
and inventory management with a uniform front
connector. Channel-specific diagnostics enable
fast and clear process error identification and
reduce plant standstills.
The scalable ET 200MP Failsafe modules also
offer mechanical slot coding to ensure proper
module and front connectors assignments to
reduce errors during configuration and module
replacement. The signal modules or I/O modules
provide the interface between the controller and
the process. The controller detects the current
process status by means of the connected
sensors and triggers the corresponding actuator
reactions.
The digital and analog modules provide
exactly the inputs/outputs that are required
for the respective task. They can be used both
Product News
centrally, i.e. directly on the CPU, as well as
locally in the ET 200MP I/O system. 25 mm and
35 mm modules are available.
Ethernet over coax extender
Transition Networks: New extenders deliver data
and power to IP network devices over existing
coaxial cable.
The immediate availability of its Ethernet
Over Coax Extender with PoE+ reduces cost
and accelerates time to service by utilizing
existing coax cabling infrastructure to upgrade
from analog to IP-based surveillance cameras
or connect other IP devices to the Ethernet
network. The new extender conforms to the
IEEE 802.3 af/at standard for compliance with
other PoE / PoE+ powered devices, allowing
edge devices to be quickly and easily located in
places where power was previously not available
and helping to avoid unnecessary and costly
electrical installations.
POWERLINK integration
EPSG: KUNBUS simplifies the integration
of sensors and actuators into a POWERLINK
network. The new KUNBUS-COM module for
POWERLINK enables Ethernet-based interface
connections without affecting the design of
the circuit board. This makes it easy to retrofit
a POWERLINK interface with minimal added
development.
With its compact dimensions of 85 x 65
millimeters, the module can easily be plugged
into the control card of existing sensors and
actuators or connected by a cable. In terms of
software, the module features a Modbus RTU, a
shift register interface, a dual port RAM interface
and an easy-to-program script interpreter. The
interface for the electrically isolated POWERLINK
network is formed by two RJ45 connectors. The
module also has two rotary switches for setting
the node address and integrated LED indicators
for diagnostics.
49
 The electric rider:
Private Ethernet

Skiing in the year 2016

Gone are the days when all you needed to go skiing was skis, boots and ski poles. Today, standing on a
majestic mountain with blue skies above you, fresh powder under your skis, and a challenging run before you
is obviously not enough. For a truly memorable outdoor experience you also need all kinds of electronic and
connected gadgets.

IT HAS BEEN A WHILE (three and a half years,

to be precise) since we have last covered
connected gadgets for winter sports (see “Into
the great white open”, Industrial Ethernet
Book 74). Since then, the industry has moved
ahead and introduced several new technolo-
gies, which we never knew we were missing.
Time for an update.
While with some of the latest gadgets
we wonder how they add to the winter-
sport experience, others actually seem quite
useful. Here is our list, ranked from bizarre
to practical.

Touch screen gloves

These are probably designed for snowboarders,

PHOTO: © SKI AMADE

because they have their hands free while going
downhill.
eGlove claims that they have spent over
12 months designing and testing their Heli
range of gloves in the Canadian backcountry of
Whistler BC and down the pistes at Val d’Isere.
The gloves use high grade goat leather for
a soft feel and warmth, and have been tested
down to minus 20 degrees. The inner gloves
are made from a special fabric to keep wind
and water at bay, whilst still providing the
breathability when you are ripping down the
mountain. The inner glove is stitched in to
provide air pockets at the finger tips to retain
maximum warmth. eGloves are made with a
tight cuff to fit snugly in a ski jacket, and
come with a wrist support to reduce the risk of
breaking on impact. This can also be removed
for those who prefer the flexibility.
The unique feature, however, are eGlove’s
oversealed ports, which provide fast and easy
Majestic mountains, with blue skies, fresh powder, and challenging runs: Winter sports at Ski Amade,
Austria’s largest ski resort.
exits for your thumb and forefingers to operate Actually, POC helmets do a pretty good job
your touchscreen phone, using conductive in protecting skiers in a crash, as you can see
finger tips. No more missed calls, accurate in this video of Steven Nyman at the Beaver
enough for texts or your favourite applications Creek downhill race.
or to make that oh-so-important call. https://youtu.be/CjT6NmlP8Bw
www. eglove.co.uk
Communication ski helmet
Unlike snowboarders, skiers typically don’t
have their hands free to make phone calls or
send text messages while going downhill.
The designers at POC helmets have
understood this serious problem and came
up with the Receptor BUG Communication
helmet. It is equipped with Beats by Dr. Dre
headphones built into the neck roll. With the
remote control, compatible with most smart
phones, you can take calls, switch tunes and
adjust volume right from the cord.
In case you get too distracted, miss a turn
and hit some obstacle, you will be glad that
PHOTO: POC

the Receptor has an advanced ABS outer shell,

a robust in-mold polycarbonate/EPS liner and
a patented VDSAP system with two overlapping
PHOTO: EGLOVE

shells that protect from sharp objects. You may not need the built-in headphones, but
www.pocsports.com the world-class protection could proof to be
extremely useful.

50 in d u s t r ial et h er ne t b o o k 11.2016

IEB97_p50.indd 50 05.11.1644 12:02


The ThermoCharge 10 portable power bank and hand warmer can provide 12 hours of heat at
temperatures up to 114°F (45°C)
Heated insoles
Now that your hands are kept warm, how about
your feet?
The Thermacell ProFlex heated insoles offer
comfort and ease-of-use, utilizing a flexible
polyurethane insole material, a comfortable
and resilient Poron battery cover cushion, and
a removable, rechargeable battery. Thermacell
claims that the batteries last at least 500
charging cycles, equivalent of 2,500 hours or
about four winters of heavy use.
There are a number of heated insoles on the
market, but the ProFlex offer a neat little extra:
A wireless remote control.
PHOTO: THERMACELL
What we all have been waiting fot: A wireless
remote control for your insoles.
i n d u s tr i a l e th e r n e t b o o k
IEB97_p50.indd 51
PHOTO: CELESTRON
With it you can simply adjust the tempera-
ture to the setting of your choice: no heat
(standby), medium (100°F/38°C), and high
(111°F/44°C).
One charge lasts up to 5 hours of constant
use on medium heat setting. The battery
recharges in 4 hours using wall a charger or
any USB port.
heat.thermacell.com
Thermocharge
There are typically two problems when using
your smartphone on a skiing trip. For one
thing, power outlets are not readily available
in the wilderness.
Second, your fingers get frozen stiff when
spending too much time tapping on that
touchscreen (unless you are wearing the
eGlove mentioned above). Celestron has come
up with a clever 2-in-1 device to tackles both
problems.
The Smith Turbo Fan Prodigy goggles have a tiny two-speed fan built into the frame to actively
promote the circulation of air.
11. 2016
Their ThermoCharge 10 is a rugged, ergonomic
Private Ethernet
hand warmer and a portable power bank. The
power curve design allows for comfortable
use in both your hands and a pocket, while
also maximizing the contact points for heat
transfer.
The hand warmer is good for a full day of
heat – up to 12 hours, at temperatures up to
114°F. The 10,000 mAh rechargeable lithium
battery can charge smartphones, tablets, sport
cameras, MP3 players and other USB-powered
devices. Dual out ports allow for charging 2
devices at once.
www.celestron.com
Fog-free goggles
There is quite a bit of temperature difference
between the powder falling from above and
the body heat generated while skiing though
bumps.
Every time you pause, your goggles tend to
fog so quickly and completely that you have to
take them off and try to dry the lenses.
The Smith Turbo Fan Prodigy goggles employ
5X anti-fog technology, which is claimed to
provide 5 times the fog absorption compared
to anything else on the market.
This technology is combined with an inter-
changeable lens and what Smith calls a
“military-derived Turbo Fan”. This tiny quiet
fan is built into the frame to actively promote
the circulation of air even when the skier is
stopped. It runs at two speeds.
Turn the fan on when you get to the hill
and in the low setting, the Turbo Fan system
will run continuously all day long to exhaust
moisture from inside the goggle. The high
setting can be used to quickly exhaust moisture
in extreme conditions.
If the goggles start to fog when you stop
after skiing hard, just slide the switch to the
higher speed for a few minutes and they clear.
www.smithoptics.com
PHOTO: SMITH OPTICS
51
05.11.1644 12:02
 When things
just work,
work gets done.

Kepware’s industrial connectivity software provides

secure and reliable data from the shop floor to the top
floor, so you can focus on productivity.

Learn more at kepware.com/IEB

IEB97_p52.indd 52 03.11.1644 10:39