MAY 2022 A Quarterly Supplement of
IT-OT convergence has always been the path forward
2
Th
X5 x0
b dd d P
MAY 2022
P w th t PL
t
t l
X5 30: I t l t .3 GHz
®
x5 3930
X5 40: I t l t ® x5 3940 .6 GHz 4
t d v th y b fit th X5 x0
Industrial Internet of Things
With the CX52x0 Embedded PC series, Beckhoff offers a cost-effective hardware platform for universal use in automation and IoT applications. The two fanless, DIN rail-mountable versions offer users the high computing and graphics performance of the new Intel Atom® multi-core generation while greatly reducing heat dissipation. The basic configuration includes a direct I/O interface for Bus Terminals or EtherCAT Terminals, built-in IoT and cloud capabilities, two 1,000 Mbit/s Ethernet interfaces, a DVI-D interface, four USB 3.0 ports and a multi-option interface that can be equipped to accommodate a wide range of fieldbuses.
dI T
3
4
IT-OT convergence has always been the path forward
9
Effective Instrument Commissioning for Seamless Project Startups
15
Connecting Cloud-Based Quality Control to the Edge
21
Answering the Top 7 Questions About Profinet
23
Advantages of a Smart MQTT Broker
25
Managing Network Security on Your Plant Floor
SENSORS
CONTROL
INTEROPERABILITY
INTELLIGENCE
Industrial Internet of Things
ETHERNET
MARCH 2022
*Supplier-generated content
4 MAY 2022
SECUR ITY BUILTIN
MOVE SECURELY INTO THE CLOUD • • • •
IIoT-ready with Sparkplug, native MQTT and TLS encryption Built-in VPN and Firewall for increased network security Run Docker Containers in parallel with PLC logic Interface with existing controls via onboard fieldbus gateways
www.wago.us/IIoT
Industrial Internet of Things
DIRECT FIELD TO CLOUD CONNECTION
5 MAY 2022
IT-OT Convergence Has Always Been The Path Forward Long before Industry 4.0 and cloud-connected architectures became possible, innovators championed PC-based technologies for industrial automation. By Daymon Thompson, senior software product manager, Beckhoff USA
A
IT and OT convergence offers incredible ben-
Internet of Things) concepts become
efits to machine control architectures today—
PC-focused innovation in the 1980s
real applications, an exciting conver-
just as it has for more than 30 years. While
During this era, the larger technology world
sation has developed centered on the integra-
many suppliers are just beginning to integrate
began to develop the personal computer (PC)
tion of information technology (IT) with opera-
PC-based technology into industrial automation,
and related technologies for widespread busi-
tions technology (OT). Large IT companies have
it is nothing new. The history of IT-OT conver-
ness and consumer use far beyond 1970s levels.
actively promoted ideas like workload consoli-
gence in automation technology dates back to
This led to transformations in standard chip sets,
dation for businesses to optimize processes and
the early 1980s with the advent of the modern
board designs, and sophisticated operating sys-
be more competitive. Some of the largest play-
PC and those who saw its potential for industrial
tems. At that time, most industrial technology
ers in automation technology (AT) are jumping
use. The adaptation of these ideas follows the
companies stayed away from the PC path. The
on board. Greater system openness, real-time
diffusion of innovations theory, which describes
PLC platforms of the time used proprietary chip
deterministic control with many-core proces-
how new technologies are adopted in order by
sets, board designs and, in most cases, program-
sors, the incorporation of web technologies and
the innovators (2.5%), early adopters (13.5%),
ming software. Traditional PLC technology for
machine learning, among other advances, are all
early majority (34%), late majority (34%) and,
machine control evolved much slower than it
possible through applying popular technologies
finally, the laggards (16%).
should have due to an industry-wide aversion to
to industrial applications.
change. As a result, the paths of hardware PLCs
Industrial Internet of Things
s Industry 4.0 and IIoT (Industrial
6
IT-OT convergence has always been the path forward and consumer PCs would not begin to converge for decades.
MAY 2022
CONTINUED
their own software from scratch was quite costly. They started using off-
While the majority of industrial vendors and manufacturers initially
the-shelf real-time operating systems, but often didn’t widely promote
shunned IT technology on the plant floor, smaller start-up companies
the solutions. Some notable crash-and-burns gave PC-based platforms a
recognized that both technologies could coexist. Using proven indus-
bad reputation during this time. However, many platforms were providing
trial standards and computer science innovations, smaller AT companies
incredible results in the field, extending their lead in performance over
began the convergence of IT and OT in manufacturing.
traditional PLCs.
Early adopters of the 1990s
Early majority from 2000 onward
In the 1990s, both technologies continued to advance, with IT pioneers
The turn of the millennium brought further developments in software and
running laps around traditional OT. The popularity of Windows exploded,
multi-core processors. Major IT players like Intel, IBM, and Microsoft
and it became ubiquitous in nearly every area of technology. By launching
actively expanded into OT. Likewise, a determined subset of the automa-
Visual Studio in 1997, Microsoft combined a number of programming
tion space kept integrating IT with increased real-time capabilities. Along with these automation and control advances, another major
day. Industrial vendors that began implementing PC-based automation
development involved networking. Industrial Ethernet protocols, such
technologies in the previous decade saw significant gains in hardware and
as EtherCAT, created significant performance improvements and a path
software performance that far outpaced traditional PLCs. The successful
forward from legacy fieldbuses. This is another example of IT and OT
companies created new tools for deterministic, real-time control that
convergence, with Ethernet merging with fieldbus technology. EtherCAT
could run on industrial PCs with standardized operating systems.
eliminated the complexity and cost of switches and additional hardware
More automation vendors saw this opportunity and launched comput-
while providing deterministic control with up to 65,535 devices per
er-based controls. However, these early adopters realized that developing
network. This resulted from the same PC-based control innovators who
Industrial Internet of Things
languages in a single environment, which continues to evolve to this
7
IT-OT convergence has always been the path forward carefully considered the potential of industrial Ethernet—combining its openness and acceptance with the functionality of a fieldbus.
Today’s late majority
MAY 2022
CONTINUED
Fortunately, the reluctance of manufacturers to implement PC-based technologies continues to evaporate as they see the benefits of IT technologies in industry. The decades of IT-OT advances have shown that any IT principle carried over to OT products must be deterministic, reliable,
From automation software apps on smartphones to many-core Intel Xeon
available for many years and implemented efficiently. Done correctly,
processors in controllers, IT-OT convergence continues to accelerate
IT-OT integration produces results far better than what traditional plat-
today. For example, contemporary HMIs now commonly rely on web
forms can accomplish.
technologies, and standards such as MQTT and JSON are being implemented in IIoT contexts.
For more information:www.beckhoff.com/IoT
Gigabit Ethernet technologies such as EtherCAT G are also becoming key as machines become more complex. The industry is also beginning to apply machine learning and other artificial intelligence technologies. Industrial Internet of Things
You want to monitor basic processes easily and reliably.
MAY 2022
EASE + EXPERTISE
8
Based on our experience and technical knowledge we have developed products that are easy to select, install and maintain.
Meet your basic measurement needs with the products in our Fundamental Selection
Micropilot FMR10
Cerabar PMC21 / PMP21
• Robust stainless steel housing
• Most compact radar sensor due
• High reproducibility and
(316L) • External function test with test magnet • Onsite function check possible thanks to LED display
to unique radar chip design • Radar sensor with Bluetooth® wireless technology • Commissioning, operation and maintenance via SmartBlue App
www.us.endress.com/ftl31
www.us.endress.com/fmr10
Do you want to learn more? www.us.endress.com/fundamental
long-term stability • Customized measuring ranges • Flush-mounted process
connection as option www.us.endress.com/pmc21 www.us.endress.com/pmp21
Industrial Internet of Things
Liquiphant FTL31
9 MAY 2022
Effective Instrument Commissioning for Seamless Project Startups Finishing a major automation project on time and on budget depends on putting the best digital tools in the hands of highly skilled people. By Ryan Williams, national product manager for solutions and service, Endress+Hauser USA
O
ver the last several decades, process instrumentation
As an example, an Endress+Hauser Proline Coriolis flowmeter can
has become far more accurate and versatile, but can be
detect a wide variety of process conditions beyond the normal set of
more complex to configure. As a case in point, consider
variables. Every type of transmitter can’t do every function, but a full
a basic process pressure measurement: • A mechanical gauge had a range, a class, and perhaps an accessory; • Early electronic transmitters (1970s) • Later electronic transmitters (1990s) added more internal processing, which meant more settings.
Multiply this by the hundreds and potentially thousands of instruments and smart devices involved in a process unit upgrade, new process unit, or a greenfield facility, and it becomes clear why producer companies doing such projects often hire a primary system provider (SP). It also explains why SPs hire integration specialist and partner with instrumentation technicians to do advanced commissioning. With the right digital tools, it is much easier and faster to do this detailed work accurately and efficiently.
Today’s transmitters are extremely powerful with internal electronics to process the basic reading, deliver additional variables, perform inter-
Stages of a project
nal diagnostics, monitor other process conditions, self-calibrate, retain
A large-scale project typically consists of three major sections:
historical performance data, monitor power quality, and more. Most
Plant design and engineering; installation and commissioning; and
recently, the growth of IIoT capabilities adds even more sophistication.
operations and maintenance.
Industrial Internet of Things
had half-a-dozen settings; and
configuration can often require verification of 100 or more settings.
10
Effective Instrument Commissioning for Seamless Project Startups It’s the middle where problems can develop because the design
the project must be consolidated and transferred to a digital commis-
work must be realized in an actual installation and made to operate
sioning management platform, such as Netilion. This includes all the
correctly so the plant can start up on time. The risk is huge since
device lists, data sheets, work instructions, drawings, and other docu-
a plant that’s not running when it should be is piling up extra costs
ments supporting the scope of work. This management platform serves
and not generating income.
both the site commissioning managers and the individual technicians. For the manager, it is the mechanism used to maintain real-time track-
parts of the project. Its function, in broad terms, is to oversee the actual
ing of overall progress and completed phases. For the technicians, it is the
building contractors while creating the software programs and networks
primary and authoritative guide for work processes and execution details.
to support process automation. This includes the PLC, DCS, as well as
Since it is digital, it is also dynamic. If a change is handed down by the SP,
the various networks, HMIs, field device I/O, instrumentation, loops,
for example the range on PT-143 needs to be changed from 0-100 PSI to
and so forth. There are typically multiple subcontractors performing all
0-130 PSI, the instruction can be changed instantly if the task has not yet
these tasks and the SP has to keep everything moving and coordinated.
been done, or it can instruct the technician to go back and make the revision.
There is also the need to keep everything documented, as virtually
Since the information is updated constantly, there is effectively no lag time.
every act, no matter how trivial, from tightening bolts on a pipe flange
Work done in the field is where training and skill are critical. It’s
to verifying a control loop, must be specified and recorded. Yet, even
one thing to have a work order to commission a flowmeter, but
this far into the 21st century, for many SPs and subcontractors, these
doing it quickly, efficiently, and intelligently is another. A techni-
are still manual procedures recorded on paper forms and entered in
cian must interpret the instructions and determine how to set many
some management system after the fact. Fortunately, there are now
unspecified parameters based on the function of the instrument in
digital tools to meet this challenge.
the larger process context. Most of the main parameters are spelled
Step-by-step process To start the project off on the right foot, all the information related to
out in the work order, but others may not be, and the technician must determine which must be specifically configured versus what can be left in the default setting.
Industrial Internet of Things
The SP is usually responsible for the automation and instrumentation
MAY 2022
CONTINUED
11
Effective Instrument Commissioning for Seamless Project Startups Typical deliverables
• Bump motors to verify rotation;
The scope of the instrumentation commissioning team’s responsibili-
• Run valves through their full stroke;
ties varies by project requirements. When a project is comprehensive,
• Check instrument response to simulated process variables;
the team will begin during the planning phase, helping set commis-
• Confirm correct scaling at the HMI;
sioning strategy and scheduling. This can extend into final equipment
• Confirm VFD settings; and
selection based on the piping and instrumentation diagrams and pro-
• Make final adjustments to configurations.
MAY 2022
CONTINUED
cess information. Throughout this phase, the team will gather loop sheets, motor schematics, spec sheets, checklists, and move them all into the digital management platform. Once on site, the commissioning technicians must verify the work done by Inspection confirms that the right device has been installed, it matches specifications, and has been connected correctly before powering-up the device. Once verified, the actual configuration takes place. Based on the type of device, configuration can involve a variety of actions, such as:
Figure 1: Commissioning instruments requires deep understanding of functionality and the practices of multiple manufacturers.
Industrial Internet of Things
the piping and electrical contractors.
12
Effective Instrument Commissioning for Seamless Project Startups
Industrial Internet of Things
Figure 2: Endress+Hauser’s Netilion platform combines digital services and system components for lifecycle management, maintenance, and support of instruments and analyzers.
MAY 2022
CONTINUED
13
Effective Instrument Commissioning for Seamless Project Startups It is also necessary to ensure each device functions properly in its process context: • Verify interlocks; • Testing for batch phase, sequence, and logic; • Monitor water or other runs; and • Complete commissioning.
MAY 2022
CONTINUED
are too critical to accept the default choice without exploring other options. With the right choice, it is possible to have a successful project with all critical deliverables provided, including: • Real-time visibility and insights into work progress, obstacles, and completion; • Efficient project setup with automatic data sheets, tag lists, and templates for effective work planning;
Now the unit is ready for startup and final hand-over. At this point, the importance of the digital management platform, like Netilion, becomes especially clear. Delivering documentation with the full detailed history of the project is an easy task since every-
• Collaborative and dynamic digital guides for work process execution; and • Intuitive and easy-to-use digital management platform for all technicians and supervisors.
thing has been gathered and kept in a consistent format, ready to transfer to the SP’s and client’s servers. Industrial Internet of Things
It’s critical for companies to understand that commissioning services
14 MAY 2022
Go digital. Go PROFINET. The communication standard for the digital transformation. Learn more at us.profinet.com/go-digital
Industrial Internet of Things
15 MAY 2022
Connecting Cloud-Based Quality Control to the Edge Intrinsics Imaging’s AI-powered vision system uses edge I/O to integrate cloud analytics into process controls. By Josh Eastburn, director of technical marketing, Opto 22
M
achine vision systems can reduce time-consuming manual
tency, product wrapping, and even pallet counts. It can also continu-
inspection. However, these systems require specialized
ously inspect in-process materials to ensure that specifications, such as
programming and maintenance, which can make them
dimensions, smoothness, straightness, and color, are met.
difficult to implement. California-based Intrinsics Imaging solves this problem through its analytics-as-a-service software, called Heijunka
For this application, Heijunka would be looking at two production lines moving discrete boards at high speed. • The primary line cuts large sheets of raw material to size. Cut sheets
algorithms running in the cloud that work with any IP camera to per-
would need to be inspected for excess moisture as well as dents,
form intelligent defect detection.
debris, and scratches as small as a grain of rice. The customer runs
Typically, Heijunka integrates with SCADA systems to create analytics dashboards, alarms, and quality control actions. But when Intrinsics
hundreds of different product types through this conveyor, each being cut to a different size and configuration.
was approached by a customer hoping to integrate Heijunka directly
• The second line would be responsible for monitoring the quality of
into process controls, it looked to Opto 22’s groov RIO edge I/O for a
the milling process, specifically looking for chipping along the edges.
way to connect the cloud to the edge.
Securing a path to the edge Heijunka Vision finds defects in coatings, underlayment, color consis-
Unlike most Heijunka applications, the customer also wanted a pass/fail I/O signal that it could integrate directly into the PLCs handling material rejection. By bypassing the SCADA and providing a direct path to PLC action, the customer hoped to simplify
Industrial Internet of Things
Vision. It provides a library of image processing and machine learning
16
Connecting Cloud-Based Quality Control to the Edge integration and reduce latency.
MAY 2022
CONTINUED
to Heijunka, the customer would have a roughly five-second window
Besides needing a device that could tolerate an industrial environment
in which to detect and reject a problematic part. Therefore, Heijunka
and integrate with Heijunka’s existing software stack, the company also
would need to return a pass or fail indication that consistently fell within
required minimal latency. From the time a given video capture was sent
that window of opportunity.
Industrial Internet of Things
Each of the defects in the plot above indicates a product that triggered a reject signal in Heijunka that then made its way to the groov RIO modules via MQTT. Source: Intrinsics Imaging
17
Connecting Cloud-Based Quality Control to the Edge Finding the missing piece For this application, Heijunka would be hosted on AWS and publish MQTT messages to a hosted broker. That broker would be bridged to an on-premises broker in the customer’s facility,
MAY 2022
CONTINUED
Opto 22’s groov RIO MM1 module (GRVR7-MM1001-10) provides eight channels of universal I/O that can be shared securely via MQTT, REST, VPN, or traditional protocols.
allowing the cloud and edge networks to exchange data behind the scenes. This architecture proved to be the key factor in choosing groov RIO for the final piece of Intrinsics’ solution. “The customer found [an edge I/O device that used MQTT, and it] made me realize that an MQTT device could work for what we were doing,” says Eric Cheng, Heijunka’s chief technology officer. “I started searching around and came across [groov RIO.]” Groov RIO had the industrial build Cheng needed and was compatible with his software stack. “Groov RIO was on the same waveseemed more modern than [some other devices] that still require Windows 7 executables for configuration,” he says. “I didn’t want to have those kinds of dependencies.” The groov RIO MM1 module (GRV-R7-MM1001-10) provides eight channels of universal I/O with support for more than a dozen software-selectable signal types. I/O data can be shared via MQTT, REST, VPN, or traditional protocols like Modbus/TCP.
Industrial Internet of Things
length as us: built-in MQTT, Linux-based, web interface, and it just
18
Connecting Cloud-Based Quality Control to the Edge Given the nature of their request, Heijunka’s customer was also inter-
part being examined by Heijunka as a 16-bit integer and send each bit
ested in the cybersecurity of the proposed architecture and appreciated
to one of the inputs on the RIO pair. A Node-Red flow in each RIO
that groov RIO could secure communications with user authentication,
module publishes its eight input channels as MQTT topics, which Hei-
a local firewall, and TLS encryption using X.509 certificates.
junka combines to decode the product ID and select the appropriate
Putting the cloud in control
set of algorithms for that product type. The groov RIO modules also use Node-Red to subscribe to quality
Intrinsics built an isolated network to connect IP cameras and groov
indicators, which Heijunka publishes to the MQTT broker. One of the
RIO modules to the on-premises MQTT broker. A separate net-
relay outputs in each pair of modules is used to indicate the pass/fail
work connects that broker to the internet for video streaming to
decision returned by Heijunka for a given part. The production PLCs
Heijunka Vision and data exchange with the hosted MQTT broker,
watch these outputs and use them to trigger a physical rejection of the
both running on AWS.
product if needed. Since Heijunka performs all the heavy computation and product
broker, which has only port 8883 open—the standard port for MQTT
identification, the groov RIO modules can run the same logic without
TLS connections. Bridging between the two MQTT brokers also pro-
regard for the product type, creating a clean interface between cloud
vides security, with the local broker acting as a firewall for the OT side
and edge networks.
Heijunka in the cloud. “The goal is to keep the RIOs inaccessible from
Fast, automated quality control
the outside,” says Cheng.
With the full system in place, Intrinsics confirmed a round trip time,
To satisfy another customer request, each production line uses two
from measurement to result, of less than two seconds. At this point, the
groov RIO modules with each configured to provide eight discrete
customer has been automatically rejecting defects for several months
inputs. Production line PLCs encode the product ID for the specific
and plans to introduce Heijunka in the rest of its facilities.
Industrial Internet of Things
Each groov RIO module makes an encrypted connection to the local
of the system while still allowing groov RIO data to be exchanged with
MAY 2022
CONTINUED
19
Connecting Cloud-Based Quality Control to the Edge “I’m impressed with how fast it is even though we are taking two or
interface to low-level automation systems. Using the RIOs allowed us
three steps,” says Cheng. “Most of that latency is due to transmitting
to own more of the last mile between cloud software and physical action
video over the network.”
and allowed the customer to speak the language they were most com-
Intrinsics’ customer is using Heijunka to save on labor costs and increase quality with an overall goal of avoiding material returns. The
fortable with. That allowed a cleaner separation between our software expertise and their hardware expertise.”
customer can review system performance through Heijunka’s built-in
With groov RIO, Heijunka can now be adapted to many more appli-
trending, monitor historical trends in defect rates, and diagnose the
cations, supporting both hardware and software interfaces, whichever
root cause of elevated defect levels. Each defect that appears in Hei-
produces the best performance.
junka indicates a product that triggered a reject signal, which then made
MAY 2022
CONTINUED
For more on Intrinsics Imaging, visit www.intrinsicsimaging.com.
its way to the groov RIO modules via MQTT. “We were under the gun to do this quickly,” says Cheng, “but we got it figured out in less than a month. Now we can provide a direct physical Industrial Internet of Things
20 MAY 2022
Data security has never been more critical
DataHub
One solution that does it all. Secure, fast, easy.
Learn More > SECURE INDUSTRIAL IoT REDEFINED DataHub® is a registered trademark of Real Innovations International LLC, used under license
Industrial Internet of Things
Skkynet’s unique DataHub technology is redefining industrial IoT. New security enhancements, unmatched tunneller capabilities to bridge on-premise and cloud, unparalleled flexibility with MQTT enhancements, and connection to historians now available in DataHub10. And, you can future proof your system with alarms and event notifications.
21 MAY 2022
Answering the Top 7 Questions About Profinet We get a lot of questions here at PI North America from end users, distributors, system integrators, and device vendors. Here are our answers to the questions we get asked most. By Michael Bowne, executive director, PI North America
I
sn’t Profinet a Siemens product?
the widespread adoption of Ethernet and now Industry 4.0, today we
No, Profinet isn’t ‘just Siemens,’ as many questioners ask. Yes,
are able to appreciate what a wise decision that has become. Profinet
Siemens is a strong supporter and adopter of the Profinet tech-
utilizes standard unmodified Ethernet, meaning any Ethernet-based
nology. As are many other automation device vendors. Profinet is an
protocol can utilize the infrastructure. Inherent Profinet mechanisms
open standard defined in the IEC and the technology is not owned by
ensure the determinism required for industrial automation.
any single company. Development on the Profinet standard—along
Does Profinet require special hardware?
national (PI) umbrella—is performed by working groups staffed by
Since Profinet is based on standard unmodified Ethernet, no special
volunteers from many different companies.
cables or switches are required. However, using the same cables and
Is Profinet a closed network?
switches built for office environments on a factory floor is a recipe for trouble. Profinet cabling is merely Ethernet cabling that is shielded
Profinet is not a closed network. Profibus, as a serial fieldbus for exam-
and ruggedized against tough conditions. We recommend end users
ple, was a closed network. By closing the network, Profibus was able
install managed, purpose-built switches in their networks. These offer
to ensure determinism. Despite being an Ethernet-based protocol,
ruggedized hardware and advanced features helpful to running and
the choice was made early-on to keep a Profinet network open. With
maintaining an industrial Ethernet network.
Industrial Internet of Things
with all other technologies under the Profibus and Profinet Inter-
22
Answering the Top 7 Questions About Profinet Isn’t Profinet very complicated?
Is Profinet secure?
If you have ever set up a Profibus network, then setting up a Profinet
That fact that most Profinet traffic is not routable is an inherent secu-
network is basically the same. If anything, it is likely easier than Profi-
rity measure. For a nefarious actor to manipulate Profinet traffic, they
bus since you do not have to worry about network segmentation, signal
would need to do so from inside your network. If a hacker is already in
repeaters, or termination resistors. Profinet is just Ethernet. With
your network, then you likely have bigger problems to worry about.
Profinet there are no dipswitches to set, you simply assign a name to
Profinet Security Classes are in place to deal with aspects of authen-
the device you are installing. The controller assigns the IP address. Con-
ticity, integrity, and confidentiality. End users can choose the level of
figuration and parameterization of devices proceeds as it always has.
security appropriate for their installation. In general, network security
MAY 2022
CONTINUED
should be approached holistically with a defense-in-depth strategy.
Is it true that Profinet traffic is not routable?
Is Profinet ‘old’ technology?
Profinet utilizes UDP/IP and TCP/IP where it makes sense. And skips
Profinet is based on Ethernet, which was invented in the 1970s and has
them where it doesn’t. Automation traffic is often little pieces of data.
come a long way since then. It certainly seems like wireless is taking over
It is bits and bytes exchanged quickly and deterministically between
as the primary way to move data in the consumer world, particularly with
controllers and devices. The use cases for routing these little pieces
the upcoming versions of 5G cellular. While most Profinet installations
of data across the Internet are uncommon, if non-existant. There are
utilize Ethernet, many also seamlessly employ Wi-Fi, Bluetooth, and,
other protocols better suited at moving information as such, for exam-
eventually, 5G. Ethernet works very well for its purpose and has improved
ple OPC UA. Conversely, protocols with large packet sizes, and reli-
along the way. This appears to be true for the future as well. Today, indus-
ance on UDP/IP or TCP/IP, are not optimized for moving automation
trial Ethernet bandwidth can scale from 10 Mbps to 100 Mbps to 1 Gbps
traffic deterministically on the factory floor. For installations that do
and beyond. Soon, Time-Sensitive Networking (TSN) stands to make
require some basic routing in their Profinet networks, devices exist to
Ethernet robust for even the most heavily loaded networks.
seamlessly couple different subnets together.
Industrial Internet of Things
It is true that most Profinet traffic is not routable. This is by design.
23
Understanding how a smart MQTT broker provides ways to aggregate data streams, keep them consistent, and distribute them securely across a complex network to ensure the success of Internet of Things projects of any size or complexity.
MAY 2022
Advantages of a Smart MQTT Broker
By Xavier Mesrobian, vice president of sales and marketing, Skkynet Cloud Systems Inc.
M
QTT is becoming a popular protocol for Industrial IoT
Data collection
(Internet of Things) data. Developed for connecting
A smart broker should be able to collect data in an intelligent way. For
remote devices to a central server, it is lightweight, effi-
example, on large systems data can come from a wide variety of MQTT
cient, and secure. However, IoT implementations are growing larger and
devices, each with its own message format. A broker that parses mes-
more complex, and demand is increasing for OT/IT connectivity. MQTT
sages could convert these to a common message representation and
is now being called on to aggregate and send diverse collections of data
make that available to all clients. Other data sources might include non-
values over increasingly complex network topologies.
MQTT protocols such as OPC UA, Modbus, DDE, and others. A smart
protocol, MQTT specifies that messages are simply carried—not read—like a letter in the post. But that doesn’t have to be the case.
broker with protocol conversion capabilities could act as a gateway for this data to any MQTT client or cloud service.
What would happen if the letter carrier could read the mail? In
Data consistency
other words, what if we gave an MQTT broker the ability to parse
In real-time industrial systems, data consistency from source to
the messages it carries? It would be able to handle messages more
consumer is vital. Data that’s stale or out of correct time sequence
intelligently and include some information on the status of the data
can lead to incorrect decisions. Any disconnects or network irreg-
source or quality of the connection.
ularities must be known.
Industrial Internet of Things
To meet these challenges MQTT must get smarter. As a transport
24 MAY 2022
CONTINUED
Advantages of a Smart MQTT Broker Data can become inconsistent in several ways. If messages arrive at an
quite secure, but many corporate security policies require isolating OT
MQTT broker faster than they can be delivered, some may be dropped.
systems using a DMZ. This is problematic for MQTT since messages
Or data from multiple message streams may get sent to a client out of
must be passed via two or more servers, while MQTT quality of service
sequence. Also, if a data source goes offline, the client may not know
guarantees are only valid for a single sender-receiver hop. As a result,
whether an unchanged value is current or stale.
data at the end of a multi-hop daisy chain can become unreliable.
A smart broker can ensure data consistency by queueing incoming
A smart broker that parses messages and converts protocols can
data in an intelligent way, passing on only the latest values. It can also
solve this problem by using a tunnel. The device producing the MQTT
parse timestamps on messages from different data streams to sequence
data would connect to one instance of the smart broker. The message
them properly, as well as pass along data and connection quality infor-
data, along with quality and timestamp information, gets tunnelled via
mation with each value update.
a secure, TCP-enabled protocol to a second instance of the smart bro-
Data security
ker. That instance would convert the data back into MQTT, with values, timestamps, and quality codes intact.
Security is critical when accessing data from a production system. The Industrial Internet of Things
MQTT push architecture that connects outbound through firewalls is
25 MAY 2022
Managing Network Security on Your Plant Floor A safe and secure network is paramount to ensuring a company’s ability to thrive in today’s digital age. Simply making the change from an unmanaged switch to a lean managed industrial switch could be the key to saving you from a cyber-attack. By Charlie Norz, product manager, automation, Wago Corp.
T
here is no doubt that network security for manufacturers is a
for networks with a control panel used for a plug-and-play option that
top priority now more than ever. Controls engineers are con-
has a fixed configuration. This approach eliminates any work on the
stantly looking for ways to stave off cyber-attacks and put
IT end requiring encryptions, prioritizing channels or creating a set of
programs in place to help reduce security risks. The risks at the OT
segregated devices to manage traffic and data. The downside of unman-
(operations technology) level are continually changing and keeping up
aged switches is that they do not provide any security functions. Companies with larger networks may want more than the basic func-
seem time consuming and costly. However, there are ways to ensure
tions of an unmanaged switch. With just a slight increase in cost, the
the safety of a company’s products, property, and processes in a concise
effectiveness of a lean managed switch can give controls engineers on the
and cost-effective way.
plant floor the peace of mind they need when running their systems. Lean
On the most basic level, one of the ways to ensure security against
managed switches can be configured to a company’s specifications, mon-
outside hackers is making sure that the proper industrial Ethernet
itor settings, turn off unused ports, set up and manage encryptions, and
switches are being used. Some companies are happy with just the essen-
help protect the network and data from active threats. VLANs can also be
tial levels of networking, opting for low-cost options. This will provide
installed to reduce security risks and help increase network performance.
the bare necessities to run plant floor operations, usually in the form of
Wago’s family of industrial Ethernet lean managed switches are
an industrial unmanaged switch. These switches are an excellent option
designed to meet security and redundancy requirements, while being
Industrial Internet of Things
with protecting a company’s operational technical infrastructure may
26 MAY 2022
CONTINUED
Managing Network Security on Your Plant Floor easy enough to maintain by plant floor technicians. Wago focused
connections or active threats. These switches are available with either
on creating an intuitive interface for these switches, which include a
eight or 16 ports with two extra SFP slots for connecting fiber optic
diagnostic dashboard allows for quick system troubleshooting—even if
cable for longer connections.
users have no IT knowledge. With each port configured for specific connections, transmission errors can be detected along with any improper
Industrial Internet of Things
Wago’s family of lean managed switches offer the tools of industrial networking without the office IT application overhead.
27 MAY 2022 Industrial Internet of Things