Connectivity: backbone of the digital enterprise — Part 2

Bridging the divide between operational technology (OT) and enterprise information technology (IT) in the right way will support collaboration and enhance overall production efficiency, reliability, visibility, flexibility and security.

It has been well established that connecting the two worlds of IT and OT for a truly, end-to-end digital enterprise is essential for enabling companies to be competitive in the future. Bringing the IT and OT teams together and aligning their perspectives is essential in making IT/OT integration work. Unfortunately, for far too many organisations, sharing data between these two worlds can be a struggle because their network infrastructures could be more up to date and better connected.

Ensuring the highest availability

Without fast, reliable and secure communications across all components and systems, the digital enterprise would remain a vision instead of the practical operating model it has become today.

Bottoms-up

To start, it helps to understand how automation in the digital enterprise works. Complex automated industrial systems used in discrete manufacturing and production processing are organised as a hierarchy, linking the various components — actuators, contactors, motors, sensors, switches and valves — that do the work at the field level (for example, shop or production floor) to PLCs. As mentioned previously, PLCs are microcomputers with software that monitors and controls the operations of these devices, such as turning motors on or off and opening or closing valves. PLCs can also control the motion of industrial robots, but require precise data timings to do so.

In turn, PLCs are connected to a HMI, typically a display of some kind that enables human operators to monitor overall system performance and component behaviours then, if necessary, adjust parameter set points. Many modern PLCs have built-in web servers. These enable the HMI to be securely displayed and accessible remotely in a web browser on a laptop, tablet or smartphone.

One or many control systems can be vertically integrated to even higher-level systems, such a manufacturing execution system (MES) or a manufacturing operations management (MOM) system. These provide much wider, even enterprise-wide, views and controls.

Redundancy, key to availability

Asset utilisation is tied to availability — the higher the availability of machinery, for example, the greater the asset utilisation. The consequences of a system failure can be costly downtime, high restarting costs and the loss of valuable data or materials. That’s why OT engineers have designed redundant control systems and redundantly configured networks.

In the event of a fault, a plant’s high-availability industrial communication can take over automatically without any consequences for the facility. Such systems support reconfiguration times of a few milliseconds in the event of a fault. In general, there are two types of redundancy:

• System redundancy: A high-availability automation system is implemented by deploying backup systems and communication components that operate in parallel with failover to them if the primary system goes down.
• Media redundancy: Systems are only implemented individually, but should the network be interrupted, the plant will continue to operate along substitute communication paths.
   

While IT professionals are likely familiar with how system redundancy works, they may be interested in understanding more about media redundancy in an industrial context. There is a range of approaches to implement media redundancy, including Profinet-compliant MRP (Media Redundancy Protocol), HSR (High availability Seamless Redundancy) and PRP (Parallel Redundancy Protocol).

Based on IEC 62439-2, MRP enables rings of Ethernet switches to overcome any single point of failure with near instant recovery times. Operating at the MAC layer of the Ethernet switches, MRP uses redundant rings and ensures reconfiguration times (relearning of the communication paths) of 200 ms in rings of up to 50 switches. For smaller rings, the worst-case recovery time scales down.

To eliminate reconfiguration time, there is an extension to the MRP protocol — Media Redundancy for Planned Duplication (MRPD) — for sending message frames in duplicate within a ring structure, leveraging Profinet IRT to do so. Standard recovery for MRPD is 0 ms.

The HSR (High availability Seamless Redundancy) protocol based on the IEC 62439-3 standard utilises double transmission of message frames over ring-topology networks in both directions. In the event of an error, the message frame will be transmitted without any delay. No reconfiguration time is necessary for the network, as is the case for most other redundancy protocols.

The PRP (Parallel Redundancy Protocol), again based on IEC 62439-3, also uses double transmission of message frames but it does so over two separate networks. Network access points connect up to two network segments or terminal devices without PRP functionality, without delay, over two parallel networks. This seamless data transmission offers extreme reliability and high availability in parallel networks and can be used for numerous applications, for example, in ships, energy switchgear or along pipelines.

Network segmentation

Virtual local area networks (VLANs) enable the partitioning of one physical LAN into a number of smaller, logical LANs. These help separate the networks connecting OT automation systems from IT systems, for better security and optimised real-time performance.

As enterprise LANs are usually maintained by a company’s IT group, security concerns can override the OT group’s concerns about maximising uptime. But while a compromised endpoint on an enterprise LAN can generally be quickly isolated by disconnecting it from the LAN, ‘pulling the plug’ on a compromised device that’s tied into an OT automation LAN can be potentially disastrous to the system that component is part of.

With VLANs, the offending VLAN can be isolated from affecting its larger physical LAN domain, then OT can work with IT on the best way to remedy the security breach and minimise downtime and production impacts.

Another reason for using VLANs in OT environments is that the amount of real-time, broadcast and multicast data traffic OT systems typically generate using Ethernet can use most if not all available bandwidth. VLANs use OSI Layer-2 access switches to handle data traffic within a VLAN, while Layer-3 switches and routers direct data traffic across different VLANs, limiting broadcast and multicast transmission.

Bridging IT and OT worlds

It’s possible and highly desirable to interconnect the environments of IT and OT in practical, secure and accountable ways that respect the strengths and requirements of each. Following best practices, a robust network backbone should be established to create a structured and reliable interface that interconnects dedicated production and office networks.

The former will include production cell-to-machine and shopfloor-to-cell subnetworks, all with specific IP addressing for fully managed components and systems, plus the use of real-time, deterministic communication protocols. While this backbone will be an integral part of the OT production scope, especially in delivering the highest availability of product assets to the business, it will be aligned with IT in regard to user governance and security.

This way, for example, should a third-shift failure occur in off-hours, qualified and authorised production personnel can address the issue directly. And they can potentially do so much sooner than having to wait hours until an IT person arrives, according to the terms of an IT/OT service-level agreement. By minimising the production disruption, such an approach can possibly avoid significant amounts of associated costs and risks to customer delivery commitments.

Facilitating data interchange

Highly automated production environments often have a wide variety of data communication interfaces, usually as a result of various field-level components being sourced from different manufacturers. These elements must communicate their data to — and, for many, get their instructions from — higher level control systems and HMIs. The former can include SCADA and manufacturing execution systems; the latter can include HMI panels, web interfaces, PCs, tablets and even smartphones.

So, how can data be exchanged effectively and efficiently across such heterogeneous communications landscapes? One approach is OPC Unified Architecture (UA), a manufacturer-independent standard that allows field devices to communicate with each other. OPC UA can be used in all Ethernet networks thanks to its underlying TCP/IP communication protocol. In particular, OPC UA and Profinet are fully compatible, enabling parallel operation.

Wireless

Wireless industrial communications, especially for wireless local area networks (WLANs), are fast becoming as ubiquitous in factories, warehouses and other production and logistics facilities as they are in non-industrial environments. Reasons include greater flexibility and speed in configuring (and reconfiguring) floorplans and the elimination of long lengths of costly cabling.

Wireless industrial communications includes low-power, short-range Near Field Communication (NFC) technology used in RFID solutions for product authentication and asset tracking, among other NFC applications. Another NFC use is for machine diagnostics. Bluetooth can be used for relatively simple, close-range applications, usually in a symmetrical configuration by pairing two Bluetooth devices.

For longer-range wireless communications of up to 100 m between access points, IEEE 802.11 Wi-Fi is most widely deployed. Compared to Bluetooth, Wi-Fi has an asymmetrical client-server connection with data routed through a wireless access point. For specific directional applications, for applications that require a defined path, like monorails, cranes and automated guided vehicles, RCoax radiating cable emits a radial field along the axis of the cable, which can be laid in a floor or along overhead rails.

Ruggedisation for reliable performance is the biggest difference in the components used for industrial WLANs compared to non-industrial systems. They need to withstand temperature extremes, adverse weather and corrosive conditions that are typical of industrial environments.

Meet the digital thread

Of course, what ties together all these devices and systems is industrial data communications, the digital thread referenced earlier. These have come a long way since early point-to-point, wired protocols such as analog 4–20 mA current loop or analog/digital HART communications — both still widely used despite their limited communications capacity, including relatively slow data speeds.

In time, however, multipoint, digital fieldbus protocols emerged, such as Profibus, one of eight fieldbus types described by the global IEC 61158 standard. These enabled local area network (LAN)-type connections to be used to link up to hundreds of devices. This tremendously simplified cabling and lowered its cost.

Today’s industrial networks are quickly migrating to Industrial Ethernet, which provides greater performance, higher speeds and more flexibility than fieldbus communications. It’s based on the same Ethernet used in non-industrial IT networks, both wired (IEEE 802.3) and wireless (IEEE 802.11) protocols, but has been enhanced for the deterministic routing and real-time control that automation requires.

Making the digital thread real

Today and in years to come, digital enterprises supported by advanced industrial communications and backed by fully aligned IT and OT teams will enjoy distinct competitive advantages over those without.

With a vibrant, coherent thread of data running end-to-end through their operations, companies can execute their business strategies faster, gain performance feedback and insights sooner, respond to market changes and opportunities more quickly, and improve their time to market with new products and services.

Another benefit of modernised industrial communications is simplification. This can help lower both capital costs and the management overhead and expenses required for operating highly integrated networks spanning both IT and OT environments. It can also vastly improve the reliability, visibility and security of dynamic OT landscapes to boost availability and, ultimately, asset utilisation.

A fully digital enterprise needs the expertise of both IT and OT teams to make it happen, enabled then with the connectivity that advanced industrial communication technologies can offer. The sooner companies with such aspirations move forward to modernise their industrial data networks, the sooner they will realise the benefits of being a true digital enterprise.

Image: ©stock.adobe.com/Olivier Le Moal