Finding equilibrium is generally considered a good thing, as is certainly evidenced by how much has been written about people seeking a satisfactory work/life balance. For industrial automation systems, designers often find another sort of balance problem — they are faced with choosing technologies able to provide an agreeable balance between cloud technologies and local computing capability, especially for real-time control. Indeed, if they get this technical balance right, it may help to improve their work/life balance to boot.
Networking, cloud and cybersecurity advancements are rightfully forming an ever-greater part of industrial, commercial and even personal technological solutions. Some IT-focused groups would advocate an extremely heavy emphasis on cloud computing. On the other hand, those with more traditional operational technology (OT) experience are well aware of the benefits — primarily robust and responsive performance — of local computing capability for real-time control and other tasks.
As with many challenges of this type, the best solution likely lies somewhere in between the two extremes. Because many organizations are considering their remote connectivity and local computing options, it is important to understand the associated benefits and downsides.
IT/OT convergence: Cooperation, or confrontation?
The earliest industrial automation system implementations — typically based on programmable logic controllers (PLCs) — were very localized, and remote connectivity options lagged in growth and ease of implementation. This changed rapidly as commercially developed networking, internet and cloud computing technologies became widely available.
As connectivity options increased, users could incorporate in-plant human-machine interface (HMI) visualization and more widely distributed supervisory control and data acquisition (SCADA) systems. In more recent years, remote connectivity has made it possible for users to operate and maintain automation systems located almost anywhere, while cloud computing has provided advantages for historizing and analyzing a fleet of equipment and facilities operating worldwide.
Sensing the demand, large organizations like Amazon, Google and Microsoft are entering the industrial space with various internet of things (IoT) innovations. However, they remain largely IT-focused, with an emphasis on data scientists and other IT types of users. Many manufacturer sites do not employ this type of staff, and the local OT users need solutions that are easy enough to operate — and even deploy — with the personnel they have on hand (Figure 1).
Typical OT users first require reliable real-time control, and once this is proven they can extend their reach to include IoT local/remote data collection, data aggregation/consolidation and some basic analytics (Figure 2). In particular, analytics is of great importance because it provides the ability to detect an inefficient process, or equipment that is trending toward failure, so that pre-emptive action can be taken to resolve the issue.
IT and OT technologies are converging, and the challenge is to ensure this happens in a cooperative rather than a confrontational manner. The right solutions are easy to configure initially and provide essential functionality, yet are advanced enough to support required data handling and analytics, now and in the future.
Up in the cloud, down on the ground
While internet connectivity and cloud computing can provide many HMI, SCADA and analytical computing benefits, they cannot provide a complete answer in all cases. This is because the turnaround time to obtain and transmit field data, accomplish significant processing in the cloud and send results back to local installations does not always fit with industrial automation use cases, especially those requiring fast action. Another issue is the high cost of transmitting all raw field data to the cloud, and then storing it for later use.
Yet cloud connectivity with field operations will remain a vital part of the mix in many cases. Some of the most advanced analytics approaches, such as supervised machine learning (ML), are well suited to run in the cloud. Any such solution needs to be designed to withstand or ride-through intermittent outages. Often, a purely cloud architecture is more suitable for applications that are less real-time, such as advanced analytics.
There have also been great advances in the “minification” of ML, particularly in the form of unsupervised ML. Results from unsupervised ML are not as accurate as supervised systems, but unsupervised ML requires less human intervention, can learn in real time and can run on lower-powered field computing devices. For many industrial manufacturing needs — such as predictive maintenance, and detection of defects and other anomalies in real-time — localized unsupervised analytical models can be very successful.
Whether processing remains in the cloud, or is pushed down to local edge devices, there is need to strike a performance balance between local computing and control capabilities, and edge-sourced data networking.
Local first
With all this in mind, most designers and end users should focus on a real-time control and local data aggregation solution first as they develop the overall architecture. This will provide the required firm foundation of robust control, with the hooks necessary to build out cloud connectivity initially or later.
For typical industrial environments, this means selecting PLCs with extensive OT field connectivity options, along with support for leading IT-centric connectivity protocols (Figure 3). OT connectivity is well understood by most industrial users, and includes hardwired I/O, serial protocols like Modbus RTU and ASCII, and industrial Ethernet protocols like EtherNet/IP and Modbus TCP.
IT connectivity in the context of a PLC may be less familiar to some users, it and takes the form of protocols and standards such as HTML5, OPC-UA, HTTP(S) via REST API and MQTT. While each of these methods can play a role by offering certain performance and implementation benefits, MQTT has risen in popularity as a flexible, yet secure and IT-friendly, way to transmit data, especially over low-bandwidth or intermittent connections.
Ordinary MQTT is completely customizable, making it quite powerful, but this can lead to implementation issues and frustrations. Many users are finding that the extreme flexibility of MQTT is best harnessed when combined with the Sparkplug B data specification, which provides a consistent way for equipment manufacturers and software providers to share contextual data.
The gold standard for securely connecting field assets to the cloud is by using VPN routers, especially in conjunction with a proven cloud solution. In this case, the VPN routers should be tailored to operate in and withstand the stress of the industrial environment, and they should specifically support industrial protocols. Due to the dispersed nature of industrial sites and equipment, it is best to select VPN routers which can be cloud managed to simplify deployment and usage.
Beyond these architectural considerations — including end-to-end encryption — users should also implement other defense-in-depth security practices — both technological and procedural. Users should ensure rigorous username/password usage, choose solutions which support granular access control and port management, and ensure that activity auditing is available.
Another concept gaining adoption is the practice of protecting data through de-identification, which occurs locally where the data is sourced. This means making the data somewhat non-specific to outside users by methods of assigning generic batch, asset or other identifiers to the data.
Striking a remote connectivity balance
Equipment OEMs and manufacturing operations have always been primarily concerned with deploying reliable automation for maximum production and uptime. Adding to these capabilities, remote connectivity and cloud computing technologies are now an important part of the solution for delivering best performance. Most solutions are no longer purely local, yet they also cannot be too heavily weighted towards the remote side.
Users can find the right balance for their applications by choosing to develop their automation system architectures in a progressive manner, focusing first on the fundamental local control, but ensuring remote connectivity capability is available. They can do this by starting with one of the many PLCs which now include not only the commonly needed OT connectivity, but also IT-friendly protocols. Industrial VPN routers and cloud IoT platforms provide the next step for connecting the field to the cloud.
Following this approach, designers will be able to deliver essential automation, while incorporating ML and other advanced analytics, either now or in the future, to optimize performance and uptime.
Damon Purvis is the PLC product manager at AutomationDirect.com. He has over 22 years of industrial automation experience. Previous roles have included designing and deploying automated solutions in a variety of industries, and managing product development of manufacturing data management and business intelligence applications.
AutomationDirect