Download presentation
Presentation is loading. Please wait.
1
trends in distributed control systems
Dr. G.U. Spohr Siemens A&D ST2 Automation & Drives April 2005
2
Introduction Some major technological trends which will influence the design of current and future decentralized control systems : Intelligent Field-Devices and Asset Management Communication Technology Redundant Profibus PA Fieldbus Gigabit Ethernet Wireless LAN Web – Technology Management Execution Systems MES
3
Intelligent sensor- and actor-systems
intelligent sensor- and actor-systems often provide additional information acoustic pump monitoring valve diagnostics internal self diagnosis these informations are transferred to the control system using HART or a fieldbus communication .... but where do I evaluate these informations ? Asset Management
4
Integrated Plant Asset Management
Plant Asset Management Systems integrated in SIMATIC PCS 7 provides online, real time functions : Monitoring of the components Message at status change Display of diagnostic information Creation of maintenance request Tracking of the maintenance activities Asset Management Monitoring Diagnostics Maintenance Request Maintenance SIMATIC PCS 7 Plant Asset Management Main benefits of the implementation : Homogenous integration into the SIMATIC PCS 7 environment Maintenance Station integrated into OS or as a dedicated station Common visualization (symbols, faceplates) of all assets (unified assets) Automatic generation of all Asset Management diagnostic pictures Consequent implementation of NAMUR recommendations NA 64 & NE 91
5
Asset Management – Operating & Monitoring
OS MS OS Clients with access to maintenance area (pictures, messages, faceplates) Maintenance Station has additionally direct online access to PDM and hardware engineering OS OS MS ... Asset Management C 1 C n ... AS 1 AS 2 AS n S 1 S n ... AS 1 AS 2 AS n ... Maintenance Station integrated in Operator Station AS – Automation System C – Client MS – Maintenance Station OS – Operator Station S – Server Maintenance Pictures All SIMATIC PCS 7 components with diagnostic functions included Common and unified symbols for representing the status of all assets Good Announcement of request for maintenance (low) Request for maintenance unknown/not activated Simulation Request for maintenance (medium) Request for maintenance activated Function control/ local Maintenance alert (high) Request for maintenance in process
6
Integrated „Plant Asset Management“ Hierarchical Structure
Fast and easy-to-use operator guidance through complete hierarchy by unified symbols Asset Management SIMATIC S7-400 and PROFIBUS Network status and selection of underlying hierarchy ET 200M Station diagnosis symbol of the component Clear hierarchical structure Plant overview Overview all controllers Controller (with sub-hierarchy) PROFIBUS Assets DP station (e.g. ET 200M) Intelligent field device PROFIBUS Assets Faceplates for intelligent device
7
Plant view in SIMATIC PCS 7 engineering
Integrated „Plant Asset Management“ Automatic generation of hierarchical diagnostic pictures AS 1 AS 2 AS n S n OS MS C 1 C n ... S 1 Asset Management Plant Automatic generation of diagnostic area Operating and monitoring hierarchical pictures asset symbols with faceplates alarm linking Engineering CFC charts with diagnostic blocks Plant view in SIMATIC PCS 7 engineering Unit 1 Unit 2 Boiler 21 Diagnosis Diagnosis AS - Station CP1 - Field bus CP2 - Field bus No engineering overhead !!! All Asset Management related infor-mation is generated automatically !!! Remote I/O DP/PA - Link Link Picture CFC
8
PROFIBUS PA- Redundancy
Possible Failures in a PA- Segment Profibus PA Redundancy
9
PROFIBUS PA- Redundancy
Basic Concept Profibus PA Redundancy
10
SIMATIC PCS 7 system bus: flexibility in communication
1 Gbps, ring topology: Double ring topology for Plant bus (double redundant) Fiber optic or twisted pair Switching technology High performance variant: Industrial Fast Ethernet (100 Mbit/s, redundant) Normal requirement: Industrial Ethernet (10Mbits/s, redundant) Introductory solution: Basic Communication Ethernet via normal LAN connection 1 GB Ethernet High communication capacity even for "XXL applications“ providing total system stability and high availability ! Gigabit Plant Backbone SCALANCE X208 SCALANCE Serie X400
11
Wireless LAN – These are the most important requirements
Cyclic data traffic (deterministics) Redundancy Reliable Monitoring of the radio connection Stable radio connection Metal housing with high degree of protection Robust Protection against vibration and shock Extended temperature range Easy configuration Secure Access control (authentication) Encoding of the data WIRELESS – AS RELIABLE AS WIRE!
12
Cyclic data traffic Cyclic data traffic, well known from fieldbusses
Reliable Data Data Data rates rates rates reserv. 802.11 reserv. 802.11 reserv. 802.11 T1 Time T2 T3 T4 Wireless LAN T5 T6 Nodes 1, 2 and 3 may access predictably the radio channel, controlled through Robust Access Point Node 4 is allowed access to the radio channel „only“ in the 3rd cycle Conform with , SCALANCE W guaranteed data reservation Any client devices applicable (non-SIMATIC as well) Cyclic data traffic, well known from fieldbusses
13
Redundancy Mode Reliable Wireless LAN Transmission of the data via two different radio channels e.g. by disturbance switching from 2,4 GHz at 5 GHz or vice versa. Redundancy increases the availability and reduces the sensitivity to interference
14
Security settings Secure Security levels: Einstellung der Sicherheit mit unserem Wizzard. Begriffserklärung: WPA Wi-Fi (Wireless Fidelity) Protected Access WPA ist ein Sicherheitskonzept das von der Wi-Fi (Wireless Fidelity) definiert wurde, da die Verabschiedung von i durch die IEEE nicht schnell genug vollzogen wurde. Es enthält Teile von IEEE i, die bereits verabschiedet wurden (z.B.: TKIP, AES) WPA wurde entwickelt, weil WEP (Wired Equivalent Privacy), der ursprüngliche Sicherheitsstandard von IEEE wesentliche Sicherheitslücken enthält: zu geringe Anzahl an Schlüsseln kein regelmäßiges Wechseln der Schlüssel kein Schlüsselmanagement keine individuelle Authentifizierung TKIP Temporal Key Integrity Protocol TKIP stellt das automatische Management der Schlüssel zur Verfügung (bei WEP noch manuell!) und ist voll kompatibel mit WEP. Wesentliche Verbesserungen zu WEP sind: Message Integrity Code (MIC), »Michael«: Fälschungen werden erkannt Neue Paketsequenzkontrolle: Dadurch werden Replay-Attacken verhindert Per-Packet-Key-Mixing: Wechseln der Schlüssel Rekeying für frische Chiffrier- und Integritätsschlüssel: Die Wiederverwendung von Schlüsseln wird unterbunden. TKIP wendet weiterhin das RC4-Verschlüsselungsverfahren MIC Message Integrity Code Statt einen der gebräuchlichen MIC-Algorithmen (z.B. IPsec) zu verwenden, musste aufgrund der Hardware-Beschränkungen ein neuer Schlüssel definiert werden „Michael“ Ein MIC-Algorithmus berechnet einen Hash (Prüfsumme) von den Daten und sendet den berechneten Wert zusammen mit den Daten an den Empfänger. Der Empfänger berechnet ebenso diesen Wert und vergleicht ihn mit dem des Senders. Sind beide Werte identisch, ist die Nachricht unverfälscht. Wichtig: Der zwischen beiden verwendete Integritätsschlüssel muss geheim sein Das Sicherheitsmaß eines MICs wird in Bits angegeben und beträgt bei Michael 20 Bit AES Advanced Encryption Standard (dynamischer Verschlüsselungsprotokoll) TKIP verwendet RC4-Verschlüsselung. Mit CCMP (Counter-Mode-CBC-MAC Protocol) wurde ein alternatives Verfahren entwickelt. Es wendet AES als Ersatz für RC4 an und ist nicht kompatibel zu WEP. Wichtigster Unterschied zwischen AES und RC4: RC4 ist ein Stromchiffre AES ist eine symmetrische Block-Chiffre, die auf Datenblöcken fester Größe arbeitet. SIMATIC NET unterstützt verschiedene Security-Policies, abhängig von Infrastruktur des Kunden: VPN-Tunnel oder WPA/AES Vorteil VPN Tunnel: Höhere Performance von SCALANCE W-700, da WPA/AES deaktiviert werden kann Vorteil WPA/AES: Preiswert Wireless LAN When choosing ‘none‘ no security level is activated! The required security level is achieved by one software setting
15
Comparison of SCALANCE W / SCALANCE S
Secure Secure SCALANCE W-700 with WPA, TKIP, MIC and AES Authentication (Who am I?) Coding SCALANCE S-600 with IPsec VPN tunneling and Firewall Authorisation (What may I?) SCALANCE W-700 Sicherheitsvergleich Scalance W – S SCALANCE W-700 mit WPA, TKIP, MIC und AES WPA Wi-Fi (Wireless Fidelity) Protected Access TKIP Temporal Key Integrity Protocol (dynamischer Verschlüsselungsprotokoll) MIC Message Integrity Code AES Advanced Encryption Standard (dynamischer Verschlüsselungsprotokoll) Authentication (Wer bin ich?) Verschlüsselung SCALANCE S-600 mit IPsec VPN-Tunneling und Firewall Authorisation (Was darf ich?) Fazit: SCALANCE W Sicherheitsmechanismen mit Software, wenn dies für das gesamte System ausreichend ist. SCALANCE S Sicherheitsmechanismen, wenn schon System mit VPN betrieben bzw. eine Authorisation gewünscht wird (z.B. gesicherte Automatisierungszellen) Secure Wireless LAN SCALANCE S-600 Multiple protection against unauthorised access and bugging on automation components or cells.
16
SCALANCE W or SCALANCE S
Secure EITHER ... ... OR SCALANCE W-700 SCALANCE W-700 SCALANCE S Graphischer Vergleich S -W Ethernet Ethernet Wireless LAN WPA/AES (Software included in AP) VPN Tunnel Security mechanism deactivated User- defined Firewall setting SCALANCE W-700 SCALANCE W-700 SCALANCE S Ethernet Ethernet Ethernet
17
IWLAN and mobile diagnosis
Access Point SCALANCE W788-1PRO Access Point SCALANCE W788-2PRO Access Point SCALANCE W788-2PRO IE IE IE Client Module SCALANCE W744-1PRO S7-200 IE Client Module SCALANCE W744-1PRO Wireless LAN S7-400 PROFIBUS Field PG with CP 7515 ET 200S S7-300 ET 200S Automated guided vehicle systems Mobile diagnosis and service Wireless PLC Separate radio network Components for IWLAN for mobile data access.
18
Monitoring and Control via SIMATIC PCS 7 Web Client
Monitoring and Control via the Internet / Intranet Web Client as thin client Complete plant overview Remote diagnostics and asset management Advanced security is ensured by User-specific password Firewall technology Individual application concepts Minimal installation at the Web Client “OCX” file via net download or CD Direct conversion of process screens for the web Superior performance by Compressed process pictures for the Web Report by exception based runtime communication SIMATIC PCS 7 Web-Client Modem LAN Intranet Internet Explorer Web - Technology SIMATIC PCS 7 Web-Client LAN Intranet Terminal Bus Web-Server within a SIMATIC PCS 7 Client Worldwide and safe access to the plant based on state-of-the-art web technology ! Plant Bus
19
PCS 7 OS Web Client Monitoring and Control via the Inter- / Intranet
Web Client as Thin Client Manager node Remote diagnostics and asset management Advanced security is ensured by user-specific password Firewall technology Individual applications concepts Minimal installation at the client (OCX via net) Direct conversion of process screens for the web Superior performance by Compressed PCS 7 screens Report by exception based runtime communication Web - Technology
20
MES - interface to the IT world with SIMATIC IT
Information technology (IT), process data management and production planning systems play an increasingly important role in production optimization and cost reduction Connects the control level with the MIS/MES level Comprehensive basic packages available Integration of vendor-neutral IT products To the ISA S95 standard; integration of heterogeneous (as well as host) applications Short response times, more transparency, more reliable decision-making MES Integration & synchronization of all business processes with the SIMATIC IT technology platform
21
SIMATIC IT Integration
Browsing of MES- relevant Objects MES
22
SIMATIC PCS 7
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.