Designing industrial automation networks is a demanding challenge in many ways. Not only are these networks often located in remote locations and inhospitable environments, but they must run securely and reliably with minimal attention. When there are problems, networks need to notify users and provide diagnostic information.
To meet these requirements, networks must be built on the principles of simplicity, performance and security.
- Simplicity means networks are easy to develop, grow and maintain because they offer straightforward functionality, minimizing required end user technical effort
- Performance delivers results in a robust manner, even in problematic environments
- Security provides reliable and safe data transfer, suitable for industrial applications
Whether upgrading existing industrial networks or implementing new ones, these three principles are must-have requirements. A next-generation communications platform founded on flexible hardware and open software, as shown in Figure 1, delivers on these demands.
Commercial networking technologies like Ethernet and the internet have significantly improved today’s industrial networking landscape, especially for new greenfield projects. But the automation sector has traditionally been dominated by specialized networking methods and protocols that are difficult to integrate. In fact many unique automation devices still exist at the edge of industrial sites—and they all must be accommodated when upgrading these brownfield sites.
Users are looking for straightforward ways to merge disparate elements into a cohesive network for monitoring and control, and vendors are delivering on these demands by providing the required simplicity, performance, and security.
The key to simplicity is establishing a unified communication system flexible enough to handle existing automation islands. The latest edge programmable industrial controller (EPIC) devices offer the computing flexibility and connectivity to communicate with new and existing automation systems and components at the edge, while providing an easy way to create system-wide interconnections over the internet.
Historically, linking industrial devices over networks has often been a time-consuming project requiring custom coding. Today, however, users can take advantage of EPIC devices to start building their networks out at the edge. Open standards-based hardware and software facilitate integration with edge devices using built-in industrial protocols, and with computer networks and software using standard IT protocols. Development is simpler; for example, developers can choose which data points to make available to the larger network via automatic discovery.
This type of build-as-you-go architecture is simplest for initial development, is readily scalable for adding functionality, and lends itself to easy ongoing support.
Data throughput, robustness over unreliable networks, and minimal impact on processing and networking resources all factor into performance—and newer communication models and protocols meet these demanding requirements.
A prime example is the open-source protocol message queuing telemetry transport (MQTT), developed as a lightweight method of transporting industrial data over tenuous networks. MQTT is often combined with a specification called Sparkplug to establish the messaging format. Together, MQTT and Sparkplug provide a publish-subscribe model, which offers superior communications performance as compared to a request-response architecture. Data is transmitted on change only, and only subscribers receive data (Figure 2).
Networking within a facility is generally considered easier than attempting connections over the internet, but publish-subscribe models also provide advantages in this type of environment.
For internet connections, IT-intensive options such as virtual private networks (VPNs) are often used. But a better option may be to take advantage of MQTT’s ability to reliably establish outgoing remote connections over the internet. Because all data communications are outgoing, complicated and risky steps like opening firewall ports and accepting inbound traffic are not required.
Simplicity and security are often at odds with each other. If an automation networking solution makes it simple to transmit data, then applying any level of security typically complicates the process. Furthermore, transmitting data to the cloud via the internet seems to invite attackers.
With MQTT/Sparkplug, however, effective security requires fewer steps. First is encryption, crucial for ensuring no third parties can read or alter the data. The connection from the client device to the MQTT broker (or server) should always use the internet cryptographic protocol Transport Layer Security TLS, is standard with MQTT.
Next is authentication and authorization. Authentication through username/password methods or API keys should always be used to create a connection to the MQTT message broker. In addition, authorization through access control list functionality provided in the MQTT broker defines who (or what role) can access specific data, and what operations they can perform (read only or read/write). Together, these ensure that only proper clients are able to see and use data.
Automation network designers can simultaneously achieve the goals of simplicity, performance and security by combining EPIC hardware devices out at the edge with open-source software and protocols. This type of solution is easier, faster and better than traditional alternatives—and lends itself to expanded implementations.
Benson Hougland is Vice President of Marketing and Product Strategy at Opto 22.