Industrial Ethernet Book Nº97 (11 - 2016)

11.
2016 Issue
97
ISSN 1470-5745
The Journal of Industrial Networking and IoT
OPC UA enables sensor to

cloud connectivity
19
Embedded encryption
down to last meter 8
Automotive supplier
launches IoT initiative 24
Lower cost of ownership

30
for IoT networks
Evolution of control
system integration
www.iebmedia.com/ethernet n www.iebmedia.com/wireless
34
CONNECTS THE WORLD OF

AUTOMATION WITH THE
INTERNET OF THINGS
The WAGO PFC200 Move Securely Beyond

the Field Level
High-performance controller with integrated 3G modem and standard Mini-SIM card

Wireless data transmission over great distances
GPRS Internet connectivity and bidirectional SMS communication
Highest security standards via IPsec and OpenVPN
www.wago.com/pfc200
IEB97_p2.indd 2
Visit us in Hall 7,
Booth 130
03.11.1644 10:52
GET CONNECTED
www.iebmedia.com/ethernet n www.iebmedia.com/wireless
Contents
Contents
Emergence of OPC UA
The OPC Unified Architecture (UA), released
in 2008, has come into its own in 2016 as
the overwhelming technology solution for
connectivity from the sensor to the cloud.
By creating a platform independent, serviceoriented architecture that integrates all the
functionality of the individual OPC Classic
specifications into one extensible framework,
OPC UA is functionally equivalent to OPC
Classic but capable of doing much more.
Early in 2016, a series of announcements at
the Hannover Fair underlined the reasons
why OPC UA has come so far so fast. As a
way to connect OT and IT interests, it offers
platform independence (from embedded
microcontrollers to the cloud), built-in
security features (encryption, authentication
and auditing) and extensibility (ability to
continue to add new features).
Throughout the rest of 2016, there has been
a series of announcements for companion
specifications and working agreements aimed
at technology collaboration and the next
level of refinements that will create stronger
industrial automation and IoT solutions.
The latest of these was at the AUTOMATICA
trade fair where VDMA Machine Vision
(an association of 3,100 machine vision
members) and the OPC Foundation signed
a Memorandum of Understanding on the
preparation of an OPC UA Machine Vision
Companion Specification. The resolution was
preceded by an international study under the
lead of VDMA Machine Vision last summer. It
was aimed at showing which standards are
important to prepare the sector for the future.
We want to make machine vision fit for
Industry 4.0 and for the factory of the future.
We are aiming at straightforward integration
of machine vision systems into production
control and IT systems via OPC Unified
Architecture, said Dr. Klaus-Henning Noffz,
CEO of Silicon Software and in charge of
standardization issues at the Board of VDMA
Machine Vision.
Camera interfaces and standards for
communication and networking of various
machine vision components within the system
are already there, tremendously facilitating
the work of systems integrators. What is
missing is a generic interface for machine
vision systems at user level, added Dr. Horst
Heinol-Heikkinen, Managing Director of
ASENTICS and a VDMA board member.
The fact is that OPC UA has become, or
certainly is in the process of becoming, the
industrial operability standard for information
integration both at the device level and within
the enterprise. It also looks to be one of the
enabling technologies that will be required for
the Industrial Internet of Things and Industrie
4.0 to reach their lofty goals.
Industry news
Embedded data encryption down to the last meter
OPC UA and how it impacts Oil & Gas applications
12
Preemption standard enables high priority frames and traffic
16
OPC UA industrial networks for digital factory infrastructure
19
Smart connectivity transmits data from machines to the cloud
22
Automotive parts supplier launches IoT initiative
24
Exploring fundamentals of automation network efficiency
26
Container and microservices cloud architecture and platform
28
Lower cost of ownership for industrial IoT networks
30
The evolution of control system integration and networking
34
Adapting machines to go global with modern industrial networks
37
One panel PC coordinates 21 robots in manufacturing cell
39
Virtual private network for secure remote access
41
Digital wiring devices using Node-RED development tools
44
New Products
45
Private Ethernet
50
Industrial Ethernet Book
The next issue of Industrial Ethernet Book will be published in January/February 2017
Deadline for editorial: December 22, 2016 Deadline for artwork: January 13, 2017
Product & Sources Listing
All Industrial Ethernet product manufacturers (not resellers) are entitled to free of charge
entries in the Product locator and Supplier directory sections of the Industrial Ethernet Book.
If you are not currently listed in the directory, please complete the registration form at
www.iebmedia.com/buyersguide/ to submit your company details.
Update your own products
If you wish to amend your existing information, login to the Editor section
www.iebmedia.com/buyersguide/register.htm and modify your entry.
Do you want to receive issues of Industrial Ethernet Book? Call, mail or e-mail your details, or
subscribe at www.iebmedia.com/service/
Editor: Al Presher, editor@iebmedia.com
Contributing Editor: Leopold Ploner, info@iebmedia.com
Advertising: map Mediaagentur Ploner, info@iebmedia.com
Tel.: +49-(0)8192-933-7820 Fax: +49-(0)8192-933-7829
Online Editor: Adela Ploner. info@iebmedia.com
Circulation: subscriptions@iebmedia.com
Published by
IEB Media, Bahnhofstrasse 12, 86938 Schondorf am Ammersee, Germany
ISSN 1470-5745
Al Presher
1 1. 2016
i n d u str i a l e th e r n e t b o o k
Industry news
Wireless network for high

capacity onshore wind farm
SECURE WIRELESS COMMUNICATIONS will
connect closed-circuit television (CCTV)
cameras at two new substations being supplied
by ABB for the Pen y Cymoedd wind energy
project, being developed in south Wales by
Vattenfall, a leading European utility.
The full 76-turbine development, for which
ABB is also providing the grid connection
and the related electrical transmission
infrastructure, is due for completion later this
year and will be the highest capacity onshore
wind farm in England and Wales, delivering up
to 228 megawatts.
The two new substations will step up the
voltage from 33 to 400 kilovolt (kV), ready
to feed into a new 400 kV National Grid
substation. Pole-mounted CCTV cameras
around the perimeter fences of both substation
sites will be connected into a highly resilient
wireless mesh network using ABBs wireless
routers. The two sites will be linked by optical
fiber and connected to a control station with
a network video recorder to provide recording
and monitoring.
Our advanced wireless network solution will
ensure that data is directed efficiently through
intelligent routers to where there is capacity,
said Massimo Danieli, Managing Director
of ABBs Grid Automation business unit.
This minimizes delays and gives customers
real-time visibility and control of their assets
and it is another example of ABBs Internet of
Things, Services and People approach, a key
element of our next nevel strategy.
Physical and cyber security is critical for
utility communication networks. ABBs wireless
SOURCE: ABB
Wireless communications system to provide enhanced site security for Pen y Cymoedd onshore wind farm. It
will be the highest capacity onshore wind farm in England and Wales, delivering up to 228 megawatts.
Around the perimeter fences of both substation sites, pole-mounted CCTV cameras will be connected into a highly
resilient wireless mesh network using wireless routers. Both sites will be linked by optical fiber and connected to a
control station with a network video recorder to provide recording and monitoring.
routers are designed to cope with almost any

physical challenge, a necessity when routers
are routinely installed in outdoor locations in
the field. As the network grows, each smart
router will automatically reconfigure itself,
making expansion relatively simple. The mesh
network design offers inherent reliability,
as the network can handle any outage by
redirecting data intelligently and seamlessly.
In addition to the wireless communication
system, ABB is also supplying switchgear,
transformers, and IEC 61850 compliant
substation automation, control and protection

equipment as part of the overall substation
solution. ABBs sMicroSCADA control and
Relion protection equipment, working in
combination with a STATCOM (Voltage Source
Converter based reactive power compensation)
solution, will be used to control and regulate
the output of the wind turbines to ensure they
remain within National Grids rigorous power
quality standards.
Industry news by ABB.
PLCopen news: SafeMotion, OPC UA client and libraries

TO HARMONIZE SAFETY SOLUTIONS for users,
especially in production environments with
heterogeneous networks, PLCopen started a
working group on SafeMotion, which created
a generic proposal to solve the motion
control safety aspects over the different
networks like ProfiSafe, Safety over Ethercat,
CIP Safety over Sercos, OpenSafety, CC-Link
IE and Mechatrolink, as well as user areas as
described in OMAC.There are many SafeMotion
related commands, and it makes no sense that
a function blocks is created for all of them
while the functionality is mostly the same.
The documents for PLCopen SafeMotion
version 0.99 Release for Comments are
available on the PLCopen website.
OPC-UA client
PLCopen together with the OPC Foundation has

published a new edition of the definition of a
set of function blocks providing OPC-UA client
functionality.
With this functionality on a controller, it
becomes possible to initiate a communication
session to any other available PLCopen OPC-UA
Server. The controller can exchange complex
data structures horizontally with other
controllers independently from fieldbus system
or vertically with devices using an OPC-UA
server call in an MES/ERP system in order to
collect data or even write new production

orders to the cloud. It allows a production
line to be independently active in combination
with integrated OPC-UA Security features.
PLCopen compliant user libraries
To ease the development of user libraries,

PLCopen together with its members created
guidelines on how to create PLCopen compliant
function blocks. Included examples show the
basic code, including an object oriented
approach as provided by the 3rd edition of
the IEC 61131-3 standard.
News report by PLCopen.
in d u s t r ial et h er ne t b o o k
11.2016
Industry news
Looking at Industrial Ethernets

role in Chilean miner rescue
Most people dont know that an Industrial Ethernet switch played a role in the rescue of 33 Chilean miners
back in 2010, in part because of its suitability for harsh industrial environments. The switch, mounted in the
Phoenix capsule, was used to transmit video images back to a control room on the earths surface.
SOURCE: RED LION
BASED ON A TRUE STORY, the movie The 33

depicts a disaster that strikes when a mine
in Chile collapses on August 5, 2010. In the
movie, as in real life, 33 miners are trapped
underground for 69 days, with more than
2,000 feet of rock blocking their rescue. The
story details the many different strategies and
efforts attempted to free the trapped miners,
as well as their struggle to survive with little
food and water in extremely hot, dark and
humid conditions.
Watching the film reminded me of the actual
event back in 2010 and, what few people may
know, that small industrial Ethernet switches
played a role in the successful rescue mission.
When someone asks me about examples of
unusual applications for industrial Ethernet,
this one is definitely at the top of my list!
Underground rescue
The miners were ultimately reached

underground by drilling a narrow diameter
tunnel down to them, and a rescue capsule
was lowered to where the miners were trapped.
They were removed one at a time using the
capsule, which was risky considering it could
have become stuck in the long tunnel.
The Phoenix capsule weighed 924 pounds,
had an interior height of 6 feet 4 inches and
a diameter of just 21 inches. A team of NASA
consultants and Chilean navy engineers helped
construct the device. The tunnel rescue is
actually the setting for the final scene of the
movie. A happy ending indeed as all 33 of the
trapped miners were rescued.
One of Red Lions Sixnet industrial Ethernet
switches was mounted in the Phoenix, which
transmitted video images back to a control
room on the surface. The network-transmitted
video feed was used to inspect the rock
In transporting digital data from the field level into a cloud, existing security mechanisms must be applied intelligently.
structure of the tunnel walls and movements

of the capsule, and helped rescue teams get
a better understanding of the conditions that
the Phoenix would be facing in the tunnel.
The camera could look up, down and inside the
capsule so that rescue teams would know what
would happen during its movement. One note
is that, for the actual rescue and transport of
the miners, the switch was removed to help
make the Phoenix as light as possible.
Red Lion worked with local partner
Transworld and donated compact 4-port
Ethernet switch for use in the pod. The switch
that was used endured 95-degree Fahrenheit
temperatures and high humidity to transmit
the video images. A difficult environment,
but one that industrial-grade Ethernet could
definitely handle!
An Industrial Ethernet switch like this

is ideal for this kind of extreme situation
because of its small size and light weight,
high heat and humidity tolerance, and ability
to be deployed quickly and easily.
While its too late for a spoiler alert to
save revealing the end of the movie, you
already know that all 33 miners were rescued
after 69 daysand now you know that
industrial Ethernet played an important role in
the actual rescue. Rugged industrial Ethernet
switches, which are designed and built to
handle extreme conditions, not only worked
well in the Chilean Miner rescue, but are also
well suited for other harsh environments.
Tracy Courtemanche, Director of Red Lion
Controls.
Phoenix Contact acquires share in Dutch cybersecurity company

Phoenix Contact Innovation Ventures has
acquired a share in SecurityMatters B. V.
The company, based in Eindhoven, is a
leading supplier of cybersecurity solutions for
industrial control systems.
Since its implementation in 2013,
SecurityMatters has distributed the platform
for network monitoring and anomaly
detection, SilentDefense. The application areas
include the power generation, transmission

and distribution, water supply, the area of
infrastructure solutions, chemistry, oil and gas
as well as industrial production technology.
SecurityMatters offers solutions for the
area of critical infrastructure and Industrie
4.0. Especially in the industrial environment,
there is a great market potential where
cybersecurity solutions are required already
today. The product range of SecurityMatters

perfectly suits the expertise of Phoenix
Contact, especially as regards Industrie 4.0,
said Marcus Bker, Managing Director of
Phoenix Contact Innovation Ventures.
Phoenix Contact Innovation Ventures has a
minority share in SecurityMatters.
Industry news from Phoenix Contact.
11.2016
general system pack
www.ethernet-powerlink.org
O ve r
3,200
OEMs
Leading manufacturers ...
Countless applications ...
High-quality products ...
... trust in powerlink
IEB97_p7.indd 7
03.11.1644 10:42
Technology
Applications
Embedded data encryption

down to the last meter
SOURCE: WAGO
Holistic security requires adherence to three basic principles. Defense-in-depth stacks or layers security
solutions. The minimum need-to-know principle assigns users and processes only the maximum permissible
rights, while redundancy ensures that failure of components does not interfere with safety functions.
Encryption of sensitive data (SSL/TLS) during storage and transmission is a prerequisite for effective networking (segmentation/firewall/VPN). But a secure standard configuration
along with user authentication and allocation of user roles are also requirements that typically need to be reviewed regularly in audits.
NETWORKED PRODUCTION OF THE FUTURE will

require reliable automation technology and
secure communication paths throughout the
entire production process. Production data
is considered the most valuable asset of the
automated future and must therefore be
protected.
In times of Industrial 4.0 and Industrial
Internet of Things (IIOT), automation
solutions increasingly rely on open and
networked system architectures of standard
components. Ultimate productivity gains
are finally made possible by the transparent
access to the production data. However,
maintenance, service and legal documentation
requirements for complex systems can or
should not be provided by on-site personnel;
remote access is necessary. The resultant crosslinking of functional units results in increased
safety requirements and applies not only to
spatially limited industrial plants, but also
to distributed systems of energy technology.
Growing requirements
Against this background, automation systems

are exposed more than ever to the dangers
of the IT world. Any security breach can

have fatal consequences for companies and
employees.
In the summer of last year, the German
federal government adopted an IT security
measure, which is aimed primarily at critical
infrastructure operators (KRITIS). In addition
to regular security audits, it also reports
the reporting of IT security incidents to the
Federal Office for Information Security (BSI).
In addition, the IT baseline catalogs define
possible scenarios and protective measures
based on ISO 27002.
These, in turn, build on the various industryspecific policies and recommendations
that require companies to ensure the
confidentiality, integrity, authenticity, and
availability of data. These regulations also
increase the requirements for manufacturers
of automation technology and present them
with new challenges.
Holistic security
In order to build a secure system architecture,

three different basic principles must be
considered. The defense-in-depth concept is
about stacking or layering security solutions so

that in case of circumventing another layer,
another protection still provides protection.
The minimum need-to-know principle
assigns users and processes only the maximum
permissible rights. The redundancy principle,
in turn, relies on technologies to ensure that
the failure of individual components does not
interfere with the safety functions.
It is also intended to minimize the
impact of an unrestricted requirement for
system resources. Concrete technical and
organizational measures are, among other
things, the lasting basic protection and system
hardening by means of patch management
(update capability) as well as the long-term
availability of the operating systems.
Encryption of sensitive data (SSL/
TLS) during storage and transmission is
a prerequisite as well as a corresponding
network concept (segmentation/firewall/
VPN). A secure standard configuration and
user authentication as well as the allocation
of user roles are also part of the requirements
catalog. These measures and processes are
typically reviewed regularly in audits.
11.2016
IEB97_p9.indd 9
03.11.1644 17:16
Today, WAGO already fulfills all relevant

guidelines in the area of IT security and even
a large number of the requirements from the
BDEW white paper for applications in the field
of energy and water supply, which are part of
the critical infrastructure (KRITIS).
The controller family PFC 100 & 200 from
WAGO takes these developments into account.
They are characterized by a cross-platform
real-time Linux, which is available as an
open-source operating system, is scalable and
updateable, and supports tools such as Rsync,
Fail2Ban and virus scanners. Various interfaces
and fieldbuses such as CANopen, PROFIBUS DP,
DeviceNet and Modbus-TCP can also be operated
independent of the manufacturer. There are
different requirements for the level of a safety
solution, depending on the application and
the risk analysis. The WAGO-PFC family is in
any case designed to implement the currently
highest safety requirements according to ISO
27002. It provides onboard VPN functionality
based on the so-called Strongswan package,
a secure communications solution for Linux
operating systems. In addition, the data can
already be encrypted in the controller using
SSL / TLS-1.2 (Secure Sockets Layer / Transport
Layer Security) encryption.
A VPN tunnel is then built directly over
IPsec or OpenVPN and transfers the data, e.g.
to the cloud. While IPsec encrypts to operating
system level 3 or Layer 3 of the OSI layer
model, OpenVPN ensures data integrity on
the application layer (Layer 5). This results in
tamper-proof and tamper-proof communication
connections between the controllers and
network access points. An upstream VPN router
is no longer required. When communicating
with a PFC100 or 200, an encrypted LAN / WAN
connection can be established, the contents
of which can only be understood by the two
endpoints. Connections are established only
after successful authentication. An encryption
method is used with pre-shared key, in which
the keys must be known to both parties prior
to communication. This method has the
advantage that it is easy to realize.
Convincingly versatile
The controllers of the PFC family can also

be used as scalable nodes, which can be
retrofitted with already existing automation
systems without having to interfere with
the actual automation process the data is
collected in parallel and can be sent to the
cloud, for example via MQTT or OPC UA are
sent. The user is thus in a position to monitor
systems adaptively and preventively. Plant
operators have the opportunity to keep an
overview of their production facilities and to
optimize the processes step by step thanks to
their cloud capability. These complex processes
can not only be captured and visualized, for
example by Smartphone or tablet, but can also
10
SOURCE: WAGO
Technology
Applications
Adequate solutions
In transporting digital data from the field level into a cloud, existing security mechanisms must be applied intelligently.
To avert damages that could hurt the company and also gain competitive advantages, it is essential that data is
exchanged and stored securely at all times.
be optimized with analysis methods from the

big data environment with little effort.
Real added value
Data analytics tools play a crucial role in the

data flow. With the aid of the data collected
at the field level, they are able to predict
plant and thus production losses in terms
of predictive maintenance by, for example,
calculating the wear of certain machine
components.
This minimizes costly plant failures. In the
future, such an application can, for example,
predict that a certain part of the production
plant has to be exchanged in three months
thanks to data analytics. The higher-level
automation system then detects which part is
involved, asks the manufacturer for the current
delivery time and orders the spare part fully
automated.
Particularly in applications in which plants
are operated continuously, such a development
is of great relevance - for example in automated
production lines in the automotive industry or
in the process and food industry.
Rethinking-Security
Integrated automation solutions will therefore

have to have functions that go beyond mere
automation capabilities. Finally, the core

of the Industrial Internet of Things is to
use data in a profitable way and to generate
sustainable added value for the company.
However, if you want to achieve this goal, you
should consider the necessary measures to be
taken in IT security.
For the transport of digital data from the
field level into a cloud, the existing security
mechanisms must be applied intelligently, not
least if cloud connections as a complement
to the existing automation system
pre-communicate with a large number of the
protective mechanisms, which in the sense
of defense in depth solutions, have been
set up, such as access control, authorization
concepts and firewalls. To avert damages from
the company and gain competitive advantages,
it is essential that data is exchanged and
stored securely at all times.
In the future, this will only be achieved
by means of a comprehensive IT security
concept, which corresponds to the individual
requirements of the company in the sense
of a security by design principle both
for processes in the company as well as in
production.
Technology report by WAGO.
11.2016
Improve reliability, product quality and energy optimization in the facility at a

fraction of the time and cost of wired solutions.
Visualize & Integrate

Software package provides tools to visualize,
analyze and alarm from multiple devices; integrates
with cloud computing and loT platforms
Communicate
Wireless gateway collects sensor data
and delivers to servers
Gather
Wireless, battery operated sensor nodes
monitor temperature, humidity and air pressure
)!ovides highly reliable environmental monitoring

via wireless mesh network with redundant pathways
)%!"$rate time-stamped data collection for improved

analytic accuracy
) ""#"'oyment and maintenance with

complete kits featuring wireless technology
) "$res data and network security with 128-bit and 256-bit

encryption, authentication and network access control
)$"#"#"overhead by allowing
inter#$#"#!$"ress
IEB97_p11.indd 11
premise or in cloud
03.11.1644 11:01
Applications
OPC UA and how it impacts

Oil & Gas applications
OPC UAs object- and service-oriented architecture is enabling interoperability with other platforms. For
exchanging information in offshore oil and gas production, the ability to collect and analyze exponentially
growing sets of data is at an unprecedented level, due to wide adoption of Big Data.
SOURCE: ICONICS
OPC UNIFIED ARCHITECTURE is an important

building block that enables users to build
the next generation of automation software
solutions.
The result of a multi-year collaboration of
industry leaders that built an open standard
for exchanging information in a rich, objectoriented and secure fashion, the key to
the success of the OPC UA standard is that
it represents the answer to a fundamental
need for mapping and exchanging real-life
information in an object-oriented way.
Object-Oriented
The information carried within an object is far

richer than the information carried with simple
raw data, as many automated applications were
designed to process. Rather than analyzing a
single, isolated row of data, however, its far
more interesting to analyze the data in terms
of its relationship with other data and in terms
of the operation that can be performed.
Any real-life object carries a tremendous
amount of information within it. For example,
when thinking in terms of objects, the
information carried by an oil tank object
is far superior to the simple combination of
individual row data for pressure and tank level.
A physical oil tank is an object that plant
operators can physically interact with by filling
or emptying, by changing a reference pressure
set point or by analyzing how a change of a
parameter affects the others. This information
is logically grouped and must be analyzed all
together.
In software terms, an object is a collection
of properties (pressure and tank levels),
methods (fill or empty) and events (tank level
is too high, pressure is too low). Objects are
organized in hierarchies in such a way that an
object can contain simpler, smaller objects as
properties (the valve of an oil tank can, itself,
be an object that exposes properties, methods
and events). When thinking in these terms and
operating parameters, its clear how beneficial
it would be to map the data of a tank farm into
a hierarchy of objects.
The object-oriented nature of OPC UA
software technology enables re-usability
of assets across on-shore and off-shore
operations and provides a common object
management method to support complex and
flexible data models.
12
As the scale of Oil and Gas operations continue to expand, managing and extrapolating meaningful relationships from
process will only become more and more complex.
Service-oriented solution
OPC UA has a dual nature: it is objectoriented and it is service-oriented. The

service- oriented nature of OPC UA allows for
broader interoperability with a range of other
platforms, as well as for increased visibility
and security.
Communication over a network has
always been a potential security risk. OPC
UA security involves the authentication of
clients and servers, the authentication of
users, the integrity and confidentiality of their
communications, and the verifiability of claims
of functionality. The OPC Unified Architecture
security model secures communications, while
its encryption ensures that data security is
held to the highest standards.
Impact on Oil & Gas Industry
Over the past decade, software vendors have

used object-oriented and service-oriented
architectures to design products that are
both scalable and reliable. However, these
successful architectural models only recently
started to be used for the exchange of
information in offshore oil and gas production.
More recently, the ability to collect and
analyze exponentially growing sets of data is
at an unprecedented level, due to the wide
adoption of Big Data. At the same time, mobile
devices are transforming the way people
interact with the environment, connecting to
a tremendous amount of information anytime,
anywhere.
As the scale of Oil and Gas operations
11.2016
NEW
ix Industrial Series
Rugged, Compact and High-Speed I/O Connectors

provide Ethernet connectivity solutions for Industry 4.0
Security System
PLC
FA Camera
Motors & Drives
Industrial Robots
70% space saving vs RJ45
Consider replacing the RJ45 with the new ix Industrial series

With a 70% size reduction compared to a conventional RJ45, the new ix Industrial connector provides more
connections in less space on the PCB - space that can now be used more efficiently. The robust metal lock prevents
accidental disconnection of the plug from the socket, reducing the downtime of industrial equipment.
Cat.6A High-Speed, 10Gbps performance supports Ethernet connectivity in compliance with IEC/PAS 61076-3-124.
Hiroses core technologies in miniature connectors offer you a clear commitment for a new standard of Ethernet
connection suitable for Industry 4.0 applications.
CONNECTING THE FUTURE
www.hirose.com/eu
info@hiroseeurope.eu
IEB97_p15.indd 15
29.10.16 11:00
OPC UA standard
OPC UA does not replace existing standards

such as OPC, but rather complements them
by providing a common interoperability
layer for exchanging information and
orchestrating processes. OPC UA embodies all
the functionality of the existing OPC servers
and allows for backward compatibility with
previous standards.
One of the key problems with standards of
this magnitude is that implementing them
can be quite challenging. The OPC Foundation
has taken many steps to guarantee that the
implementation of the standard would be a
relatively straightforward and easy process.
To facilitate the adoption of the new
standard and to reduce the barrier to entry, the
OPC Foundation developed an OPC UA software
development kit (SDK). The SDK is the entry
point to jump-start your existing applications
and make them OPC UA-enabled. The SDK
consists of a series of application programming
interfaces and sample code implementations.
To that end, the UA specification is written
to be platform- agnostic and, for that reason,
the SDK comes in different flavors to facilitate
adoption on different platforms. The .Net,
ANSI C and Java sample implementations are
provided to OPC Foundation members.
Each flavor of the SDK is designed to fit
special needs in terms of platforms, memory
and processor requirements, but they are all
capable of seamless interoperation with each
other. The .Net version of the SDK is more
suited for rich client/server implementation,
while the ANSI C version is more suited for
thin implementation for embedded devices,
14
SOURCE: ICONICS
Applications
increase, managing and extrapolating

meaningful relationships from data will only
get more complex. In addition, the need for
remote access to data and remote collaboration
will increase along with the number of widely
dispersed assets and mobile workers.
With mobile solutions now able to connect
to OPC UA, BACnet, SNMP, Modbus TCP/IP, Web
services and more, there is unlimited potential
gain in tapping into the Industrial Internet
of Things. With simple connectivity, mobile
devices are enabling operators, field service
workers, managers, executives and others in
the industry to securely visualize oil fields,
offshore rigs, pipelines and refineries. Anyone
with a mobile device can use best in class apps
to remotely monitor assets, instantly access
operational key performance indicators and
respond to alarms and alerts in real time.
Slowly, but surely, the industry has
adopted real-time monitoring and wireless
communication systems, experiencing
significant gains in efficiency, safety and cost
savings. Recent advances in mobile technology
spark change in how quickly the industry
adopts and leverages products that software
vendors now provide.
Since mobile solutions are able to connect to OPC UA, BACnet, SNMP, Modbus TCP/IP, web services and more. Use
of mobile devices is enabling operators, field service workers, managers, executives and others in the industry to
securely visualize oil fields, offshore rigs, pipelines and refineries.
where memory footprint and CPU utilization

are more important. The Java implementation
is more suited for the Web environment and
thin clients, but can also be used in other
environments. Each software vendor can
pick the implementation that they prefer,
depending on the unique requirements for
performance, cross-platform capability and
Internet- friendliness.
In addition to the SDK, the OPC Foundation
has also provided a series of binary adapters.
The adapter can be used to grant direct access
to all legacy COM-based OPC servers from the
OPC UA Client. Simultaneously, the adapter
can also be used to grant access to a subset of
OPC UA server features from legacy OPC clients.
Compliance tools
Software programming is not an exact science.

Even with the availability of the OPC UA SDK
sample code, there is still room for errors
such as misinterpretation of the specification
or simple coding errors. So how do you
reduce the number of errors and guarantee
an unambiguous interpretation of the
standard? How do you ultimately guarantee
interoperability between software produced by
different vendors?
To facilitate the successful adoption of OPC
UA solutions, the OPC Foundation introduced
a series of compliance tools aimed at verifying
that a given product is fully compliant with the
standard. Software vendors can submit their

applications to independent test companies
that will certify the compliance with the
standard using the compliance tools. Having
a certified solution guarantees reliable data
exchange between applications from different
vendors, and is beneficial for everyone.
The OPC UA SDK enables software vendors to
quickly move information horizontally between
devices on different industrial networks from
different vendors, as well as vertically from the
plant through the enterprise of multi-vendor
systems with stops in between.
Several leading suppliers have partnered to
provide end-to-end solutions that leverage
the OPC Unified Architecture to deliver value
to end-user customers. In April 2013, OPC
UA was selected as the protocol standard for
Master Control Systems (MCS) and Distributed
Control Systems (DCS) in offshore oil and gas
production.
The MDIS (MCS-DCS Interface
Standardization) network chose OPC UA for
its robustness and reliability, to securely
transfer data and ensure that the data is of the
highest quality. Interest in these technologies
continues to increase, ensuring that OPC UA is
on the road to success as the leading standard
for exchanging information throughout the
enterprise for the Oil and Gas industry.
Technology report by Iconics.
11.2016
IEB97_p15.indd 15
03.11.1644 15:25
Technology
Preemption standard enables

high priority frames and traffic
A NEW ADDITION TO THE ETHERNET STANDARD,
Preemption (IEEE 802.1Qbu/802.3Qbr), from
the Institute of Electrical and Electronics
Engineers (IEEE) allows a high priority frame to
interrupt a low priority frame in transmission,
minimizing latencies in the high priority
traffic. In Industrial Automation Control
System (IACS) applications, preemption can
further convergence of multiple networks of
differing technologies into a single Ethernet
and IP infrastructure, enabling self-organizing
plant operations and order controlled
production. By highly decreasing the impact
of lower priority traffic on important traffic,
both types of traffic can be mixed on the same
link. This technology could also further allow
the spread of Ethernet for in-car networks and
replacement of previous in-car networks used
for critical control, bringing the autonomous
car closer to mass market.
A switch supporting quality of service
implements multiple egress queues on each
port, placing incoming frames into one of
these queues based on each frames quality of
service tag. When an egress port has finished
transmitting a frame, it selects the frame from
the highest priority queue with an outgoing
frame stored for transmission. Because all of
these queues are serviced by a single Media
Access Control (MAC), once started, a switch
cannot abort or interrupt transmission of a
frame, even when a frame becomes available
on a far higher priority egress queue.
MAC sublayers share link
At its core, preemption allows two different

MAC sublayers to share a single link. The
MAC sublayer is responsible for enforcing
frame transmission and reception rules for
the Ethernet media. This is achieved by the
addition of a MAC Merge sublayer below these
two MAC sublayers to both direct received
traffic to the proper MAC and coordinate
the transmitting of frames from both MAC
sublayers onto the link that they share. This
allows one MAC - an Express MAC - to carry
higher priority traffic with a lower maximum
latency, while the other MAC - a Preemptable
MAC - is used for frames where latency and
delay is less of a concern. Frames from the
Express MAC are always given priority to the
media over other traffic.
If a frame arrives from higher layers at the
16
SOURCE: AVNU ALLIANCE
A new IEEE standard allows high priority frames to interrupt low priority frames in transmission, and
minimizes the latency of high priority traffic. For industrial control systems, it also can further enable the
convergence of multiple networks that use differing technologies into a single Ethernet and IP infrastructure.
Traffic generator creates priority and best-effort traffic. Switch A to Switch B sends preemptable traffic. A traffic
sniffer is used to validate preemption correctness. The traffic analyser measures overall traffic latency.
Express MAC for transmission on the media

and a frame is currently being sent from
the Preemptable MAC, then the MAC Merge
sublayer decides whether to interrupt the
frame in progress. If interrupting the frame
in progress will still yield valid sized minimum
segments for both the current transmission
and for the remaining portion of the frame
data, then it will interrupt the frame in
progress by sending a 4-byte checksum. This
will indicate to the link partner that the frame
is not complete.
After the minimum recovery period, 96 bit
times, the station may then send the frame
from the Express MAC. If nothing else is to
be transmitted after waiting the minimum
recovery period, the continuation of the
interrupted frame may be sent. In this way,
the effective maximum latency of a link can
be reduced for Express traffic as it becomes
no longer necessary to wait for longer frames
already in progress. Frames of 124 bytes or
larger can be preempted depending on the
supported minimum of the receiving station.
This technology can also be used to
inhibit the Preemptable MAC from beginning
transmission, even if no frame is currently
ready from the Express MAC. This can be useful
if the system is aware that it will soon have a
high priority frame to transmit and wants to

have it transmitted as soon as it is ready. This
can yield an even lower maximum latency in
controlled environments, for instance when
frames are ready at predictable intervals.
In an IACS, best effort networks are often
designed around the modelled worst case
delay from message transmission to receipt
through the network. The biggest variable in
this equation is presence of PC-centric traffic
on the network. Quality of Service mitigates
significant proportions of this risk through
implementation of high priority queues, but
there remains a risk of a time critical packet
becoming available in an egress queue shortly
after the switch starts to service a lower
priority packet. At 100MBps the maximum
Ethernet frame size is 1,518 bytes with a
transmission time including Preamble, SFD
and inter packet gap but excluding VLAN
tagging, of 123.04s.
Lets work through an example. Say a high
speed packaging machine with 9 axes where
application demanded communication rates are
largely a factor of the mechanical bandwidth
of gearboxes, transmission belts etc. Each
1ms, a high priority frame of 150bytes (typical
in IACS applications) is transmitted. It has
a transmission time of 12.64s (@100MBps)
11.2016
Engineer a Better Network

Introducing the industrys first field-hardened
SDN-enabled Ethernet switch.
Todays power system engineers need the convenience of Ethernet combined with
low latency and fast healing to support mission-critical substation applications.
The SEL-2740S Software-Defined Network Switch and SEL-5056 Software-Defined
Network Flow Controller provide an innovative solution that employs software-defined
networking (SDN) to enhance the dependability, performance, configuration, and
management of proactive OT and dynamic IT networks.
Engineer a better networkit starts with the SDN-enabled SEL-2740S.
With failover times of less than 100 microseconds, ensure the performance of
mission-critical applications under all conditions.
Simplify the design, testing, and implementation of critical power utility and
industrial OT networks by using the SEL-5056 Flow Controller.
Strengthen cybersecurity through deny-by-default network access control.
Seamlessly integrate with existing network infrastructure through OpenFlow 1.3
standard support.
Order your evaluation system to see the advantages of SDN for yourself.
For details, visit www.selinc.com/betternetwork.
IEB94_p9.indd 9
29.04.1617 12:20
Technology
802.3 Ethernet with Preemption disabled (left). 802.3br Ethernet with Preemption enabled (right).
pre-empted i.e. every 11.44s the packet can

be pre-empted. Now the IACS designer only
needs to consider a worst case interruption of
11.44s. The calculation is the same, but the
answer is very different: (250-11.44)/12.64 =
18. For the IACS, the effective bandwidth of
the network has been increased by 80%. In
a linear network, as the number of switches
that the packet must go through grows, the
cumulative effect and benefit increases.
In this example the benefit to the IACS
of scheduling are only incremental because
elimination of the last 11.4s only results
in adding 1 whole device to the network.
However, looking at the same equation, but
from the perspective of the lower priority
packet, the worst case delay must assume that
all 18 IACS devices transmit simultaneously
and all interrupt its progress. The additional
delay of waiting to send after eighteen 150
byte frames would be 244.8s. If this cannot
be accepted then additional techniques, like
scheduling, must be applied to ensure that
start points of transmissions are appropriately
and must be delivered from server to client

within a maximum time of 250s. Its worst
case transmission time (through a two layer
star network and excluding switch latencies),
must be considered to be 135.68s because of
the possibility of a low priority maximum size
packet being serviced just before the higher
priority packet becomes available.
Not a problem, except that IACS applications
are characterized by a very large number
of servers connecting to a single client. In
this example, how many servers can transmit
simultaneously and still meet their timely
delivery requirement? The simple answer is
determined by the maximum delivery time
minus the worst case interruption all divided
by server transmission time, in this case: (250
123.04)/12.64. The result is 10.04, but the
number of devices must be an integer, so a
maximum of 10 devices can be serviced. In
this worst case example, the next 750s has
no network traffic.
Now apply preemption, where every 124
bytes the maximum size packet can be
sequenced. For data streams, like video

streaming, this size of delay will not be visible
to the user. Similarly, if there are multiple
high priority streams from multiple disciplines
traversing the network, then preemption alone
may not allow the designer to guarantee all
maximum latencies are met and it may be
necessary to implement further enhancements
like scheduling.
In this sample Industrial Automation
Control System application, moving to Gbps
offers a greater reward. It reduces all of the
transmission times by a factor of 10, but it
does not change the fundamental dynamics
of the mechanical system so the application
driven packet rates do not change. Applying
the same mathematics (maximum delivery time
worst case interruption)/(server transmission
time) shows the maximum number of devices
that can be on a network without preemption
is 188, and with is 196; this is only a 4%
improvement.
This migration to Gbps is not practical for
many systems; in brownfield, retrofit and
high electromagnetic noise environments,
preemption (and scheduling) may be far more
easily deployable.
A public demonstration showing
interoperability and benefits of using
preemption was shown in the Avnu Alliance
booth at the 2016 IEEE-SA Ethernet & IP @
Automotive Technology Day by three member
companies that play roles in the automotive
and industrial ecosystem: test tool supplier
(Ixia), silicon supplier (Renesas) and
conformance test provider (University of New
Hampshire Interoperability Lab).
The Avnu Alliance is a community building
an ecosystem for diverse applications where
precise timing is critical to moving data
across todays crowded networks. The Alliance,
in conjunction with other complimentary
standards bodies and alliances, drives
ecosystems built on open standards in
professional AV, automotive, industrial control
and consumer industries.
Paul Brooks, Business Development at Rockwell
Automation, Peter Scruton, Manager, Embedded
Systems Technologies at The University of
New Hampshire InterOperability Laboratory
(UNH-IOL)and Bogdan Tenea, Product
Specialitist at Ixia.
Evaluate validate preempted traffic format. Compare express and preempted traffic latency and jitter.
18
11.2016
Technology
OPC UA industrial networks for

digital factory infrastructure
SOURCE: SIEMENS
Technologies
To achieve a complete integration of the IT and automation infrastructures, from sensors to the cloud, the
OPC UA unified architecture is a vital technology. The goal is end-to-end engineering that unites product
design and production engineering, and creates a new level of performance for flexible automation systems.
Flexible
Automation
End-to-End
Engineering
Semantic
Integration of Data
Processes
Digital Infrastructure
R&D
Inbound
Logistics
Engineering
Production
Sales /
Outbound
Logistics
Services
The essential technology areas of the digital factory require a common digital infrastructure.
THE INTEGRATION OF DIFFERENT SYSTEMS

into an IT or automation infrastructure is
complicated because there are no standardized
interfaces and protocols. So what sort of
communication architecture is required for
networking the ten-thousand devices in the
digital factory? In this respect, industrial
networks and the OPC Unified Architecture
are regarded keys to the digital infrastructure.
The extent of the challenge becomes clear
when one considers the application scenarios
in the digital factory in closer detail. These
can be divided into three areas. Firstly, the
end-to-end engineering means that the data
from product design can be used for the
production engineering, to create control
programs, for example.
This enables different aspects of an event to
be recorded and developed in a standardized
data model, which simplifies changes, helps
to avoid errors, and considerably reduces the
engineering times, including the time required
to implement production.
Secondly, flexible automation is aiming to
resolve the (apparent) contradiction between
flexibility and automation, in order that a
variety of products can be manufactured in
the same plant. Collaborative robots, which
1 1. 2016
assist their human colleagues, are one

example of how the consistent performance
capability and precision of a machine can
ideally complement the human capabilities of
handling complex and dynamic situations. This
aspect includes such new production methods
as 3D printing. And thirdly, with the collection
and integration of data across the entire life
of a machine, new services become possible,
for maintenance purpose, for example.
Vertical and horizontal integration
Present-day solutions usually follow a typical

automation pyramid pattern. In other words,
the individual layers, from the sensor, via the
controller and HMI level, to the MES and ERP
system, are hierarchically constructed and
often permit no direct access from the top level
systems to the layers further below unless
explicit routing through the intermediate
layers is provided for this purpose.
The digital factory, on the other hand,
emphasizes the horizontal integration (that
is, between components on the same level)
and the vertical integration (communication
between layers) of the communication levels.
On the one hand, this breaks up the previously
rigid cellular organization in the digital factory
(for example, by means of freely mobile,

autonomous robots); the machines therefore
need an information infrastructure that is no
longer organized on a strictly hierarchical
basis, but takes into account the respective,
dynamically changing environment.
The integration of data as a source of
information for analytical, data-based
services leads, on the other hand, to the
breakup of the horizontal layers. Because in
order, for example, to gain new insights for
predictive maintenance, a high density of
data is necessary at all levels, starting with
design and engineering, through quality data
in production, to sensors that deliver their
measured values to the IT systems (cloud)
when a machine is used.
Under certain circumstances, this data is
not relevant for the PLC that controls the
production machine, or would misuse the
resources of the controller for data routing
exclusively. It is therefore reasonable that,
although the sensors act on the one hand as a
source of information, on the other hand they
deliver their results directly to the data pool
in the cloud in different cycles, resolutions or
with different measured values.
Ultimately, such as digital factory may be
19
SOURCE: SIEMENS
Technology
Different aggregation levels and a factory backbone in a ring structure form the Industrial Network Topology.
a network topology. On the one hand, this

permits fast communication between the
devices in the individual cells and, on the
other hand, it ensures a high-performance
link between office network and the various
sub-areas.
In order, however, to meet the aims and

requirements of the digital factory, an
end-to-end network topology is simply not
enough. What is required is a communication
protocol that is open and standardized,
provides sufficient semantic information and
SOURCE: SIEMENS
imagined, not as an unchangeable system,

but rather as an organism that continually
adapts itself (autonomously or by means
of engineering) to the new requirements.
Accordingly, such an architecture must be
flexible and easy to maintain, in order that
the complexity can be intelligently mastered.
Demands on the data networks
The communications infrastructure that is

necessary as a basis for the architecture
outlined must therefore satisfy different
requirements. On the one hand, properties
such as the use of open standards, availability,
quality of service and, above all, security
are demanded that already characterize an
Industrial Ethernet today. As on the other
hand, however, the connection to IT systems
for data-based services and an increased
transparency across all levels are required, a
link between office and production networks
is necessary.
Although this ensures the performance in the
Industrial network by means of safeguarding
mechanisms, it nevertheless permits access to
all layers, devices and components. This points
to the use of different aggregation stages and
the introduction of a factory backbone as
20
With the CP 443-1 module, Siemens supports the OPC UA architecture for Simatic S7 400 automation system.
11.2016
Communication for digital factory
The answer to these demands is the Unified

Architecture protocol of the Open Platform
Communications Foundation (OPC UA). The
most important thing about OPC UA is that
it is not only a protocol, but also a complete
architecture that provides software stacks
suitable for the transmission definition for
device and software suppliers, as well as
engineering tools for the system integrators.
In this way, OPC UA offers major advantages.
Firstly, the information model ensures
that all data is transmitted on a type-safe
basis. Even complex data types (structures)
are possible. Apart from the exclusively
data values, OPC UA also transmits semantic
information between the communication
partners. As the architecture functions on an
object-oriented basis, the semantics are woven
into an object context thus comprising
more than just a speaking identifier, but
always referring to the overall object with its
properties and methods.
Function calls via the network permit
a certain amount of control over the
communication partner. Finally, events
are supported as ad-hoc communication or
message brokers for the connection to the
cloud.
The fail-safe nature of the implementation
is enhanced by interfaces that introduce their
specification to the engineering environment
(browseable interfaces). For each device,
a description file can be imported into the
engineering or read from the device available
online that offers a detailed specification of
the interface.
The correct use of the interface in the user
program is ensured by the development tools.
Another key point is the protection against
unauthorized access. As a defense mechanism,
for example, OPC UA uses X.509 certificates
and corresponding security protocols.
For actual use in different applications,
industrial associations collaborate with the
OPC Foundation on Companion Specifications
that supplement the standards of OPC UA
for a specific domain. One example is the
collaboration with PLCopen, in which the
shared block and access procedure for data
has been defined in a programmable logic
controller (PLC).
Suppliers such as Siemens integrate these
mechanisms to enable the integration based
on OPC UA of the controller, for example,
with devices from other manufacturers or
with PC/IT systems. For example, the CP 443
1, which is used as a connection module
in the Simatic S7 400 system, supports the
1 1. 2016
client and server functionality of OPC UA. In

this way, other systems can access the data
areas of the Simatic S7 400 CPU, previously
released in the engineering phase, via the
standardized interface. Thanks to this module,
existing plants can be retrofitted with OPC UA
communication options.
Until OPC UA can be used as an integrated
communication architecture, however, further
standardized tasks must be completed, as
some areas of industrial communication are
not yet fully covered.
For example, on the level of the sensors,
only a few series of devices, or technologies
such as radio frequency identification (RFID)
systems, are specified for OPC UA. In addition,
definitions are required at a higher level if
it is no longer to be a matter of technical

parameters, such as the transmission power
of an RFID reader, or the access to process
data exclusively. Instead it will be necessary,
to standardize functional characteristics
according to industry and application which
correspond more with the engineering context
of the plant engineer and less with that of the
software designer.
Yet, apart from these future tasks, OPC UA
today is a unique communication architecture
in terms of its scope and is indispensable for
the vertical and horizontal integration within
the digital factory.
Technology
translation options, is easy to expand and

maintain, offers maximum security in various
different versions, and also has memory and
processing requirements that are low enough
to be implemented on small devices.
Markus Weinlnder, Siemens AG, Digital Factory/

Process Industries and Drives
MORE
IIoT
Data.
Processes.
Devices.
Locations.
Red Lion has been connecting devices and moving data for
years, enabling customers to easily advance to the Industrial
Internet of Things (IIoT). Our IIoT-ready industrial automation
and networking products:
Connect: Extend equipment lifespan with protocol conversion
Monitor: Improve process visibility with visual management
Control: Push control to the edge with remote monitoring
Network: Expand network reliability with industrial Ethernet
Learn more today at www.redlion.net/moreIIoT
Hall 8 Booth 427

Hall 3.1 Industry Forum 4.0
Connect. Monitor. Control. I www.redlion.net

2016 Red Lion Controls, Inc. All Rights Reserved.
21
Technology
Applications
Smart connectivity transmits

data from machines to the cloud
Connectivity solutions need to be smaller, more powerful and smarter for Industry 4.0 and the IoT to
succeed. Connectors will become active players in passing more information such as energy consumption over
networks. But ultimately, process data needs to be aggregated, enriched and analyzed in IT systems.
SOURCE: TE CONNECTIVITY
WHILE A WEALTH OF MACHINE DATA is already

available today at field level, extracting this
data is often not possible. TE Connectivity
(TE) is therefore currently developing smart
connectivity technology that will bridge the
world of automation and IT. Pilot projects in
the companys own factories have shown that
productivity can be increased cost-effectively
by adopting this approach.
Connection technology not only has
to become increasingly smaller and more
powerful in the course of factory digitalization
associated with Industry 4.0 and the Internet
of Things (IoT); it also has to become
smarter. In other words, components such as
connectors will become active players that,
for example, pass on information on energy
consumption in a network. To ultimately gain
a detailed insight into the processes, the data
has to be aggregated and enriched so that it
can be analyzed in IT systems.
Proof of practicality
The pilot projects carried out by TE, which

delivered a significant improvement in
overall equipment effectiveness (OEE) what
previously took a year was achieved within
three months revealed that the first step is to
establish a digital infrastructure in factories.
Apart from standardizing Manufacturing
Execution Systems (MES) and extending the
network infrastructure, this also includes
connecting machines to IT systems. Obstacles
have to be overcome in the implementation;
something which applies not only in TE
factories but more or less in all factories. For
example:
While larger systems, such as stamping
machines, are connected to a network and
hence also to an MES or SCADA system
(Supervisory Control and Data Acquisition),
many peripheral machines, such as reelers
which roll and unroll reels, are not. Only a
fraction of the information available in the
machines is also actually available for analysis
according to findings by TE, on average only
five percent of sensor data is processed in
the controllers. Significant effort is required
to access the remaining data, ranging from
reprogramming controllers through to
extending the capacity of the network.
The machine data models are generally
not uniform, which is why they have to be
adapted individually. More than 60 percent of
22
According to findings by TE, only a fraction of the information available in machines is also actually available for
analysis. On average, only five percent of available sensor data is processed in the controllers.
the costs in the pilot projects were consumed

by manpower that had to be invested in order
to interpret and structure the data. Apart from
the huge costs that this inevitably entails,
the ability to roll out such solutions is also
limited by the availability of employees with
the necessary skill set of production and IT
know-how.
In blunt terms, automation technology and
IT are two very different things. The former
is based on deterministic processes and uses
software that has to survive the entire lifetime
of a machine, based on quality-driven methods
such as the V-Model.
The software in the digital factory, on the
other hand, will change constantly, owing to,
for example, new functionalities or security
updates; these are gaining in importance as
production processes become networked with
the cyber world. This evolution simply cannot
be achieved with deterministic machine
control solutions.
Comprehensive analyses
There are various options for integrating

participants in a network and recording,
transmitting and analyzing a variety of
data, without the costs necessarily having
to rocket. One such possibility is to install
additional sensors in the machines for sole
use by applications that have nothing to do
with control tasks.
This is already practiced today, for example,
when counting good parts. An MES places an
order and, as soon as this is completed, the
machine can be used again elsewhere. But also
special tasks, such as predictive maintenance
of motor or press bearings, can be performed
in this way.
A second option is to install gateways, but
only data that is offered by the controllers is
normally available in this case. This approach
is therefore primarily used to monitor the
status of machines.
The third option involves equipping
11.2016
SOURCE: TE CONNECTIVITY
Precise and simple!

Time synchronization
using IEEE 1588/PTP
7LPHV\QFKURQL]DWLRQYLD
(WKHU1HW,3RU3URQHW
There are a variety of options for integrating participants in a network and recording, transmitting and analyzing a
variety of data, without the costs needing to sky rocket. One possibility is to install additional sensors in the machines
for sole use by applications that have nothing to do with control tasks.
machines with smart field devices that

allow them to be modeled in detail in IT
systems and enable the performance to be
analyzed precisely using methods such as SPC
(Statistical Process Control).
One example of this is an I/O module,
IoT OmniGate I/O Module, from TE into
which a mini-computer has been integrated.
I/O modules capture data from sensors
and actuators and forward this data to the
controllers using a higher-level bus system.
The smart I/O module, which acts in
addition as a so-called edge computer, allows
a further path to be configured in addition to
this real-time communication path; data for
smart applications in the sense of Industry
4.0 and IoT can be aggregated in the machine
over this second path and then transmitted to
IT systems.
What are the advantages of the IoT
OmniGate approach for applications? Because
I/O modules are already available in machines
today, they can be replaced ease without
necessarily changing their architecture and
interfaces. Moreover, the semantics of the
data models used to describe the automation
components can be drawn on to create
new databases. Hence there is no need to
reconsider each time how to save the data of
specific components.
A software tool to configure the smart I/O
1 1. 2016
module will be presented as a prototype by

TE for the first time at SPS IPC Drives 2016
as well as part of the IoT OmniGate family.
It can be used, for example, to determine
compatibility with the software of the sensors
and controllers, and to generate IP interfaces
for passing on the extracted data in structured
form to other systems such as ERP systems.
This means that the data no longer has to be
requested from different locations, and also
that its format is always the same, simplifying
work considerably.
+LJKHVWWLPLQJDFFXUDF\LQ
QDQRVHFRQGUDQJH
5HGXQGDQF\WKURXJKDXWRPDWHG
VZLWFKLQJRIUHIHUHQFHFORFNV
/RFDOJHQHUDWLRQRIWLPHFRGHVOLNH
,5,*%'&)RU33;3XOVHV
Conclusion
Smart connection technology is a core element

of digitalizing factories. TE Connectivity is
currently developing solutions that will allow
machine data to be extract, aggregated,
pre-evaluated and then forwarded to (cloudbased) IT systems. This will enable problems
to be identified early on, thus avoiding, for
example, downtime or costs for excessive
energy consumption.
In addition, even installed machines
can be connected to IT systems with smart
connectivity technology, without the need
for such expensive tasks as reprogramming
controllers.
OMICRON Lab IEEE 1588/PTP

Timing Solutions:
OTMC 100
,(((373*UDQGPDVWHU&ORFN
TICRO 100
,(((3737LPH&RQYHUWHU
www.omicron-lab.com/timing
Daniel Walldorf, Industrial IoT Platforms &

Ventures at TE Connectivity.
Smart Timing Solutions
Applications
Automotive parts supplier

launches IoT initiative
SOURCE: KEPWARE
Recognizing the need for connectivity, data access and scalability, automotive parts supplier HIROTEC
developed a six week sprint strategy to capitalize on connectivity benefits and turned to an IoT platform to
enable company-wide, device-to-cloud connectivity through one overarching toolset.
HIROTEC AMERICA is part of the HIROTEC
Group Companies, and globally recognized
as a Tier-1 parts and tooling supplier for the
automotive industry. The parts and tooling
supplier designs and builds roughly 7 million
doors and 1.5 million exhaust systems a
year, making it one of the largest private
production companies in todays global
automotive market.
The Challenge
Operational downtime is a significant issue

facing Original Equipment Manufacturers
(OEMs). In most cases, the machinery involved
runs without condition-based monitoring
essentially operating until a failure occurs. At
that time, appropriate personnel are contacted
to assess the situation and make the repairs
as expeditiously as possible to prevent
dramatically delaying production schedules.
Outside factors like weather or traffic patterns
might also add to possible downtime scenarios
and lead to organizational inefficiencies and/
or misallocation of resources.
HIROTEC sought to eliminate this trend of
reactive maintenance and lost opportunities
by utilizing the information and systems it
had on hand to gain deeper insight into its
operations and processes. The automotive
supplier had long collected industrial data
from sensors and machines across customer
production facilities and its own systems
to support its decisions and track business
progress.
However, volumes of this data were
manually separated and stored across
multiple sourcesmaking it inaccessible to
collective and systematic analysis. In order
to improve quality, reduce downtime, and
optimize production schedules, HIROTEC
needed to implement a modern, automated
solution that could gather maintenance and
operational information into one source and
offer actionable recommendations to its
quality professionals.
A lack of data was never an issue for us,
said Justin Hester, Senior Researcher for
HIROTEC. As one of the largest automotive
manufacturing suppliers in the world, we
collect volumes of datasets on a daily
basis. The problem we were faced with was
transitioning from a data-heavy organization
to a data-smart organization. We realized
24
Instead of integrating multiple solutions across business functions, HIROTEC turned to KEPServerEX and the
ThingWorx IoT Platform solutions to enable company-wide device-to-cloud connectivity using one toolset.
that in order to bolster profits from untapped

machine-generated information, we needed to
look towards modern solutions that automated
the process and enabled timely, data-driven
decisions.
The Approach
Recognizing the need for connectivity, data

access, and scalability, executives at HIROTEC
worked to develop a competitive strategy to
capitalize on the potential benefits of the
Internet of Things (IoT). The initiative began
with identifying the fundamental technologies
that would fuel the IoT effort. After
evaluating several traditional IoT offerings
from traditional industrial automation
vendors, HIROTEC found that many solutions
were restricted to a single business aspect,
protocol, or standard.
Not wanting to waste time and effort
integrating multiple solutions across several
business functions, HIROTEC finally turned to
Kepwares KEPServerEX and the ThingWorx IoT
Platform (both solutions from PTC) to enable
company-wide device-to-cloud connectivity
through one overarching toolset. Working
together to deploy a single source of smart
solutions for the IoT, the ThingWorx platform
would be able to provide analytical insight

into HIROTECs data through industrial
data streamed from the IoT Gateway for
KEPServerEX, an advanced plug-in capable of
pushing information from KEPServerEX into
Big Data and analytic software applications.
To support the companys long-term
IoT vision, HIROTEC collaborated with
representatives at PTC to build an IoT
framework supported by short, six-week agile
sprints. Where a full IoT implementation
may have taken years to generate a proof of
concept, the Scrum model provided company
executives with visible and quantifiable
progress in just weeks.
We see and speak with many manufacturing
organizations, and it is clear they are
interested in the Internet of Things. They see
the potential and would like to do something
with the technology. Despite the desire that
exists, many remain frozen because the
prospect of a full-blown implementation is so
daunting and uncertain, said Hester. This
is why we advocate so strongly for the shortsprint model we have adopted at HIROTEC.
We dont want to boil the ocean; we want to
start with low-hanging, solvable problems and
build out our case and experience.
11.2016
SOURCE: KEPWARE
HIROTEC is planning to expand its IoT efforts to include every aspect of its business from operations and IT to
financial forecasting, customer relations, and sales.
Test bed in Detroit
Michigan was chosen as the test bed for the

first small sprint because of the unique data
types generated among its eight Computer
Numerical Control (CNC) machines. Kepwares
IoT Gateway for KEPServerEX collects data
from the CNC machines and streams it in
real-time to the Cloud, where the ThingWorx
IoT Platform provides analytics and data
visualizations. This solution gives HIROTEC
labor-free access to a customized visualization
of both the operations and conditions of its
industrial devices and systems.
When first embarking on our IoT journey,
HIROTECs core objective was to remain
flexible in our ability to connect things,
said Hester. The offerings and expertise by
Kepware and PTC have enabled us to stay true
to our goal by effortlessly adapting to our
business processes and developing the right
IoT strategy for our teams. The IoT Gateways
ability to seamlessly put data into ThingWorx
to generate real-time insight into operations
fuels our sprint framework and allows us to
stay nimble in our decision making.
The Results
Since implementing Kepwares IoT Gateway

and the ThingWorx IoT Platform, HIROTEC has
gained increased visibility into the processes
of its CNC shop and deeper insight into
operations.
The company realized early on that
having access to CNC machine uptime data
significantly impacted the shops scheduling
process, which was previously set on
conjecture and after-the- fact analysis.
Manufacturing leadership can now leverage
real-time data from the shop floor and tie it
to the scheduling ERP system, optimizing the
scheduling of parts to CNC modules.
This process also provides greater insight
into asset and resource allocation by
automatically formulating smarter questions
1 1. 2016
about current needs and priorities and

determining the most effective course of
action. Because of this, HIROTEC has improved
productivity across the shop and increased its
ROI.
The company has also improved
collaboration between its Operations and
Information Technology (IT) departments. By
working daily with Research and Development
engineers, IT teams quickly gained access to
corporate roadmaps and strategic goals, and
were empowered to contribute at a more
strategic level. Not only has the development
of cross-functional teams improved
communications across the entire business,
but the added perspective helps promote
quicker and more efficient responses to IT
jobs.
HIROTEC anticipates its IoT efforts to
impact every aspect of its business from
Operations and IT to financial forecasting,
customer relations, and sales. As it moves
forward with sprint projects, HIROTEC will
continue to see what is useful about the
varied sets of contextualized data and use
it to create common business processes and
analyses. The auto parts supplier eventually
plans to use this insight to create an
IoT-ready production line and enable remote
equipment monitoring and management from
a centralized dashboard to promote predictive
and proactive maintenance.
In just six short weeks, weve gained more
visibility into our operations than ever before,
reinforcing our investment and belief in the
power of the IoT, said Hester. With datacentric knowledge generated from KEPServerEX
and ThingWorx, we can now make smarter and
timelier decisions that not only impact our
CNC shop, but also help us identify how we
can operate more efficiently and profitably
across all of our facilities.
Application Report by Kepware.
25
Technology
Exploring fundamentals of
automation network efficiency
HIGH-PERFORMANCE SYSTEMS can be seen

as particularly sensitive, in our everyday
perception, while more robust systems are
thought to be lacking in performance. This
applies to computers and cameras, as well as
for cars: for example, race cars are fast, yet
fairly unreliable while robust off-road vehicles
are tough, but comparatively slow. The same
goes for the field of industrial communication,
where performance (communication efficiency)
and reliability (the impact of errors on a
system) are closely connected.
However, this connection, depending on the
technology, is often surprising. The thought
that high efficiency leads to a destabilization
of the system in case of an error is not
applicable in many ways.
The following article demonstrates this
concept, highlighting different scenarios
using EtherCAT as an example.Industrial
communication encompasses various effects
that influence error situations in different
ways. Determining what happens, when
it occurs, where it happens, and for which
reason are the key questions that must be
answered quickly (which is not always easy)
when an error occurs. On the other hand, one
has to keep an eye on data consistency when
dealing with error cases.
In many applications, Ethernet has
become very popular. The robustness of the
physical data transmission with 100 Mbit/s
(Fast Ethernet) has proven itself extremely
successful in the industrial field. Therefore,
the efficiency of the protocol layers above the
physical level, with regard to their reliability,
must be discussed.
Single frame for I/O operations
One approach for evaluation is the

investigation of the protocol overhead. Using
an individual Ethernet frame for every network
participant results in significant overhead,
since even at minimum frame size, a total of
84 bytes must be sent, whereas the typical
payload is smaller than 8 bytes (e.g., CAN
between 1 and 8). This leads to an overhead
of more than 90 percent.
The usual setup of a machine shows a linear
topology for the communication system,
whereas the Fast Ethernet infrastructure
requires active coupling of the interfaces. The
26
Cycle 1
Cycle 2
Cycle 3
Cycle 4
Cycle 5
Cycle 6
Cycle 7
A random cycle error impacts the individual frame in six out of seven cases.
coupling is carried out by a Bridged LAN, or

Switched Ethernet, whereas the switches are
often an integrated part of the network nodes,
as with I/O devices or drives. Since all data is
processed in each node, one can alternatively
collect the complete user data information in
one common frame and, similar to EtherCAT,
process while the frame runs through the
system. This method of protocol processing
can be referred to as a shared frame solution.
The result is an overhead of less than 50
percent, even if the number of connected
network nodes is small. If the total payload
of the system is more than 400 bytes, this
influences the overhead in the shared frame
solution by less than 10 percent.
Even if the physical layer (PhL) of Ethernet
is robust in general, strong electromagnetic
interfering signals can lead to communication
errors. When comparing the effects of such
interference in the traditional, individual
frame approach to those in the shared frame
principle, the latter shows a far smaller error
probability within the network cycle.
Normally, most networked applications can
overcome one single error without any harm,
but if there are two errors following directly,
it is already a critical situation. Thus, the
relation between communication errors per
cycle corresponds with the critical situations.
Related to the quite realistic example noted
at the beginning of the article, this means a
much higher number of corrupted frames are
created with the individual frame approach
than compared with the shared frame solution
because the latter uses only one sixth of the
transmission time. As a result, the disturbance
influences the common frame only in one out
of every six cases.
Erroneous bits offer no impact
In motion control applications, complex

algorithms are used to interpolate the target
value and the actual values in case of a single
communication error. The individual frame
approach leads to unforeseeable results,
especially when several axes are coupled.
As a result, the much higher rate of
erroneous cycles in this approach results in
a series of cascaded and, therefore, critical
situations. Additionally, the low efficiency of
this solution (around 10 percent) increases
the rate of erroneous cycles and makes reliable
control of the application much more difficult.
Control of speed and position also relates
to motion. Regarding the position, the
control of a value is much more critical than
speed when dealing with small, incremental
changes. The pre-planning of interactions can
help to ensure readiness in cases of error. In
addition, the programming motto keep values
as long as nothing changes helps to reduce
the effects of errors in general, as well as to
avoid bundled errors.
The mentioned circumstances show that
there is no direct dependence between the
number of errors in one cycle and the resulting
control error. Single errors can even be more
critical than bundled errors.
The individual frame approach
Another problem of a solution with single

frames for each node centers on the isolation
of errors. Generally, Ethernet avoids the
transmission of disturbances, since each
connection is controlled by a special
transceiver. In todays Ethernet, the PhL is
not a bus but rather a collection of peer-topeer connections. This can cause errors, for
11.2016
SOURCE: ETG
Efficient network design can reduce bandwidth usage leading to lower error frequency, and enable fast
forwarding of frames to avoid transmission disturbance. The reliability of EtherCAT systems can be influenced
by lower protocol complexity, as well as the reduced frame traffic on the communication connections.
instance, because power supply disturbances

can impact several nodes at a time. A
comparable source for errors would be a poor
connection to the protective conductor when
the direct shield method is used.
EtherCAT documentation does not
recommend this, but it is mandatory in some
consortiums especially because multi-protocol
devices must follow that approach and may
not use alternative methods. Since grounding
in cabinets is sometimes worse than expected,
disturbances on the shield can appear where
different parts of the cabling are joined.
In such a case, the diagnosis is very
difficult which is the reason why this kind
of disturbance transmission should be avoided
if possible because of its potential affect on
applications. If you use common frames, such
as with EtherCAT, this type of disturbance
transmission only affects the same frame
several times.
In case of short individual frames with the
typical switch forwarding method, which is
defined by the IEEE standard and is normally
at least 10 times slower than EtherCAT, several
frames are transmitted on different network
participants during the same time period.
During that process, a huge time delay leads
to several different affected frames in the case
of a disturbance transmission.
As a result, data from different cycles or
communication types can be affected. For
this reason, the disturbance transmission is a
very critical factor that almost always entails
some kind of domino effect. With an EtherCAT
system, the forwarding times are short so that
even a disturbance at the beginning of a frame
cannot affect the end of a previous frame in
the network.
When several single frames are affected, the
resulting error type is hard to define. Some
input data is new, some is old. Ultimately, the
conclusion that there are only single errors
with that method is not true. Rather, it rather
requires especially sophisticated and complex
error handling strategies.
Additionally, most switches/bridges only
transmit when they have received a frame
correctly (store and forward), which leads
to different frames at each interface and the
disturbance transmission to influence a high
number of frames.
Accelerate error handling
For efficiency reasons, approaches with

individual frames generally do not deliver
prompt feedback. Direct feedback on updates
to the output data would require forwarding
from master to slave and back. This duplication
of the forwarding time would present a
limiting factor for the cycle time. Thus, the
reaction to the loss of individual output
frames is limited to the single components
without direct notification of the control unit.
In this situation, the master cannot initiate
1 1. 2016
any measures. The earliest time that such an

error can be reported is one incoming cycle
later. Until the error time-out is triggered, the
system normally needs three cycles.
EtherCAT instead creates direct feedback
with the slaves. Fast forwarding enables the
incoming data to appear in the master right
after the output data have been transmitted.
In case feedback fails to appear, the master
can start the according actions immediately
and, thanks to very little forwarding variance,
precise timeout becomes possible.
In principle, EtherCAT acts like a traditional
fieldbus, arranging for the repetition
immediately. The latter makes error handling
within the master more complex. In addition,
the availability of actual process data is more
preferable than bandwidth (with EtherCAT,
only about 15 percent), so processor
performance is often leveraged to repair old
process data. Thus, EtherCAT aims for short
cycle times, which thereby reduces the effects
of possible errors.
Unlock new
services with your
machine data.
Higher efficiency benefits
Last, but not least, when compared to

solutions based on individual frames, EtherCAT
facilitates significantly shorter cycle times (in
this example, by a factor of 6), which leads
to much higher precision as well as increased
process robustness. This enables much higher
product quality, as well as faster reaction to
errors. The shorter cycle time provides an
excellent method to improve product quality,
even in case of an error; if no errors occur,
the quality gets even better. Overall, EtherCAT
offers the best chance to maintain successful
processes, even in environments with heavy
disturbance.
Conclusion
In summary, the EtherCAT approach forms

the basis for reliable network design, reduces
bandwidth usage leading to lower error
frequency, and enables the fast forwarding
of frames to avoid transmission disturbance.
Thanks to the peer-to-peer connection via
Ethernet, reflections and other disturbances
can be avoided. This makes communication
more reliable, since the error probability is low
and the location of an error can be detected
easily.
In addition, the reliability of a system can
be influenced positively by lower protocol
complexity as well as the reduced frame traffic
on the communication connections. Clear
design is the basis for a good automation
system and is mandatory for improved
reliability.
EtherCAT adheres to the fundamental
principle of automation technology: efficiency
and reliability are two sides of the same coin!
Dr. Karl Weber is Senior Technology Expert at
the EtherCAT Technology Group.
0 1 1 0 0 1
1 0 0 1 1 0
1 0 0 1 0
0 0 1 1
0 1 0
1 1
0
0
1
1
1
1
1
0
0
1
0
0
0
0
0
0
1
1
1
1
1
1
1
1
0
1
0
0
0
0
0
1
0
1
1
1
1
1
1
0
0
0
0
0
0
0
1
0
0
0
1
1
1
1
1
1
1
1
0
0
0
0
1
0
1
0
1
1
1
1
1
1
0
1
1
0
1
0
1
1
0
1
1
0
0
1
1
0 1
1
0 1 0
0
0 1 0 1
1
0 1 0 1 0
0 1 0 1 0 1 0
0
1
0
1
1
1
1
1
1
1
1
1
0
1
0
1
1
1
0
1
0
1
0
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
1
0
1
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
1
0
1
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
0
1
0
1
0
1
0
1
TAGNAME
DATABASE
01 1 1
100 0
011
10 0 1
11 0 0
010 0
0
100
10 0 0
10 1 0
100 0
0
100
00 0 0
01 0 0
101 1
0
000
01 0 1
1
Remote Access your

machines (PLC, HMI, IP
Camera, etc.)
Gather time stamped
machine data centrally
(alarms, KPI, set point,
consumption, ...)
Use or create your own HMI
Collect data from the field
to create added-value
services
Discover eWON
Remote Data
solution at SPS!
Hall10, Stand 420
www.ewon.biz
Technology
Container and microservices

cloud architecture and platform
SOURCE: PROSOFT
A containers and microservices cloud architecture offers a standardized set of services that support
applications running inside the container, along with a connection to the cloud host environment. This
potentially offers a powerful secure platform for connecting industrial data to high-value cloud services.
Using a layered approach to security, a PCs operating system VPN minimizes the need for userinstalled software. HTTPS is deployed for all communication, requiring a certificate and one-time use
keys to authenticate the gateways, to implement a system that runs on Amazon Web Services.
CONTAINERS AND MICROSERVICES are the terms used to describe an

approach to developing applications for use in a cloud environment. The
term container brings to mind a shipping container, or a standardized
box that is used in shipping to make it easier to move products
overseas, through ports and across railways.
In cloud application development, a container is a standardized set
of services that support the application running inside the container
and provide connection to the cloud host environment. Microservices
are the applications that run inside the containers.
As opposed to writing a single, monolithic program to deliver all user
functions, developers build microservices that perform a very specific
task. Various microservices come together to form what appears to the
user as a complete cloud-based service. Yet, since each microservice
and the container it resides in is fully self-sufficient, these functions
are not dependent on each other.
New approach to development
This concept is a departure from the predominant software development

approach of the recent past. For many years, software developers built
full programs that would install on a computer and run in a specific
computer operating system. All of the functions of the program exist
within the code, and the entire program is installed together.
The program depends on the operating system to provide the required
connections to the world (input devices like the keyboard, output
devices like the monitor and network connections). In addition, all of
the functions within the program depend on each other. This approach
to programming worked well as long as there would always be a fairly
28
complex host to run the program and the computer operating system.
As more computing functions are moved to cloud hosted systems,
this paradigm is no longer the ideal way to develop computer programs.
Many applications have been ported to the cloud simply by running
a virtual machine with a specific operating system, and installing an
existing PC- or server-based program to that virtual machine. This is a
very inefficient approach since many aspects of the operating system
are not needed by the program. Further, since all of the functions of
the program are interdependent, a failure in any part of the program
can crash the entire service.
Booting up a new VM with the service can take minutes. Reliability
is improved by adding failover servers, which are entire copies of the
virtual machine running side by side.
Building cloud solutions
Containers and microservices provide a better way to build software for

cloud deployment. This approach begins with the compartmentalization
of program functions into microservices. A microservice is just a specific
function of the program, such as a payment service on an online retail
site. Overall service may have many microservices providing different
functions. The other key element of this approach is the Container.
The container is a standardized interface between the microservice
and the rest of the world, similar to how the operating system provided
the interface for the monolithic program in the old paradigm. Containers
offer quite a few advantages in the cloud hosted environment. They
are much less resource-intensive compared to virtual machines and
full operating systems, so its easy to deploy multiple instances of a
11.2016
New approach to programming
Think of the old approach of monolithic programs running on virtual

machines such as a warehouse. The warehouse, like the virtual machine,
is designed to house any manner of contents. It is large and timeconsuming to build, and contents are dependent on the integrity of
the warehouse and can be affected by problems with other contents.
In addition, each warehouse is built with different configurations
(aisles, shelving, doorways), so moving contents from one warehouse
to another will require changing how the contents are stored. When
things are busy, the warehouse may be full, while at other times, it will
be nearly empty. Yet it takes up the same amount of space either way.
By contrast, shipping containers are really very small, modular
warehouses. Each one has standard dimensions, handling provisions,
and configuration. Containers hold all kinds of different contents, yet
it is very easy to manage many containers by stacking them on ships
or in shipyards. Individual containers take up much less space than
a warehouse, and its relatively easy to add containers when more
contents need to be stored. In busy times, the shipyard may be full of
containers stacked in rows. When its not busy, far fewer containers are
needed. If anything happens to a container, only the contents inside
that container are affected, and a replacement can be ready quickly.
Just as the advantages of shipping containers make logistics
operations more efficient, cloud-native container technologies make
cloud-based programs easier to develop, deploy, and operate.
to gain access to equipment. Also, software must be kept up-to-date as

vulnerabilities in the underlying software services are discovered and
patched. It also requires only a browser and an OS-native VPN client
to work, so these threats are greatly reduced.
Second, the container and microservice architecture enables ProSoft
Connect developers to build a very robust and secure service using
the latest state-of-the-art cloud development tools. Containerized
functions prevent potentially cascading issues, since each function
operates autonomously in its own container. Finally, containers provide
the basic supporting services that a piece of code needs to run. This
means there are fewer components that might be vulnerable to attack,
compared with a full VM and operating system.
The most noticeable advantage of the choice to use containers and
microservices is in the ease of use. ProSoft Connect functions were
built using the best programming language and supporting services
for each function, which contributes to the simple user experience
of the service. For creating VPN connections to remote equipment,
EasyBridge technology forms a Layer 2 connection between the users
PC and the remote PLC network. Containerized services running in the
ProSoft Connect service handle the complexity of network routing, so
the user can connect to the remote network just as if they plugged an
Ethernet cable into the remote Ethernet switch.
Technology
particular microservice to handle traffic and provide better reliability.

Containers spin up in less than a second, so failure recovery is
extremely fast. Making functions fully independent from one another
also allows the development team to use the best programming
language for each function, rather than choosing one language for
all functions. If one function is most easily deployed in python, and
another function in C++, each function can be developed in the optimal
language for that function and deployed in its own container.
A Platform for the IIoT
Perhaps the most exciting aspect of this technology and its modular
architecture is the promise of things to come. The Industrial Internet
of Things (IIoT) is a hot topic these days, and for good reason. As
new technologies develop to help manufacturers cut costs, improve
productivity, and deliver products faster, users will have a powerful
secure platform to connect industrial data to high-value cloud services.
Keith Blodorn is the director of ProSoft Technologys Wireless Program.
Architectural benefits
ProSoft Connect technology allows customers to securely access

industrial automation devices such as PLCs and HMIs remotely from
anywhere in the world. Secure remote access allows system integrators,
machine builders, and large end users to troubleshoot problems with
their systems more quickly, to gather data from machines or plants
around the world, and plant operators to manage process equipment
spread globally. The unique advantages of the container and
microservice architecture include enhanced service reliability, improved
security, and superior ease of use.
For manufacturing customers, reliability is always a critical attribute.
Secure remote access services are no different. When a machine is
down, engineers need to access the machine control system and begin
troubleshooting immediately. ProSoft Connect users enjoy highly
reliable service in part because the container/microservice approach
allows the service to run multiple simultaneous sessions with minimal
consumption of cloud computing resources. In fact, there are always
at least three of every service running! There is no need for the failover servers that old VM-based systems used for reliability. Even if
all of the current instances of a service were to suddenly stop, a new
instance can be started up in under a second. This means that when
an engineer needs to access a remote machine, ProSoft Connect will
be ready to make the connection.
As more industrial processes connect to the Internet, cybersecurity
is an important aspect of connectivity solutions. The container and
microservice architecture helps ProSoft Connect deliver a higher level of
security for users. First, it is a fully cloud-native solution that requires
virtually no user-installed software. This eliminates a significant attack
surface that past cloud connectivity solutions opened up. User-installed
software is vulnerable to tactics like watering hole attacks, where
hackers embed sniffer code inside the software download and use that
1 1. 2016
While you look ahead

we have an eye for the rest.
360 Network Reliability

for Smart Factory Automation
Cybersecurity for your entire network infrastructure
Single point and multi-point network redundancy
PROFINET, EtherNet/IP, Modbus TCP, CC-Link, SafetyNet
Moxa Solutions. Protected, easy, intelligent.
www.moxa.com
29
ME_AZ_FA_IEB_85x120mm_E_DU08082016.indd 1
03.08.16 16:17
Technology
Applications
Lower cost of ownership

for industrial IoT networks
SOURCE: MOXA
Some costs are often overlooked, and best practices can lower the total cost of ownership (TCO) for
industrial control networks. After purchasing a switch, factors to consider throughout the product life cycle
include installation, configuration, operations, maintenance, downtime, and ongoing technical support.
Different costs incurred within the project life cycle including acquisition, operational and support costs need to be aggregated to create a total cost of ownership.
THE INDUSTRIAL INTERNET OF THINGS (IIOT)

trend is facilitating a growth in connected
devices on networks as well as increasing the
scope and complexity of industrial control
networks that frequently converge with
traditional IT networks. More now than ever
before, concerns about security, availability,
and performance are having an impact
on these industrial control networks. One
consequence of the IIoT trend is that simply
purchasing devices for your network isnt the
end of your expenditure. In fact, it is often
only the beginning. Network operators are
discovering a host of associated direct and
indirect costs that can often exceed the initial
investment in networking hardware.
This article considers some of the costs that
are often overlooked, and suggests some best
practices and tips on how to lower the total
cost of ownership (TCO) for industrial control
networks. After purchasing a switch, a variety
of factors need to be considered throughout
the product life cycle, including installation,
configuration, operations, maintenance,
downtime, and ongoing technical support.
After taking all of these factors into
consideration, network administrators are in
a much better position to be able to judge
the true TCO of a project and make the right
decisions to ensure that the TCO is kept as
low as possible.
Challenges for complex networks
The time from the start of a project until it

is up-and-running can be broken down into
30
broadly six different stages. The challenge

for network administrators is to have a deep
understanding of each stage of the project
and determine the key features that a device
should include or support that are beneficial
for that particular stage as well as to what
extent these features will be beneficial in the
future when the needs of the network change.
These features and benefits often dont
appear in the hardware specifications of a
product, but are essential to keep in mind
when purchasing products. For example, the
vendors who provide switches for a project
can allow those who are deploying and setting
up the network to make their quotation
more competitive if the deployment and
setting up can be completed faster. This
will also allow those who are installing and
configuring the network to have more time
for other projects. The six stages are discussed
below, with scenarios provided to give a
fuller understanding of the different factors
affecting the TCO.
Total cost of ownership
After considering some of the challenges of

networks, it becomes evident how the costs
associated with commissioning and operating
a network can easily exceed the cost of the
networking components. Some of the general
steps involved in commissioning, operating,
and supporting an industrial network will
now be considered in order to gain a better
understanding of the TCO.
Installation and integration costs
It is rare to see completely new network

installations in industrial environments. The
majority of network deployments involve a
combination of new equipment and upgrades
using existing SCADA systems, control
networks, and devices.
It should be noted that as no two networks
are the same, each network has its own set
of unique requirements. One of the skills
that a network administrator must have is
the ability to choose and deploy the right
devices to ensure that the current and future
requirements of the network are met. A good
example of this is ensuring interoperability
across all devices on the network throughout
the project life cycle. Although there are
numerous ways to overcome certain problems
that may arise throughout the project life
cycle, one of the best solutions is to choose
products that offer the most flexibility.
For industrial networks, devices are often
installed in control panels with other devices
that run on different voltages, so one solution
is to purchase a power converter to ensure
compatibility. However, this may not be the
ideal solution for all network administrators
due to size constraints of the panel where the
devices are being installed or the additional
costs incurred from purchasing power
converters. For some projects, the cost of
deploying new cables can add significantly
to the overall costs of the project. A better
alternative is to use a device that supports a
wide range of power inputs that will satisfy
11.2016
SOURCE: MOXA
Technology
Multi-protocol Ethernet communications capabilities make it easier to integrate PLCs with SCADA systems.
the present demands of the network, and

provide added flexibility for devices that
must also be added to the network at a later
date. Although the initial expenditure may
be slightly higher for a switch that supports
these features, it becomes clear how costs can
be reduced over the duration of a project by
avoiding additional costs at a later date.
Reduce configuration costs
One of the most time-consuming tasks for

projects in industrial environments, and
therefore one of the most expensive, is
configuring devices on a network so that
they have security settings, redundancy,
interoperability, and efficient performance.
A wide range of options are available, from
very basic switches that offer no support with
configuration, all the way up to large software
packages that cost considerable amounts of
money on a per-annum basis but greatly assist
network administrators with the configuration
process.
As the number of devices on a network
increases, so do the possibilities for savings.
Below are some of the main areas that have
been identified pertaining to the configuration
stage of a project, all of which have a strong
effect on the TCO.
Due to the convergence of industrial
automation and IT systems across IIoT
networks, EtherNet/IP and PROFINET protocols
must have a way to operate together on
the same network. Devices that have been
preconfigured to allow for these disparate
protocols to communicate automatically
allow network administrators to deploy what
is essentially a plug-n-play device. These
devices will also often support automatic
discovery and the ability to assign IP
addresses automatically, allowing a significant
portion of the time required for configuring
these devices to be eliminated. Compare this
with using cheaper devices, which will require
a lot more effort to be spent configuring the
1 1. 2016
devices later on in the project.

Configuration costs are not limited to when
the network is being set up for the first time.
Any feature that allows copying and saving
device configurations will provide network
administrators with the ability to reuse these
settings at a later date, and eliminate the
need to manually configure new devices that
are added to the network.
Configuration is also made a lot easier by
an intuitive graphical user interface (GUI).
Some companies will offer an advanced
testing kit, which allows users to test the GUI
and independently validate the claim that
it is intuitive before installing devices on a
network. An intuitive GUI can save network
operators a significant amount of time for the
duration of a project.
Reduce operational costs
A key way to lower operational costs is a

design that requires the minimal amount of
manual work to keep the switches and network
operational. In addition, ensuring product
suitability for deployment in industrial
environments will also help achieve optimal
operational performance.
The two main reasons why devices on
industrial networks malfunction is their
moving parts and the power inputs, which
are often referred to as points of weakness.
Switches that have an absolute minimum
of moving parts are much less likely to
malfunction or break, resulting in less network
downtime and therefore reduced expenditure.
Similarly, if the device supports dual-power
inputs and one of the power supplies fails,
the other power supply will keep the device
running, allowing the faulty power supply to
be replaced without network downtime. For
deployments lasting longer than 10 years,
which is the norm for IIoT networks, there is a
very high chance that network administrators
will encounter one of these problems at some
point during those 10 years.
Reduce maintenance costs
The majority of IIoT networks are controlled by

programmable logic controllers (PLCs). When
the network performs scheduled maintenance
and performs a reboot, a PLC will often take
around 20 seconds to reboot.
If a PLC boots up before the network is
ready to operate, errors will occur that can
cause further delays. Switches that can boot
up in about 10 seconds as opposed to 100
seconds will be ready to operate as soon as
the PLC has rebooted, thereby avoiding the
aforementioned problems.
Being able to view the current status of the
network at a quick glance via software or an
app is one of the easiest ways to monitor a
network. These apps and software sometimes
incorporate an alert system that warns network
administrators that an event is taking place
that has the potential to cause a failure on
the network unless the problem is rectified.
Alerting the system administrator that a
problem could happen later on, as opposed to
a system that merely informs the administrator
that there is a problem now, is an excellent
way of reducing maintenance costs. These
features may increase the purchase price of
the switch but over the course of the project
life cycle are likely to result in substantial
savings.
Reduce maintenance costs
Finding the root cause of downtime on a

large-scale network is very time consuming,
so any tools that assist network administrators
with identifying the point of failure and allow
them to quickly fix it will have significant
advantages.
Another skill of successful network
administrators is to be able to calculate
whether the additional costs of features
that can help reduce downtime are likely
to outweigh the costs of any downtime
experienced.
Devices that can be remotely accessed and
31
Technology
Technology
performed manually, the amount of network

downtime is reduced.
As network administrators are not always
based in the control room, mobile apps that
support event notifications provide network
administrators with the ability to respond
more quickly to events taking place on the
network, allowing them to get the network
back to normal more quickly than would have
otherwise been possible.
Self-healing redundancy technologies
ensure that networks stay up-and-running
even in the event of a single node failure.
Deploying redundancy technologies that allow
greater flexibility, availability, and scalability
for future network expansion can help avoid
additional expenditure in the future.
Ongoing technical support
Batch configuration is one of the most effective ways to reduce configuration costs. Since the number of networked
devices keeps increasing, both time and money can be saved by using mass configuration, instead of configuring
individual devices one by one.
When purchasing a switch, a wide range of

options are available, from cheap devices that
offer no ongoing support, firmware upgrades,
etc., to switches where over the course of the
project the ongoing technical support will
cost significantly more than the switch. As
switches are often deployed on networks for
longer than ten years, the technical support
that comes with a switch will significantly
impact costs in long-term deployments. For
example, new security threats are regularly
identified and companies that offer ongoing
technical support will often release a security
update via a firmware upgrade to eliminate
new cyber threats.
Conversely, when a device on a network is
compromised and ongoing technical support
or firmware upgrades are not available, the
network administrator will have to replace
the device or risk the security of the whole
network. Reliable switches that offer free
ongoing technical support complemented by
a long warranty period present significant
advantages for network administrators who
want the lowest TCO for their projects.
Conclusion
A tool that can play back events to help quickly narrow down the possible cause of the network problem.
configured are very beneficial because they

allow untrained personnel to perform the
time-consuming task of going to the field
site, while the trained specialist can perform
troubleshooting and configuration remotely
from the control center.
In addition, a device that offers playback
support allows the specialist to identify what
occurred at the time the switch went down,
32
and help improve the design of the network

infrastructure to avoid this kind of failure in
the future.
Devices that back up the switchs
configurations on a dongle are particularly
helpful if the switch malfunctions. To
automatically import all of the settings, all
you need to do is plug the dongle back into
the switch. As no configurations need to be
After considering the life cycle of a project

and the hidden costs that can be incurred
throughout this life cycle, it is clear that
multiple factors must be considered when
determining the direct and indirect costs of
an entire system.
It should be noted that network
administrators can never be 100% sure what
the future needs of an IIoT network are,
but having a full understanding of the six
stages described above ensures that network
administrators are more knowledgeable about
which devices have the best chances of
lowering the TCO throughout the duration of
a project.
Richard Wood, Product Marketing Manager,
Vance Chen, Product Manager and Yiwei Chen,
Product Manager work at Moxa.
11.2016
Reader Service Card
IMPORTANT: You must update your subscription

annually to continue receiving your free copy
of Industrial Ethernet Book magazine.
Return by mail to:
Or fax back to:
Or use our online reader service at:
IEB Media
+49 8192 933 7829
www.iebmedia.com/service
Service
IEB issue 97 - November 2016
Bahnhofstr. 12
86938 Schondorf
Germany
Please enter your contact details below:
Name:
Position:
Company:
Address:
City:
State:
Zip Code:
Country:
Phone:
Email:
___________________________________
___________________________________
___________________________________
___________________________________
___________________________________
___________________________________
___________________________________
___________________________________
___________________________________
___________________________________
___________________________________
I want to:
Start a new subscription
Update my subscription
Digital edition or Print edition
Change my address
I do not want to receive promotional emails from
Industrial Ethernet Book
I want to be removed from the
subscription list
Signature: _____________________________________
Date: _________________________________________
Company Activity (select one)

Aerospace/Defence
Electronics Industrial/Consumer
Instrumentation/Measurement/Control
Manufacturing Automation
Metal Processing
Mining/Construction
Oil & Gas/Chemical Industry
Packaging/Textiles/Plastics
Pharmaceutical/Medical/Food & Drink
Power Generation/Water/Utilities
Research/Scientific/Education
System Integration/Design/Engineering
Telecomms/Datacomms
Transport/Automotive
Other: _____________________________________
Job Activity (select one)
Engineer - Instrumentation & Control
Engineer - Works/Plant/Process/Test
Engineer - Research/Development
Designer - Systems/Hardware/Software
Manager - Technical
Manager - Commercial or Financial
Manager - Plant & Process/Quality
Scientific/Education/Market research
Other: _____________________________________
IEB Media reserves the right to refuse an application for a free copy of Industrial Ethernet Book or the provision of information on any of the advertisers or articles
IEB97_p33.indd 33
04.11.1644 10:57
Technology
The evolution of control system

integration and networking
THE OPERATIONAL TECHNOLOGY (OT)
industry, including industrial controls, hasnt
experienced the same rapid technological
expansion seen by the information technology
(IT) industry. While this disparity wasnt
widely perceived as an issue for many years,
the recent demand for more data has brought
attention to the technological gap between OT
and IT. As the demand for data dramatically
increases, industrial organizations will heavily
depend on control system integrators to
navigate the convergence of OT and IT.
Integrators ability to expertly blend
together the digital world of IT with the
practical world of OT makes them linchpins
in an industrial organizations efforts to keep
up with the latest technological trends. As
such, control system integrators have a unique
perspective on the technologies and trends
driving this convergence.
In order to better inform and equip
integrators to handle the changing
technological demands, we asked them for
their perspectives on the most important
trends shaping the industry. We surveyed a
pool of over 9,000 integrators to find out:
What are the current challenges of the
industrial controls industry?
How are current technologies affecting
integrators and their projects?
Which technologies and skills are
imperative for the future?
What does the future hold for integrators
and the industrial automation industry?
In this article, we will examine what
integrators told us in regards to the current
challenges and future developments for
industrial controls professionals.
Technological challenges
Software and Hardware
In our survey, 61% of our respondents said
software is the greatest pain point, while
21% said hardware, and 18% cited other
issues. The main issues cited were software
compatibility, limited selection, complexity,
training, and support.
Unfortunately, many traditional HMI/
SCADA software solutions still operate on a
very limited number of operating systems and
are based on proprietary technology. This can
cause serious issues with compatibility, limit
34
SOURCE: INDUCTIVE AUTOMATION
As the times change, control system integration is becoming more vital to industrial organizations looking
to successfully navigate the turbulent seas of new and ever-evolving disruptive technologies. A new survey
looks at the current challenges and future of industrial controls integration and automation networking.
A recent survey by Inductive Automation examines

the current challenges and future developments
for industrial controls and automation networking
professionals.
the available options, and lock an integrator

and their client to one software vendor. The
latter issue can become especially serious
if a vendor goes out of business or stops
supporting a product.
To avoid these issues, integrators can
choose a software solution that is grounded
in open, IT- standard technologies from
vendors with a history of successful industrial
implementations. Opting for open solutions
instead of proprietary ones results in easier
connectivity with enterprise systems and
increased access to a wealth of training
and support opportunities from a variety of
sources.
Data Integration
As industrial organizations begin to connect
their data from the industrial controls side to
the enterprise level, integrators will definitely
face data integration challenges as indicated
by 12% of our survey respondents.
Traditional SCADA solutions store data in
costly, proprietary process historians, which
severely hamper their ability to share and
analyze data. Solutions that connect controls
data to an ERP system, for example, can cost
a fortune and may take months to implement.
Data is simply too valuable to silo away.
Thanks to open IT standards like SQL
databases, the way data is collected, shared,
and analyzed has improved tremendously

in recent years. Integrators can fulfill a
customers need for easy data accessibility
by using SQL databases to log historical data
instead of process historians.
Legacy Systems
Legacy HMI and SCADA systems can be
20 years old or older. While a company can
enjoy the reliability of a legacy system, 11%
of respondents indicated that legacy systems
are a challenge. Some organizations want to
maintain their legacy systems in order to save
money. Yet, customers also want to connect
their legacy systems to modern enterprise
systems. This poses a challenge to integrators
looking to incorporate new technology into a
current system.
Its vitally important that any new
technology solution an integrator uses is
flexible enough to bridge legacy HMI/SCADA
systems to cutting- edge enterprise-level
software. Finding such a solution helps to
overcome the challenges of unsupported
hardware, proprietary technologies, and
unsupported custom code often found in
legacy systems.
Logistical challenges
Customers and project requirements
In the survey, 38% of the participants
indicated that their top challenge is
working with customers and defining project
requirements. Some customers know exactly
what they want, while other customers know
that they need a solution but dont know
where to start. When the customer does not
have a concrete direction for their project, it
is almost impossible for the integrator to be
successful.
To avoid this, the integrator should make
every effort at the beginning of a project to
work with the customer to clearly establish the
end goal. Without this information, its very
likely that the ensuing project will result in
lost revenue and increased frustration.
Budgets
In the survey, 21% of respondents indicated
that budgets can affect their ability to
complete or even start a project. Many HMI/
SCADA software vendors charge for every
11.2016
the ability to complete proof-of-concept

prototypes more quickly so that full-scale work
for project development and implementation
can be started ahead of schedule.
Timeframes
All integrators have experienced the dreaded
scenario of unrealistic deadlines. In the survey,
17% of participants said that time-related
issues are the most serious challenge. Several
issues can seriously impact an integrators
ability to meet a deadline. These include issues
such as defining project requirements, working
with proprietary and complex software, and
finding enough engineers with specific skills
to complete a project.
One thing integrators can do to meet strict
deadlines more efficiently is to choose a
software package equipped with tools for rapid
project development. This gives integrators
IIoT and MQTT

In our survey, 43% of respondents indicated
that the Industrial Internet of Things (IIoT)
and Message Queueing Telemetry Transport
(MQTT) are two big developments to watch.
IIoT incorporates intelligent machines that
collect and share massive amounts of data,
enabling companies to identify inefficiencies,
save money, and improve quality. MQTT is
an extremely lightweight publish/subscribe
messaging protocol that is ideal for remote
M2M devices in situations where bandwidth
and power are at a premium. MQTT decouples
edge-of-network devices from applications;
instead, edge-of-network devices connect
The Future of Industrial Controls

Our survey respondents have indicated
that were entering an exciting time in the
industrial controls industry. These insights
into the new technologies and skills that will
be vital for integrators in the future reveal
the need to connect SCADA systems with
enterprise systems in order to properly align
OT and IT. Which technologies and skills are
imperative for the future?
to applications through message-orientedmiddleware (MOM), which reduces bandwidth

congestion and allows for easy scalability.
IIoT architectures that employ MQTT and
MOM offer a revolutionary solution to the
issues of low bandwidth and the need to
access data from remote devices. IIoT allows
organizations to scale their application
by simply adding connections to the MOM
infrastructure rather than making additional
connections to edge-of-network devices.
Data management and SQL
The convergence of OT and IT and the rise
of IIoT have been triggered by industrial
organizations need to access more data. In
the survey, 16% of respondents said that
data management technology is important.
As more industrial organizations look to
connect the industrial controls side with the
enterprise side, integrators must look into
data technologies to stay competitive.
Traditional SCADA systems were simply
designed to acquire time-series data and
store it on process historians. In most cases,
process historians use a proprietary method
of data management, which limits the ability
to connect to other systems. To connect to
other systems, integrators must implement an
incredibly costly solution that still does not
meet all of the organizations requirements.
Technology
client, tag, and upgrade, which can push

software costs into the hundreds of thousands
of dollars. This kind of pricing structure makes
it extremely challenging, if not impossible, for
integrators to provide value to their customers.
Integrators can put themselves at an
advantage by embracing software solutions
with a simpler and less restrictive licensing
model that eliminates surprise software
expenses and offers more value to their
customers. Additionally, software solutions
with an unlimited pricing model can empower
integrators to offer customers more scalability
in the future, without drastically ballooning
the budget for future projects.
SOURCE: INDUCTIVE AUTOMATION
Applications
Technology
The scope of Industry 4.0 applications spans from transportation and smart buildings to complex factory automation.
Fortunately, theres a cost-effective solution

that IT and enterprise software employ: SQL
databases.Integrators can take advantage
of SQL databases powerful features by
incorporating them into a SCADA system. SQL
databases free integrators from the restrictive
nature of process historians by allowing them
to log historical data. Once data is in a SQL
database, other systems can access that data
to create relationships and enable better
decision-making.
Virtualization and cloud solutions
Also, 16% of survey participants mentioned
that virtualization and cloud computing are
upcoming technologies to look out for. While
the two terms are often used interchangeably,
virtualization and cloud computing are separate
concepts. Virtualization, which dates back to
the 1960s, refers to the separation of the
application layer from the physical hardware.
Traditionally, when software is installed on a
computer, applications are tied to the physical
hardware. Virtualization refers to the creation
of a virtual machine that mimics a single
physical computer with an operating system
but is actually running on several machines
with pooled resources. Virtualization makes
cloud computing possible.
While most people identify the Cloud as
a means of storage, the power of the Cloud
lies in its ability to provide a wide range of
services and resources such as applications,
networking, and storage. Companies have
rapidly adopted Cloud computing because it
is far more economical than implementing an
on-site solution.
Technologies such as IIoT are paving a new
way for SCADA systems. Using virtualization
and Cloud technologies, integrators have
a wide array of architecture options that
allow for applications and servers to be
hosted in the Cloud rather than a physical
machine. This is ideal for applications where
installing a physical server is not practical, or
creating a fail-safe in the event of an outage.
36
Virtualization and Cloud computing offer

huge benefits: companies can save money by
investing less on physical hardware, and global
organizations can quickly and easily connect
employees wherever they are.
Mobile Devices
The IoT and mobile technology are set to
bring people and devices closer together.
Smartphones and tablets are packed full of
sensors and wireless radios that allow us to
communicate and interact with devices in our
homes, at work, at stores, and in our cars. In
the survey, 14% of respondents indicated that
integrators must consider mobile devices as
they allow people to interface with machines
and devices. Enterprise-level software already
enables users to view and analyze data
using smartphones and tablets. With home
automation being incredibly popular in IoT,
the importance of mobile devices in IIoT
becomes crystal clear. With mobile integration,
organizations are more empowered to interface
with their systems and make smart decisions
while in the field and on the move.
Security
Until recently, security and data encryption
were never a major concern for integrators.
In the past, most HMI/SCADA systems did
not need to connect to other systems and
remained self-contained. In some cases,
where critical systems were involved, keeping
off of networks was seen as the best security
measure. Now, however, more organizations
are looking to bridge the data gap, and 11% of
the survey participants indicate that security
is important.
IT has made considerable headway in
regards to security. Well-established IT
security practices include client authentication
and auditing. When sharing data with an
organization, a client authentication and
auditing system should be implemented
to manage all of the users. Through client
authentication and auditing, integrators can
give organizations total control over adding

and removing users, what information users
can see, what areas users can access, and view
users behavior, all with a click of a button.
Another IT security practice involves online
commerce. You can bank online, purchase
items, pay bills, and perform financial
transactions all via the Internet. In order to
perform these financial tasks, a high-level
security technology such as Secure Socket Layer
(SSL) is used to create a secure encrypted link
and to encrypt data. The excellent security and
stability of MQTT make it an ideal protocol for
the IIoT. Similar to SSL, MQTT uses Transport
Layer Security (TLS) which encrypts sensitive
information over networks. TLS uses certificate
authorities and blocks common attack routes
by closing all ports over the network between
edge gateways and MQTT servers.
Stability is maintained through stateful
awareness, allowing MQTT to manage
communication paths, connect to other
available MQTT servers, and initiate failover
when a failure is detected.
The future is now
Our respondents provided a clear picture of

the current and trends in industrial controls.
While integrators are definitely focused on
keeping up with the latest technologies,
spending more time working with customers
and understanding their business needs will
help bring balance to their projects.
New solutions that embrace the best of
IT such as Java, SQL databases, Python
and SSL encryption are making it easier to
integrate SCADA solutions into enterprise
infrastructures. Features like unlimited
licensing, web deployment, multiple-OS
compatibility, and comprehensive support
give integrators a greater ability to help
organizations scale their solutions with little
to no restrictions. Most importantly for the
integrator, development time can be reduced
dramatically, allowing more time to focus on
other important issues.
Perhaps the most interesting trend is the
convergence of OT and IT, which has paved
the way for a solution with the potential to
revolutionize the industry. Integrators must
embrace the best of IT and combine it with the
best of OT. As the architectural framework of
IIoT becomes more established, more locations
and applications will have access to data.
Technologies that combine OT and IT are
available today, and integrators who use them
in combination with the advancements to
Internet, wireless, and security technologies
have a serious edge in their project
development. These solutions empower
integrators to tackle the challenges they face
today, and prepare them for the challenges
of tomorrow.
Technology report by Inductive Automation.
11.2016
Applications
Adapting machines to go global

with modern industrial networks
SOURCE: BELDEN
For machines to be ready to go global, theres no one-size-fits-all solution but there are benefits of choosing
components that meet multiple industry network protocols. Understanding end project goals, available I/O
technology and deciphering which specific features are needed are key to achieving business objectives.
involved in this process, the machine builder
had a secondary goal to simplify their supply
chain and manage a smaller mix of suppliers.
Sourcing and stocking lots of product types
from different I/O modules and programmable
logic controllers (PLCs), to varying connectors
(4-pole vs. 5-pole) took up valuable time
and storage space, and strained the budget.
The team therefore needed to source and use
products that offered variety and flexibility so
they could do more with less.
Standard, simplified I/O solutions
To ship machines globally, one customer may need PROFINET components while another might require EtherNet/IP.
Multiprotocol I/O provides a way to meet both needs, since machine builders can change out each input/output (I/O)
module, and in some cases the connectors, to meet varying country-specific requirements.
THERE ARE MULTIPLE STANDARDS being used

in industrial applications today for teams
to understand and consider with PROFINET,
EtherNet/IP and the EtherCAT protocol now
available. It can be challenging, especially for
machine builders that work internationally,
to meet the expectations that come with
this new landscape. One customer may need
PROFINET components, while another might
require EtherNet/IP protocol standards. To
meet both needs, machine builders typically
change out each input/output (I/O) module,
and in some cases the connectors, to meet the
varying country-specific requirements.
Using multiple protocol standards
A machine builder for the packaging industry

had this exact problem, and to address it,
they set out to build a standard machine for
1 1. 2016
a global food and beverage manufacturer. The

customer needed to meet different, countryspecific Ethernet protocols for its plant
locations in Europe, which required PROFINET
PLCs, and South America, which relied on
EtherNet/IP protocol standards.
Rather than change out each I/O module
on the machines to meet the different
requirements, the goal of the project was to
find an easier and more cost-effective way
to meet the machine requirements for use
globally.
To help the machine builder meet various

protocols with the same machine design,
the team explored using multiprotocol I/O
modules in its network infrastructure to
standardize programming bit-mapping and
speed up engineering times.
The team needed I/O modules that:
Met multiple industry protocols for
global and regional use, including
PROFINET, EtherNet/IP and EtherCAT
Allowed the use of current or old
machine designs, while offering the
ability for future upgrades
Withstood harsh industrial environmental
conditions, such as vibration resistance
in robotic applications and hightemperature wash-down procedures
Bridge longer distances (longer than 10
meters) between field-level modules
Enabled them to stock fewer product
types and variants and streamline their
suppliers
Offered fast and easy installation
Simplifying complex supply chain
To procure the parts the team needed to do

the job, the machine builder bought and
stored countless product variants through a
wide and complex supply chain comprised of
many suppliers. Because of the complexity
Multiprotocol modules are avaiilable for a range

of networks including PROFINET, EtherNet/IP and
EtherCAT.
37
Applications
Todays Machine Building Supply Chain
Customer A
Customer B
Customer C
PN PLC
PLC Supplier A
Machine
EIP PLC
I/0 PN
I/0 EIP
I/0 ECAT
ECAT PLC
PLC Supplier B
PLC Supplier C
PN = PROFINET
EIP = EtherNet/IP
ECAT = EtherCAT
I/0 Supplier A
I/0 Supplier B
I/0 Supplier C
Typical system configuration using multiple protocols.
Todays Machine Building Supply Chain using Multiprotocol I/O
Customer A
Customer B
Key lessons learned
Customer C
PN PLC
PLC Supplier A
Machine
EIP PLC
LioN-Power: I/O Multiprotocol

ECAT PLC
PLC Supplier B
PLC Supplier C
PN = PROFINET
EIP = EtherNet/IP
ECAT = EtherCAT
A multiprotocol solution can benefit machine builders and end customers by simplifying supplier orders. Fewer
orders overall and fewer product ID numbers are needed to track purchasing and procurement. Reducing storage
space means less device types to stock, less storage space for spare parts needed. Simplifying machine design,
installation and maintenance creates fewer parts to train on, easier module replacements, less downtime, greater
overall efficiency and cost savings.
The idea behind using multiprotocol I/O

modules to reach these goals was that the
machine builder would be better able to
38
multiprotocol solution. The machine builder

would no longer need to change the designs
when there were size differences. The team
could instead build a new machine and use
compact modules to connect to the bigger
modules on older machine designs with a
universal mounting clip. This made it possible
to meet the drilling hole dimensions of
older machine designs without needing to
completely re-design the new machine. They
would also be able to:
Simplify supplier orders: Fewer orders
overall and product ID numbers to
track for purchasing and procurement
departments; pricing discounts from
ordering in bulk
Streamline machine design, installation
and maintenance: Fewer parts to train
on, easier module replacements, less
downtime and greater overall cost
savings and efficiency gains
Reducing storage space: Fewer types
of devices to stock, less storage space
needed for spare parts
The team ultimately sourced one multi-use,
multiprotocol product from a single supplier,
which not only streamlined the supply chain,
but enabled them to use the same machine
design and parts to meet the Ethernet
protocols of any country or region.
meet the needs of the end customer by using

old machine designs, while still adhering to
multiple country-specific standards through a
There are valuable lessons to take away from

this use case for other companies across
industrial verticals. First, when teams simplify
internal and companywide processes, like the
supply chain, it can deliver tremendous value
for customers. The machine builder in this
scenario was able to do much more for his
client once the purchasing processes were
streamlined and they had more resources on
which to depend. The benefits of this were
indirectly passed along to its client base.
From a communications and implementation
perspective, using existing infrastructure in
network upgrades and making them seamless
for the customer is also a good reminder.
Technological hiccups or long implementation
processes can be a big turnoff, and these
situations are easily preventable by having
a strong network foundation in place and
understanding which components can be
swapped out or upgraded to get the desired
outcome.
Theres no one-size-fits-all solution, but the
benefits of choosing components that meet
multiple industry protocols can get teams
pretty close. Success starts with understanding
the end goal of the project, the I/O technology
that is available, and then deciphering which
specific features are going to help the team
reach the unique business objectives.
Paul Just is a global product line manager at
Belden.
11.2016
Technology
One panel PC coordinates 21

robots in manufacturing cell
SOURCE: SODECIA GTAC, CANADA
The Panel PC handles also handles all robot-to-robot interference detection and OEE (Overall Equipment
Effectiveness) tracking, while managing overall fault detection and annunciation by acting as the HMI for the
machine, and integrating all safety aspects of the machinery.
Robots play the main role in the highly automated assembly of BIW components. They weld the individual stampings and sub-assemblies to form the body.
WITH 32 MANUFACTURING FACILITIES around

the world, Sodecia, Portuguese supplier
to the automotive industry, maintains its
position as a leading solutions provider
and vehicle manufacturer. Based in London,
Ontario, Sodecias Global Tech & Automation
Center (GTAC) delivers highly automated
machine lines, on which the components are
manufactured and assembled.
PC-based controls
Sodecia GTAC uses PC-based control

technology in its assembly lines in order to
offer high quality while keeping cost under
control.
Our current bread and butter product
is our successful, turnkey robotic weld cell
solution, said Brent Lekx-Toniolo, control
system concept developer, Sodecia GTAC.
Our largest project to-date was completed
in spring 2015 and includes 21 KUKA robots
of various sizes (series KR 210, KR 30 and
KR 6), which are used in the assembly of
body frame and chassis segments (so-called
body in white, BIW), for welding, material
handling and sealant applications, said Jon
1 1. 2016
Bysma, Controls Specialist, Sodecia GTAC. To

begin, an assortment of small stampings are
welded robotically into sub-assemblies. They
are automatically unloaded and transferred
to subsequent stages, where the different
components are assembled to form the BIW.
From here the process splits into two
identical product pipelines this split creates
redundancy and improves throughput. Various
sensors carry out comprehensive analysis,
for example, to ensure that all fasteners
are placed correctly on the assemblies, and
send the data to the controller. After further
assembly steps, the two pipelines merge back
into one, and the assemblies move on to a
final fixture.
PC-based control throughout
Sodecia GTAC has been using the PC-based

controllers from Beckhoff for its BIW assembly
lines since 2008.
To-date, Sodecia GTAC has built 49
manufacturing lines based on Beckhoff
PC-based control, ranging anywhere from
machines with a single robot to lines with
over 20 articulated robots, said Bysma.
The currently realized welding cell with

21 robots uses a CP6202 Panel PC with
15-inch screen and Intel Celeron ULV
processor. The Panel PC also handles robotto-robot interference detection and OEE
(Overall Equipment Effectiveness) tracking,
while managing overall fault detection and
annunciation by acting as the HMI for the
machine, and integrating all safety aspects
of the machinery. The robots are controlled
by KR C4 controllers from KUKA.
The TwinCAT development environment
and various software libraries reduced the
programming time for the robotic cells by
a wide margin, said Rob Remillard, Lead
Controls Engineer, Sodecia GTAC. In TwinCAT,
we can quickly develop sections of code in
any of the IEC 61131-3 languages and then
deploy them in several instances. With other
platforms this isnt so easy.
Integrated safety solution
EtherCAT factors heavily in the application.

The fast communication system handles all
robotic communications, I/O, and the safety
functions via the TwinSAFE I/O terminals.
39
SOURCE: SODECIA GTAC, CANADA
Applications
Technology
as exceptional physical durability, Toniolo

added. Also, the communication status on
EtherCAT Box modules is easy to diagnose in
the field, as all signal status indicators are
highly visible.
Optimum diagnostic functionality
EtherCAT also enabled us to implement all

relevant diagnostic functions, explained
Toniolo. For just one example, weve used this
information to localize cable breakage right
down to the exact cable in the line, resulting
in indicators that blink on the HMI.
Similarly, TwinSAFE offers an abundance of
diagnostic information, which weve utilized
in the project. Thanks to the openness and
compatibility of EtherCAT, we can easily
integrate and monitor EtherCAT slaves from
other manufacturers with identical diagnostic
functions. He said that the system has only
just scratched the surface of its potential
diagnostics, so the possibilities for building
on in the future are vast.
High system throughput
The assembly cell is controlled from a Beckhoff CP6202 Panel PC with 15-inch screen.
A total of 228 safety devices are integrated

in this line via TwinSAFE, said Calvin Wallace,
Regional Sales Manager, Beckhoff Canada.
The modularity and scalability of this safety
concept is of great benefit for Sodecia GTAC,
added Brent Lekx-Toniolo. This way our
safety configuration doesnt change much,
whether we design a machine with one robot
or a system with 21 robots as in this case. We
simply remove sections we dont need from
the pre-built framework, but the underlying
functionality remains the same.
Sodecia even uses the TwinSAFE technology
for robot programming. During teaching and
program verification procedures, TwinSAFE
handles robot-to-robot lockout, Bysma said.
If a robot tech is teaching a robot, all other
robots that could move into that operating
space are locked out by means of an e-stop
signal loss to the other robots. The enabling
switches are all monitored in TwinSAFE.
Each major automated component in
the Sodecia GTAC robotic assembly line is
connected to an EL6900 TwinSAFE logic
terminal and a series of EL1904 and EL2904
digital inputs and outputs to handle the
processing of the safety I/O, as well as
communication with other safety equipment.
40
The EL6900 serves as master for the safe

communication and evaluates the data of the
safe I/Os. The integrated safety functions
include e-stops, machine monitoring, AND
and OR functions and decouplers. The
TwinSAFE option card integrated in the AX5103
EtherCAT Servo Drives features motion safety
functions such as STO (Safe Torque Off) and
SS2 (Safe Stop 2) to ensure safe operation of
the welding equipment. Additional safety is
offered by a two-hand function for machine
initiation.
EtherCAT Box modules
In addition to the IP 20-rated EtherCAT

Terminals, machine-mountable EtherCAT
Box I/O modules in IP 67 protection are
also used throughout the assembly line. The
EP1908 TwinSAFE Box, for example, provides
additional safety connectivity to switch plates
at each safety gate entrance. Various EtherCAT
Box modules are also used in non-safety
technology settings, connecting to sensors,
cylinders, air pressure switches, solenoid
valves, as well as measuring devices.
Benefits from the IP 67 Box modules
include reduced cabinet requirements,
easier mounting and wiring efforts, as well
While never welcome in any manufacturing

environment, unscheduled downtime in the
automotive industry is cost-intensive.
The new PC-controlled manufacturing line
has achieved an average cycle time of just
under 50 seconds and can produce 72 complex
parts per hour and up to 355,000 parts per
year, Toniolo explained. As a result of the
functionality inherent in PC-based control and
EtherCAT, Sodecia GTAC has also been able to
reduce time to market significantly.
Based on a conventional controller, PLC
configuration and programming of a system
with one or two robots would normally
take up to two months. Through the use of
TwinCAT, this timeframe has been slashed
down to two weeks, and the commissioning
time for the control has also been cut by at
least 50 percent: In the current project with
21 robots, it took around two months from
setting up the production lines, teach-in of
the robots and the PLC programming, right
up to commissioning and production of the
first trial parts for the end customer, LekxToniolo said.
As a strong sign of continuity and
reliability, Sodecia has been using the same
CP6202 Panel PC type since 2008, Toniolo
said. It is robust and offers excellent value
for money. Sodecia GTAC will standardize on
a new multi-touch Panel PC to incorporate
enhanced HMI technologies and functionality
in its assembly lines. Also, we will evolve
our control programming to utilize TwinCAT
3 so we can better harness the convergence
of automation technology and information
technology.
Shane Novacek, Marketing Communications
Manager North America, Beckhoff Automation.
11.2016
Technology
Virtual private network

for secure remote access
With PLCs and machine controllers providing Ethernet ports that support TCP/IP, it is very easy to access
these devices remotely. Virtual Private Network (VPN) connections assure the secure transfer of data from
one network or device, to another network or device over shared or public networks like the Internet.
Virtual Private Networks
A VPN can be used to establish a connection

between two sites. The connection is secured
by username and password, and the data
transferred is encrypted. This makes it unlikely
that outsiders can interfere with the operation
of the machine or access production data. A
VPN connection is also called a VPN tunnel
because what goes in one side comes out at
the other side without any changes.
To establish a connection between different
sites, various standard products are available.
In this article, an overview is given of the
products and technologies that can be used,
the principle of operation and an explanation
of terminology.
Modern machine control systems can
provide a wealth of information about the
process they are controlling. This can be
production data, as well as data indicating
the electrical and mechanical health of
the machine. For instance, the machine
controller can be registering and reporting
the power consumption of a drive. During the
design of the machine, the load of a drive is
calculated and a threshold is defined during
commissioning. The machine controller can
then monitor the current consumption of
the drive against the threshold, and trigger
an alarm when the current exceeds the
threshold. An additional threshold could be
set for a pre-alarm, warning that inspection
1 1. 2016
SOURCE: OMRON
USING REMOTE ACCESS THROUGH A VPN, both

the machine builder and the end user can
enjoy big benefits. The machine builder can
quickly diagnose problems on the machine,
even before they happen. He can inform the
end user to take preventive actions or help
solve issues by providing remote assistance.
And the end user can also benefit from remote
access, as the machine is easily accessible and
can provide real time production information.
The way Virtual Private Networks function is
by using any IP-type communication, and even
communicating to devices that do not have
an Ethernet connection like a serial device by
using IP-to-Serial conversion. There is almost
no limit to the type of communication, and
the possibilities are endless. Having remote
access to a machine is almost the same as
standing next to it, although the user is still
at a remote location.
VPN establishes a connection between two sites, secured by username/password. Data transfer is encrypted.
or maintenance must be planned for the drive.

This information is of importance to the
user of the machine in order to prevent
unintended production stops. In the case
where the machine manufacturer has a
maintenance contract with his end-user to
maintain the machine and prevent production
loss caused by standstill, a pre-alarm can
prevent costly repairs.
Monitoring machine response times
or vibrations can help to detect wear of
mechanical parts. This can trigger the
machine builder to pre-emptively send spare
parts to the end-user site, so the worn
parts can be replaced at the next scheduled
maintenance stop. In the end, the end-user
will benefit from a reduction in breakdowns
and emergency repairs.
Ways of access
With the current communication technologies

there are many possibilities to create a
connection to the machine. To name a few:
Wireless connection through a UMTS or
GPRS connection.
The machine plugs into the local factory
network.
There is a direct connection to the
Internet by means of an ADSL, cable,
fiber or similar connection.
Whichever connection type is used, data
can be directly transferred between the

machine and the machine builders office
independent of the connection between the
two. Router devices can be used to connect a
local network into a bigger network which can
be the Internet or a factory network.
Remote access through VPN
The general technology used for remote access

is called Virtual Private Network (VPN). This
is a connection between two devices where
they start a connection by first finding each
other, then authenticating and negotiating an
encryption. When the connection is active,
the two devices can transfer data in a safe
way and are protected against intruders. From
the users point of view, it is just like he is
sitting next to the machine. However that
machine can physically be on the other side
of the world.
Imagine such a device having a WAN (Wide
Area Network) port to connect to a bigger
network or the Internet and a couple of LAN
(Local Area Network) ports to create a local
network. Through the routing capabilities of
the devices, the two distant LAN networks are
connected to each other and act as one. A
device connected to the LAN side of the router
can reach other devices on the other sides
LAN. This is very convenient as a machine
controller on one side can directly be accessed
41
SOURCE: OMRON
Technology
from the other side. Instead an

endpoint (router) being a box
with WAN and LAN ports, it could
also be a PC that connects to the
other network.
Security
Sending data over the Internet or

other networks implies a security
risk. Of course, it is a must to
prevent that somebody can
intercept the data send across
the network and start tampering
with the system. VPN creates a
With the current types of communication technologies, there are many possibilities to create a connection to the machine.
secure tunnel and is secure in
the sense that there is authentication
of client and connect to the server at the VPN connection. The other VLAN (WAN) is part
when the connection is opened, and that the office of the machine builder. The machine of the factory network and gets its IP-address
data transferred is encrypted.
builder may have all of its machines online. and other settings from a DHCP server on the
The authentication can be based on Machines can then report their status directly network. For the factory network, this machine
username/password, pre-shared keys and and continuously, and the machine builder is represented as a single device with only one
certificates or a combination of the three. has the opportunity to react immediately on IP-address.
Routing: A router forwards messages from
Often a username plus a certificate is used events, like when there are problems, but also
and encryption can be from a simple to a very to plan scheduled maintenance and/or send one VLAN to another depending on the
high level. Keep in mind that encrypting and consumables on information the machine destination address. It also stops broadcasts
and multicast message on the factory network
decrypting data takes time. The higher the provides.
entering the local machine network.
encryption, the more time it takes to prepare
Firewall: When there is an attack from the
the data, and thus a slower transfer time.
Solution Details
An option when a high level of encryption is In a network setup, there are often products factory network, this is stopped by the firewall.
used could be using a device that has enough from different manufacturers used. But these It is also possible to open up the firewall for
processing power to do the encryption/ devices must understand each other and certain types of messages. But this is totally
decryption quickly. Faster devices have often a standardization of protocols is a need. With VPN application specific.
DHCP server: This is used to assign
higher price. There is no golden rule to decide technology, there is a lot of standardization
which encryption level to use. It depends on but there is not one VPN standard. Two IP-addresses to devices on the local network
the level of security and communication speed mainstream options are IPsec and OpenVPN and is normally controlling devices have fixed
needed.
(also known as SSL) and these two standards IP-addresses. But it could be that a service
made their way to commonly available engineer connects his laptop to this local
products and services. With commercial-off- network, and then it is convenient that he
Type of data transferred
In principal, any type of IP-data can be sent the-shelf (COTS) products, anybody can set up gets the correct IP-address assigned.
As the machine is part of the factorys bigger
across the VPN connection. But some practical their own VPN infrastructure.
network, it cannot be accessed from outside
examples are:
the factory. The factory router that connects
Alarms and warnings from machine to VPN use case walkthrough
OEM.
With the example of a machine controller to the Internet has a firewall and will block
Bidirectional communication between connecting to the office network of a machine off all incoming traffic. Therefore the router
remote-SCADA or HMI and the machine. builder, standard components can be used to in the machine needs to be the initiator of the
Recipe or production information to set up a VPN tunnel between the two sites. VPN connection. To let the VPN connection be
and from a remote database server (for In the machine builders office, a VPN server established successfully the VPN initiator (the
example, Oracle or Microsoft).
can use a network to connect to a machine router in the machine) must have some of the
New control programs uploaded to the installed in a factory at a distant location (VPN following set up.
Time synchronization: In the negotiation
machine to deploy modifications or client). The machines network is connected
upgrades.
via the VPN tunnel to the machine builders and encryption process also the date and
Status monitoring to assist in fault office network, so there is instant access to time is used. Both the initiator and responder
must have the same time and date. The exact
finding when there is malfunction in the the machine.
machine. Could be as simple as checking
The machine is hooked up to a bigger factory date and time can be derived from so-called
if a sensor signal is active and learn that network that has an Internet connection timeservers (NTP-servers). A timeserver can be
the sensor needs to be re-aligned.
available. The router in the machine is on the Internet or on the factory network.
configured to create a local network LAN in With a timeserver, the date and time is
the machine itself and connect one of its automatically set and adjusted regularly.
Client/server, initiator/responder
Domain Name Server: For the VPN initiator
There is a distinct role for each device in ports (WAN) over the Internet out to the office
to get to the VPN responder, it needs to know
the setup of the VPN connection. One of the network. These local services are:
VLAN, (Virtual Local Area Network): This is its address on the Internet. However fixed
devices acts as the initiator or client of the
connection, and the other is the responder used to divide the routers Ethernet ports into IP-addresses on the Internet are scarce and
or server. The server is waiting for a client to two separate networks. Traffic cannot move quite costly and it is easier to have a domain
connect. As a server, it is not only servicing from one network to the other and vice versa. name and a DNS server to resolve the domain
One VLAN (the local network) has its own to an IP-address. The router knows only the
one but multiple clients.
The routers in machines have the role IP-address range, and is one end-point of the name (office.machinebuilder.com) but by
42
11.2016
SOURCE: OMRON
Technology
At left is the machine builders office (VPN server). On the right is the machine network installed in a factory at a
distant location (VPN client). The office network is connected via the VPN tunnel for instant access to the machine.
requesting a DNS server, since the IP-address

is linked to this name, the responder can be
reached. And it doesnt matter how often the
IP-address of the responder changes. It is
always reachable through its name.
On the responder, the following must be
set:
As with the VPN initiator time must also
be set correctly in the responder. It can
use the same timeserver as the initiator.
As the VPN initiator is searching for
the VPN responder per name, the router
must announce his name and IP address
regularly at a DNS-server on the Internet.
This DNS service is called Dynamic DNS.
There are a couple of companies that
offer this service like DYNDNS.
VPN connection settings of the initiator
must be registered at the responder.
If there is a connection request coming in,
its credentials will be checked and if correct
the connection is accepted and the tunnel is
up. The machines network is now connected to
the office network and data can be exchanged
between them directly. For direct wireless or
wired connections, the connection method is
a little simpler but still largely the same.
Connection technology
When creating a VPN tunnel, a connection

must be established from the client to the
server. In many cases, this connection is
over the Internet. There are several ways to
connect to the Internet depending on what
is available at a location. In general there
are three variants: wired or wireless, directly
connected or via a bigger local network.
Wireless
There are locations where only wireless access

is possible, for instance on a remote site
where there is no ADSL or cable connection.
However, if there is a mobile network with
data communication available, accessing
this mobile network requires a subscription
1 1. 2016
at a service provider and a SIM-card.

There are different types of wireless data
communication but the most commonly known
are GPRS and UMTS. GPRS is older and a lower
performance technology than UMTS. UMTS has
communication speeds well into the Megabit
per second range. GPRS throughput is limited
to a couple of hundred kilobits per second.
To ensure that data communication is
always possible, GPRS functions as a fallback
when it is not possible to establish a UMTS
link. For both UMTS and GPRS, the cost of the
connection is based on the amount of data
transferred, not on connection time. Therefore
the connection can be up and running all the
time.
Wired, directly connected to the Internet. The
machines router can be connected directly to
the Internet. This connection is an ADSL, cable
or fiber connection. A local service provider
installs the connection and the Internet is
directly accessible from the machine.
Wired, connected to a bigger local network.
The router in the machine is connected to a
larger local (Factory) network. From within this
larger network, a connection can be made to
the Internet. The router in the machine must
know how to route out onto the Internet. But
normally these routing settings are available
from a DHCP server on the larger network. All
the above-mentioned connection types feature
that they are up and running all the time, so
there is instance access from one side to the
other.
Routing: An essential part in VPNs is the
routing. For a device on one network to reach
a device on the other side, there shouldnt be
too many hurdles in setting up the connection
at the device. For the device it is only
important to know to which router address a
message should be sent when it is not on the
local network. It is then up to the router to
handle the rest of the communication.
When a message arrives at the router, it
needs to forward it to a known address. If
the router is in a larger network, it will send

the message to another router. The message is
forwarded until it goes out on the Internet or
an addressed device on the bigger network is
reached. In the case of a direct connection to
the Internet (wired or wireless), the Internet
will take care of getting the message to the
addressee. When the Router is VPN capable and
the tunnel is up then the message is forwarded
over this tunnel and ends up at the other side.
VPN technology
There are many implementations of VPN.

But the two currently in use and proven to
be reliable and safe are IPsec and OpenVPN
(or SSL). Both make use of the same kind of
technologies for compression and encryption.
One difference is that IPsec uses a kind of
username/password for authentication, while
OpenVPN uses certificates that need to be
generated at the server. Also OpenVPN uses
the same method of communication (https://)
that secure websites use. This makes it easier
to let OpenVPN traffic pass firewalls in routers,
as the firewalls judge this traffic to be regular
web-traffic.
Summary
A Virtual Private Network is a secured

connection between two devices/routers/
networks. The connection can be established
over local and public networks. Security is
by authentication and encryption. There
are clients and servers, or initiators and
responders. The clients initiate the connection
to the server and the server can accept
connections from multiple clients. The VPN
connection between the client and the server
is a transparent link between the two. Any
type of data can be sent. And it doesnt matter
on which side of the VPN connection you are,
and how far apart the two networks are.
Ren Heijma, European Product Specialist for
OMRON.
43
Technology
Applications
Digital wiring devices using

Node-RED development tools
WERE ALL AWARE OF THE OPPORTUNITIES
the Industrial Internet of Things is poised to
deliver, using Big Data generated by billions
of things to solve problems before they occur,
increasing operator situational awareness on
the plant floor with mobility, and identifying
business opportunities. But developing a
successful IIoT application requires leveraging
completely different technology disciplines
that for the most part were never designed to
work with one another: OT and IT.
To increase the enterprises competitive
advantage, operations and information
technology professionals must converge and
create new applications that access, share and
analyze business information by leveraging
new tools like artificial intelligence, machine
learning, and predictive analytics. Building
applications that connect information from OT
devices and data stores to IT resources and
systems has traditionally been difficult. The
two groups use entirely different application
development tools tailored for their specific
disciplines. Enter Node-RED, an open-source
development environment invented by Nick
OLeary and Dave Conway-Jones of IBM
Emerging Technology Services. Node-RED is
part of the newly launched JS Foundation, and
recently became a Linux Foundation Project.
Node-RED for IIoT
Node-RED is a tool for digitally wiring together

hardware devices, APIs (application program
interfaces), and online services in new and
interesting ways. Node-RED provides engineers
with an easy way to connect edge computing
systems such as automation controllers to
cloud services such as Amazon Web Services
(AWS) IoT, IBM Watson IoT, and Microsoft
Azure. Node-RED is an open-source technology
available on GitHub.com and npmjs.org.
The development environment can run on
almost any platform from OS X, Microsoft
Windows, Linux, and Raspberry Pi to cloud
offerings like IBM Bluemix and AT&T Flow. This
extends to industrial products like hardened
IIoT application development platforms with
built-in industrial protocol support like the
groov Box appliance from Opto 22.
Lowering the technical bar
The Node-RED development environment offers

a gradual and easily approachable learning
44
SOURCE: OPTO 22
The open-source Node-RED development environment is a tool for digitally wiring hardware devices, API
and online services in new and interesting ways. It offers engineers an easy way to connect edge computing
systems to cloud services such as Amazon Web Services IoT, IBM Watson IoT and Microsoft Azure.
VPN establishes a connection between two sites, secured by username/password. Data transfer is encrypted.
curve for users of all levels and requires few

or no programming skills. Instead, Node-RED
takes advantage of pre-programmed, reusable
code blocks called nodes. These nodes make
IIoT application development simpler, easier
to repeat, and faster to scale. Built on the
popular Node.js JavaScript runtime, Node-RED
benefits from a large Node-RED library that
contains over 600 prebuilt and ready-to-deploy
nodes, allowing IIoT application developers to
leverage existing software code and deploy it
directly into their applications.
The development environment is any
standard web browser, and it uses a dragand-drop interface. The simplicity of Node-RED
allows IIoT application developers to focus on
identifying an opportunity and developing a
solution, rather than building the components
of an application from scratch. If you want
to create an application to poll data from a
Modbus/TCP slave, log that data to an SQL
database, and move it into a machine-learning
program like IBMs Watson, there are nodes
for all of those functions already developed
and ready to deploy without having to write,
debug, or support software code. Drag, drop,
wire together, deploy. Its that easy.
Advanced JavaScript functions can also be
created within the editor using a Function
node. A built-in library saves useful functions,
templates, or node flows for re-use. Flows
created in Node-RED are stored using the
widely known JSON format, which can be
easily imported and exported for sharing with
other developers and applications, promoting

the idea of social application development.
Rapid IIoT application prototyping
Linking technology assets and services together

to build IIoT applications often requires layers
of complex software development and long
development cycles that quickly erode IIoT
application ROI. Node-REDs existing pool of
code blocks enables nearly anyone to rapidly
prototype and develop IIoT applications to
connect data streams from industrial assets to
IT assets, bridging the gap between the worlds
of physical equipment and digital computing
systems. Developers can even prototype
applications on low-cost maker boards such
as Raspberry Pi and then seamlessly deploy
them to an industrial-grade suite of products.
OT and IT began to converge many years
ago with the rollout of Ethernet and TCP/IP
on the plant floor. Suddenly systems became
much easier to connect together. Productivity
in the factory and on the plant floor improved
and support costs were lowered, all because
devices began using the same protocols
across the same type of mediaTCP/IP and
Ethernet. OT/IT convergence is continuing up
the technology ladder, and the next rung is
software. Node-RED is poised to be a major
contender for standardized IIoT software
application development.
Matt Newton is Director of Technical Marketing
for Opto 22.
11.2016
WAGO: New 852 Series switches are individually

configurable and offer reliable networking of all
ETHERNET nodes to ensure continuous access to
machines and systems.
Rapid Spanning Tree, Dual Homing, Dual
Ring, Jet Ring, ERPS v1/v2 and its fast Xpress
Ring protocols enable the creation of redundant
network structures with short recovery times
of less than 50 ms. This guarantees secure
communication, even when connections are
faulty. Every switch also features a redundant
power supply for uninterruptible data
communication (transmission rate up to 1
GBit/s). This value-add feature contributes to
secure operation of machines and systems on
board ships.
The switches also support up-to-date
security functions, such as Mac Limitation, Port
Security, and authentication per IEEE 802.1x.
IGMP Snooping, broadcast and bandwidth
limitation enable additional data flow control.
The advanced security functions support these
next-generation switches in protecting your
systems against cyberattacks and accidents that
can adversely impact people, machinery and the
environment.
Node-RED on groov box
Opto 22: The Node-RED development

environment is now available for running on
the groov Box industrial appliance, significantly
decreasing IIoT application development time
and complexity. Node-RED makes it easier to
prototype, develop and deploy applications for
connecting physical assets to cloud applications
and IT systems.
With the addition of Node-RED, groov
1 1. 2016
provides an efficient toolset for IIoT application

developers and fuses together an industrially
rugged hardware platform, data visualization
for mobile and web clients, robust industrial
automation protocol support including Modbus/
TCP and OPC UA, and advanced data flow
processing. Add these to an ability to connect
multiple data sources including devices,
databases, and third-party APIs (application
program interfaces), and groov becomes a
cohesive platform for IIoT or edge computing
applications.
OPC UA user role system
B&R Industrial Automation: A new user role

system that is part of the Automation Studio
software development environment simplifies
management of OPC UA access rights. This
feature prevents unauthorized users from
accessing an OPC UA system, modifying data or
performing certain actions.
Any number of roles can be defined, which
can then be assigned individual access rights
for each node. Typical access rights include
reading, writing or browsing. It is even possible
to completely hide a node so that it is invisible
to members of a specific role group. To make
configuration even easier, the rights of a parent
node can be inherited by its children.
A user is assigned one or more roles, with
additional protection provided by an encrypted
password. The user role system can also be
updated during operation. This includes, for
example, assigning a username and password
to a new system operator. These functions are
available directly in the application program on
the controller using function blocks.
In order to ensure secure and trusted data
exchange, digital certificates in accordance
with the X.509 standard can be used in the
OPC UA system. The Transport Layer Security
(TLS) subsystem in Automation Studio and
Automation Runtime support the management
of these certificates. Certificates can be
displayed, created and transferred to the
certificate store on the OPC UA server.
Ethernet Plus (PoE+) gigabit
Red Lion Controls: Three new additions have

been added to its N-Tron series of industrial
Power over Ethernet Plus (PoE+) Gigabit
products: NT24k-16TX-POE, 1008TX-POE+ and
1000-POE4+.
These new POE+ switches and injectors
complement Red Lions industrial networking
Product News
Industrial managed switches
portfolio to offer customers additional PoE

options that drive operational efficiencies while
addressing industry demands.
The NT24k-16TX-POE is Layer 2
managed Gigabit switch that provides 16
10/100/1000BaseT(X) RJ45 ports. Advanced
PoE management allows quick and easy
allocation of the switchs 240 Watt PoE power
budget to any of its 16 ports (up to 30 Watts
per port). Additional comprehensive features
include auto IGMP configuration, N-Link and
N-Ring technology, RSTP, N-View monitoring,
CIP messaging, SNTP, IEEE802.1x and Radius
remote server authentication.
The 1008TX-POE+ is an industrial
unmanaged Gigabit switch that provides 8
10/100/1000BaseT(X) RJ45 ports, including
4 PoE+ capable ports (up to 30 Watts each),
jumbo frame support and LED link/activity and
PoE status indication.
The 1000-POE4+ is an 8-port Gigabit
mid-span PoE+ injector that provides 4
10/100/1000BaseT(X) RJ45 ports (data in) and
4 10/100/1000BaseT(X) RJ45 PoE+ ports (data
and power out) that support 30 Watts per port.
CAN-to-Ethernet gateway
HMS Industrial Networks: The new IXXAT CAN@

net NT 200 is a CAN-to-Ethernet gateway which
allows users to connect CAN and Ethernet. CAN@
net NT can be used as CAN-Ethernet-CAN bridge
and as CAN-to-Ethernet gateway. Equipped with
two CAN interfaces, it supports an even wider
range of use cases compared to the well-known
CAN@net II.
A key feature of CAN@net NT especially
useful in building automation is an ability to
separate CAN networks that are distributed
over large areas. CAN@net NT couples the
CAN networks via a backbone Ethernet system,
allowing existing infrastructures to be used.
This segmentation also increases the reliability
and stability of the overall system.
Designed for harsh environments, another
common application for CAN@net NT is remote
access to CAN networks via Ethernet, in wind
power plants or the manufacturing sector.
45
Product News
IoT development kits
Eurotech: A series of new IoT development kits

based on the ReliaGATE family of IoT gateways is
targeted for use in industrial and lightly rugged
applications.
The kits provide a design environment
allowing engineers to significantly simplify
the development process and reduce Timeto-Market. Depending on the intended IoT
application final solution, a developer or
solution architect can choose between different
hardware platforms, ranging from small
low-power ARM-based designs to powerful
multi-core, latest-generation Intel Atom
gateway platforms, each featuring an excellent
price / performance ratio in their respective
classes.
In addition to the already available i.MX6
based ReliaGATE 10-20, the ReliaGATE
development kits has added with the following
models:
ReliaGATE 10-05 is an ARM (NXP i.MX285)
powered, very compact and efficient
customizable IoT gateway for industrial
applications at less than 2W.
ReliaGATE 10-11 is an ARM (TI AM335X
Cortex-A8) powered, compact and customizable
low power IoT gateway suitable for intensive
workloads in industrial, lightly rugged and
automotive applications.
ReliaGATE 20-25 is an Intel Atom (E38xx)
powered, high-performance, and customizable
IoT gateway for industrial and lightly rugged
applications.
Profibus device integration
FDT Group: In support of FDT technology, the

certification of the first Device Type Managers
(DTMs) compliant with the FDT 2.0 specification
have been announced. FDT is a widely adopted
standard for industrial device integration.
FDT Technology can be used to integrate
any device, system or network in todays
complex industrial automation architecture. A
46
Distributed Control System (DCS), Programmable

Logic Controller (PLC), asset management
application or other solution enabled with
an FDT/FRAME seamlessly employs DTMs as
software drivers for intelligent devices supplied
by instrument manufacturers. A Communication
DTM (CommDTM) is the first DTM to be activated
upon communication setup in an FDT/FRAME
system. It standardizes the communication
channel to the corresponding communication
operations of the mapped network protocol.
A Generic DTM has the ability to universally
represent all devices with compliant parameters
of a specific protocol, creating simplicity in the
architecture employed by a single DTM within
the FDT/FRAME system.
Gateway bridge
Hilscher: A new gateway easily interconnects

any two real-time Ethernet networks. The netTAP
151 is a four-port device that exchanges I/O data
between different industrial Ethernet networks
by acting as a protocol converter. Supported
protocols include EtherCAT, EtherNet/IP,
Ethernet POWERLINK, PROFINET and SERCOS.
Because the netTAP 151 is integrated as a
simple I/O device into the primary network, it
is compatible with any PLC. On the secondary
side it works either as an I/O device, or it can
control a subordinate network as a bus master.
The length of the I/O data can be scaled to any
application and the data transmitted can be
mapped at the byte level.
Secure network separation is provided by
two Ethernet controllers in the netTAP 151,
each connected to a dual Ethernet port with
integrated switch. This allows support for star,
ring and inline network topologies without the
need for additional peripherals. Both controllers
handle the protocols independent from each
other and exchange only the I/O data across
a data buffer. An overall data processing time
lower than 10 milliseconds is achieved.
Remote monitoring antennas
Laird: An industry release of four new IP67

rated Yagi antennas increases reliability of M2M
wireless remote monitoring in extremely harsh
operating environments.
Progressive utilities, oil and gas companies,

water districts and others use wireless remote
monitoring to instantly transmit information
and monitor Remote Terminal Units (RTUs) to
and from a centralized location. Eliminating
travel expenses and personnel resources
dedicated to physically obtain routine
operational and diagnostic data at remote sites
can significantly reduce labor cost and improve
operational efficiency and safety.
Although these M2M solutions have been in
operation for years, ensuring maximum online/
uptime for these RTUs in extremely harsh
environments continues to be a major challenge.
NEMA (National Electrical Manufacturers
Association) rated RTU enclosures have
historically been installed to provide protection
against windblown dust and rain, splashing
water, and hose-directed water. Until now
compatible fully compliant IP67 rated Yagi
antennas were not available in the marketplace.
Pre-configured micro data centers
Panduit Corp: Pre-configured and factory

assembled micro data centers (MDC) include all
connectivity and cable management components
necessary to enable rapid installation of switch,
server, and storage devices. Available in 24 RU
and 42 RU cabinet configurations and offering
enough room for growth without increasing
the control room footprint, the MDC allows for
installation of standard 29-inch (737mm) depth
equipment.
Each MDC incorporates casters to simplify
deployment and is easily expanded by
purchasing add-on kits from Panduit. All
metal elements within the cabinet are singlepoint bonded to ensure effective equipment
grounding. A dynamic rated MDC is available
to support IT equipment under typical shipping
conditions.
11.2016
Moxa: The new MC-1100 DIN-rail mountable

computing platform is designed to meet
the critical challenges of various industrial
automation applications in harsh indoor and
outdoor environments.
The advanced thermal design of the MC-1100
ensures reliable system operation in extreme
temperatures ranging from -40 to 70C without
the use of a fan. In addition, the MC-1100
complies with DNV, IEC 60945, ATEX, and IECEx
Zone 2 standards, which makes it ideal for
deployment in heavy-industry, oil and gas, and
marine applications.
Featuring a power-efficient Intel Atom
E3800 series processor and a variety of I/O
connectivity options, including 4 Gigabit
Ethernet ports, 2 serial ports, 1 VGA port, 1
DisplayPort, and dual storage, the MC-1100
series is built to provide outstanding
performance while enabling a new level of
versatility and control in industrial automation
applications. The MC-1100 also offers a Mini
PCIe socket that supports a variety of wireless
options, including Wi-Fi and 3G/4G LTE.
In order to maximize system uptime, the
MC-1100 supports Moxas Proactive Monitoring
and Smart Recovery software tools to help
businesses continuously monitor the status
of their computers and take predictive
maintenance measures.
IO-Link master
The new IO-Link master supports up to eight

IO-Link devices, and is based on the IO-Link
specification V1.1. It is capable of storing up
to 40 timestamps of sensor events on each
channel. This event history can help users track
changes and more easily diagnose issues. Input
timestamps of all sensor data also can be sent to
the controller upon a change of state. These and
other diagnostics available through the module
can reduce issue-resolution time by as much as
90 percent, improve preventive maintenance
and optimize overall system performance.
While the new ArmorBlock IO-Link master is
ruggedized for use in harsh applications, the
Rockwell Automation portfolio also includes
an in-cabinet solution for use in decentralized
control boxes. The on-machine option allows you
to mount the module right next to the sensors,
minimizing the number of components in the
cabinet, reducing wiring time and resulting in
increased uptime and lower costs.
Secure Link to IoT clouds
1 1. 2016
Standards are an important basis for

meeting increasingly complex requirements.
This naturally relates to both the software
and hardware in industrial components OPC
UA as communications interface being just
one example. Device software also has to be
subjected to reliable testing, making individual
changes especially for small volumes costly or
impossible.
Additional functions such as projectspecific direction recognition algorithms
and individual decisions based on additional
information from the ETB sensor transponder
etc. can be added later in an extra software
container. This does not limit the system
integrator to specific programming languages:
C, Python, C++, Java anything supported by
LINUX can be used.
Measurement technology modules

Softing: The dataFEED OPC Suite is a secure IoT
cloud data application that can now be easily
implemented. A new MQTT Connector enables
the integration of automation devices via MQTT
Publisher functionality in IoT cloud applications,
e.g. IBM Bluemix Cloud. Highest security
during transmission is guaranteed through the
encryption of the data using SSL/TLS.
Softings dataFEED OPC Suite combines OPC
Server and OPC Middleware functionality into
one compact software solution. The integrated
MQTT gateway allows easy integration of legacy
and new controllers into IoT solutions. It is also
possible to integrate components without MQTT
support such as, for example, Siemens, B&R and
Rockwell controllers.
Its user interface with intelligent, common
sense default settings and intuitive user
guidance is designed to make it easy for plant
manufacturers and maintenance engineers to
quickly configure their IoT communication.
The modular design of the suite offers the user
the greatest possible flexibility since only the
required functionality has to be licensed.
RFID RF-R300
Rockwell Automation: The machine mountable,

IP67-rated, Allen-Bradley ArmorBlock IO-Link
master builds on the companys IO-Link
portfolio with event and process timestamping
capabilities for on-machine applications.
Product
Industry News
DIN-rail mountable platform
HARTING: A software virtualisation concept has

been derived from the companys MICA open
modular platform.
With its modular software design, the new
UHF RFID reader, although equipped with
extremely robust hardware and standardised
software interfaces, is designed for tailored
customer solutions.
Beckhoff: Ultra-precise, fast and robust

measurement technology modules are becoming
an integrated part of PC-based control solutions.
New EtherCAT measurement technology modules
can be directly integrated into the modular
EtherCAT communication system and combined
with the extensive portfolio of more than 500
other EtherCAT Terminals. New metal housings
optimise shielding and cooling in measurement
technology applications.
At the same time, the durable housings
provide enhanced flexibility at the interface
level, such as for LEMO or BNC plug connectors
or for the established cage clamps as a quickly
customisable standard solution. Measurement
accuracy of 100 ppm at 23 C, precise
synchronisation of < 1 s, and the high sampling
rate of up to 50,000 samples per second
guarantee high-quality data acquisition.
High-precision measurement reduces the use
of raw materials and energy in machines and
plants while forming the basis for condition
monitoring and predictive maintenance.
47
Product News
Pump control via multi Ethernet
devices, motion devices, vision systems, and

safety controllers with a single cable. Machine
information can be checked by monitoring the
status of the connected components.
The NX1P can monitor sensor data through
the IO-Link master unit to reduce downtime
by detecting errors and to perform predictive
maintenance by monitoring status.
Profi Line Modular Switch
Bosch-Rexroth: With the appropriate pressure

and flow rate adjustment for hydraulic pumps,
Rexroth improves the control quality and
energy efficiency of fluid technology. The
control cabinet-based Hydraulic Pump Control
(HPC) control electronics and SY(H)DFED fully
integrated into the valve fit into a wide rage
of automation structures through a multi
Ethernet interface. The IndraWorks transtechnology engineering environment simplifies
commissioning with software assistants and
predefined technology functions.
System and machine manufacturers achieve
noticeably improved dynamics and precision
in the motion sequences for hydraulic
systems through digitally regulated variable
displacement pumps. The newly developed
motion controls cover a variety of applications
with similar functions. With the intelligent
controllers, machine manufacturers can, in
many cases, also reduce the installed power
and the load peaks in power consumption. The
average power consumption is reduced through
appropriate swivel angle and pressure controls.
With switchable multi Ethernet interfaces for
sercos, EtherNet/IP, PROFINET RT, EtherCAT,
Varan, POWERLINK and optionally for Profibus
for the HPC, the controllers fit, future-proof,
into a wide range of automation structures.
Entry-Level Controller
Wireless thermal energy harvesting
MICROSENS: New Profi Line modular switches

provide Power-over-Ethernet with up to 60
Watts.By doubling the performance of end
devices, users can draw on a wide range of new
application options, such as an energy supply
for LED/IR illumination units in the security
environment or the feeding of performancedriven WLAN and LoRa wireless communications
systems.
The new switches offer increased PoE
performance also numerous features such as
modular extensibility to up to 25 ports for
a demand-oriented, economically efficient
expansion of networks using high performance
Gigabit Ethernet over copper and fiber optic
lines. High fault tolerance is achieved using
a redundant power supply and a ring-shaped
cabling structure, as well as short restore
times via the storage of the firmware and the
configuration file on an SD card.
Flexy OPC UA compatible
OMRON Corporation: The NX1P comes equipped

with the built-in EtherCAT port and controls up
to eight servo systems. Motion control for up to
four synchronized axes increases machine speed
and precision.
Electronic cam for continuous and high-speed
machine operation and interpolation for
precise machining improve productivity and
manufacturing quality.
Data can be collected from devices via
EtherCAT and IO-Link for high value-added
manufacturing. EtherNet/IP enables data
sharing with a host PC and between controllers
on different machines. EtherCAT connects I/O
48
OPC UA has the advantage of being platformindependent, and it ensures the seamless flow
of information among devices from multiple
vendors. From sensors to cloud, OPC UA is fully
scalable, object oriented and allows use of
structures or models which makes managing
maintenance tasks much easier.
The OPC UA server is particularly valuable when
users need to share key values and parameters
related to equipment on the factory floor. The
system offers quick configuration and operates
completely independent from the PLC.
As of firmware version 11.2, the Flexy features
an OPC UA server that allows easy access to tags
through an OPC UA Client. The OPC UA server
supports DA layer of OPC UA making easy to
configure tags to be published on the OPC server.
eWON: The companys Flexy product now

features an OPC UA server and can use the
communication protocol for secure and reliable
exchange of data in industrial automation
applications.
Emerson: The company has announced the

adoption of advanced thermal energy harvesting
as a power source for its wireless products.
Power Puck thermoelectric energy harvesters
convert ambient heat commonly released in
industrial processes into electricity for powering
Rosemount wireless transmitters.
Perpetuas Power Puck energy harvesting
solution is especially advantageous to wireless
devices in power intensive applications, where
a conventional power module may require
replacements more frequently. The companys
Power Puck thermoelectric energy harvester
provides continuous, reliable power for the life
of the transmitter and includes an intrinsically
safe power module for back-up power.
A heat source is all that is required to fully
power wireless transmitters at their fastest
update rate using Power Puck. Configurations
allow connections to most heat sources,
including flat and curved surfaces with
temperatures up to 840F/449C. Power Puck
solutions are safe for use in hazardous areas.
11.2016
B+B SMARTWORX: The Smartswarm Modbus

eavesdropper can translate SCADA protocols to
IT in real-time without disrupting, interrupting
or reconfiguring your existing networks. By
recognizing and extracting data from Modbus
SCADA systems, it transforms it into actionable
information, and presents it to IT systems
without interfering with the Modbus Master.
SmartSwarm 351 discovers and maps the
network, analyzes message exchanges between
the existing OT master and slave devices, and
uses this information to build a comprehensive
picture of the status of the underlying plant. In
near real time, Modbus data is delivered to IT/
OT systems that normally would not see SCADA
information.
Unlike alternatives, this is accomplished
without disrupting the Modbus Master and
SCADA network communication. Mission
critical process control systems are completely
undisturbed. Connecting to enterprise
applications by a local Ethernet connection or
an internal cellular modem, the gateway can
switch between these connections at any time,
providing redundancy.
Rather than overwhelm the IT/OT system with
meaningless data, SmartSwarm 351 collects,
filters, enriches and aggregates raw data
through simple user configuration, requiring no
programming. Using the newest IoT protocols,
MQTT topics and JSON; payload formats securely
construct the data so it is easily consumable by
upstream IT applications.
Layer 2+ managed Ethernet switch
PLANET Technology: The IGS-604HPT-M12

Industrial Layer 2+ managed Ethernet switch
comes with an IP67-rated industrial case,
4-port 10/100/1000T 802.3at PoE, 2-port
10/100/1000T, and static Layer 3 routing,
1 1. 2016
providing a high level of immunity against

electromagnetic interference and heavy
electrical surges which are usually found on
plant floors or in curb-side traffic control
cabinets.
The IGS-604HPT-M12 can be easily mounted
on a DIN rail or wall taking up less space. Each
of the four Gigabit PoE+ ports provides 36 watts
of power, which means a total power budget of
up to 144 watts can be utilized simultaneously
without considering the different types of
PoE applications being employed. It also
provides a quick, safe and cost-effective
Power over Ethernet network solution to IP
security surveillance for small businesses and
enterprises.
Failsafe I/O modules
for the respective task. They can be used both

centrally, i.e. directly on the CPU, as well as
locally in the ET 200MP I/O system. 25 mm and
35 mm modules are available.
Ethernet over coax extender
Product News
Smartswarm Modbus eavesdropper
Transition Networks: New extenders deliver data

and power to IP network devices over existing
coaxial cable.
The immediate availability of its Ethernet
Over Coax Extender with PoE+ reduces cost
and accelerates time to service by utilizing
existing coax cabling infrastructure to upgrade
from analog to IP-based surveillance cameras
or connect other IP devices to the Ethernet
network. The new extender conforms to the
IEEE 802.3 af/at standard for compliance with
other PoE / PoE+ powered devices, allowing
edge devices to be quickly and easily located in
places where power was previously not available
and helping to avoid unnecessary and costly
electrical installations.
POWERLINK integration
Siemens : Compact Simatic ET 200MP Failsafe I/O

modules simplify S7 1500 controller distributed
configuration. The F-DI 16x24VDC PROFIsafe
and F-DQ 8x24VDC / 2A PPM PROFIsafe modules
support a no dip concept, eliminating the
need to assign PROFIsafe addresses via a DIP
switch. Each module comes with a standard Code
Element Type F Plug.
Featuring low parts variance, the 35mm-wide
modules simplify mounting, ordering, logistics,
and inventory management with a uniform front
connector. Channel-specific diagnostics enable
fast and clear process error identification and
reduce plant standstills.
The scalable ET 200MP Failsafe modules also
offer mechanical slot coding to ensure proper
module and front connectors assignments to
reduce errors during configuration and module
replacement. The signal modules or I/O modules
provide the interface between the controller and
the process. The controller detects the current
process status by means of the connected
sensors and triggers the corresponding actuator
reactions.
The digital and analog modules provide
exactly the inputs/outputs that are required
EPSG: KUNBUS simplifies the integration

of sensors and actuators into a POWERLINK
network. The new KUNBUS-COM module for
POWERLINK enables Ethernet-based interface
connections without affecting the design of
the circuit board. This makes it easy to retrofit
a POWERLINK interface with minimal added
development.
With its compact dimensions of 85 x 65
millimeters, the module can easily be plugged
into the control card of existing sensors and
actuators or connected by a cable. In terms of
software, the module features a Modbus RTU, a
shift register interface, a dual port RAM interface
and an easy-to-program script interpreter. The
interface for the electrically isolated POWERLINK
network is formed by two RJ45 connectors. The
module also has two rotary switches for setting
the node address and integrated LED indicators
for diagnostics.
49
Private Ethernet
The electric rider:

Skiing in the year 2016
Gone are the days when all you needed to go skiing was skis, boots and ski poles. Today, standing on a
majestic mountain with blue skies above you, fresh powder under your skis, and a challenging run before you
is obviously not enough. For a truly memorable outdoor experience you also need all kinds of electronic and
connected gadgets.
IT HAS BEEN A WHILE (three and a half years,
to be precise) since we have last covered
connected gadgets for winter sports (see Into
the great white open, Industrial Ethernet
Book 74). Since then, the industry has moved
ahead and introduced several new technologies, which we never knew we were missing.
Time for an update.
While with some of the latest gadgets
we wonder how they add to the wintersport experience, others actually seem quite
useful. Here is our list, ranked from bizarre
to practical.
Touch screen gloves
PHOTO: SKI AMADE
These are probably designed for snowboarders,

because they have their hands free while going
downhill.
eGlove claims that they have spent over
12 months designing and testing their Heli
range of gloves in the Canadian backcountry of
Whistler BC and down the pistes at Val dIsere.
The gloves use high grade goat leather for
a soft feel and warmth, and have been tested
down to minus 20 degrees. The inner gloves
are made from a special fabric to keep wind
and water at bay, whilst still providing the
breathability when you are ripping down the
mountain. The inner glove is stitched in to
provide air pockets at the finger tips to retain
maximum warmth. eGloves are made with a
tight cuff to fit snugly in a ski jacket, and
come with a wrist support to reduce the risk of
breaking on impact. This can also be removed
for those who prefer the flexibility.
The unique feature, however, are eGloves
oversealed ports, which provide fast and easy
Majestic mountains, with blue skies, fresh powder, and challenging runs: Winter sports at Ski Amade,
Austrias largest ski resort.
exits for your thumb and forefingers to operate

your touchscreen phone, using conductive
finger tips. No more missed calls, accurate
enough for texts or your favourite applications
or to make that oh-so-important call.
www. eglove.co.uk
IEB97_p50.indd 50
Unlike snowboarders, skiers typically dont

have their hands free to make phone calls or
send text messages while going downhill.
The designers at POC helmets have
understood this serious problem and came
up with the Receptor BUG Communication
helmet. It is equipped with Beats by Dr. Dre
headphones built into the neck roll. With the
remote control, compatible with most smart
phones, you can take calls, switch tunes and
adjust volume right from the cord.
In case you get too distracted, miss a turn
and hit some obstacle, you will be glad that
the Receptor has an advanced ABS outer shell,
a robust in-mold polycarbonate/EPS liner and
a patented VDSAP system with two overlapping
shells that protect from sharp objects.
www.pocsports.com
PHOTO: POC
Communication ski helmet
PHOTO: EGLOVE
50
Actually, POC helmets do a pretty good job

in protecting skiers in a crash, as you can see
in this video of Steven Nyman at the Beaver
Creek downhill race.
https://youtu.be/CjT6NmlP8Bw
You may not need the built-in headphones, but

the world-class protection could proof to be
extremely useful.
11.2016
05.11.1644 12:02
PHOTO: CELESTRON
The ThermoCharge 10 portable power bank and hand warmer can provide 12 hours of heat at
temperatures up to 114F (45C)
Heated insoles
With it you can simply adjust the temperature to the setting of your choice: no heat
(standby), medium (100F/38C), and high
(111F/44C).
One charge lasts up to 5 hours of constant
use on medium heat setting. The battery
recharges in 4 hours using wall a charger or
any USB port.
heat.thermacell.com
Now that your hands are kept warm, how about

your feet?
The Thermacell ProFlex heated insoles offer
comfort and ease-of-use, utilizing a flexible
polyurethane insole material, a comfortable
and resilient Poron battery cover cushion, and
a removable, rechargeable battery. Thermacell
claims that the batteries last at least 500
charging cycles, equivalent of 2,500 hours or
about four winters of heavy use.
There are a number of heated insoles on the
market, but the ProFlex offer a neat little extra:
A wireless remote control.
Thermocharge
Fog-free goggles
There is quite a bit of temperature difference

between the powder falling from above and
the body heat generated while skiing though
bumps.
Every time you pause, your goggles tend to
fog so quickly and completely that you have to
take them off and try to dry the lenses.
The Smith Turbo Fan Prodigy goggles employ
5X anti-fog technology, which is claimed to
provide 5 times the fog absorption compared
to anything else on the market.
This technology is combined with an interchangeable lens and what Smith calls a
military-derived Turbo Fan. This tiny quiet
fan is built into the frame to actively promote
the circulation of air even when the skier is
stopped. It runs at two speeds.
Turn the fan on when you get to the hill
and in the low setting, the Turbo Fan system
will run continuously all day long to exhaust
moisture from inside the goggle. The high
setting can be used to quickly exhaust moisture
in extreme conditions.
If the goggles start to fog when you stop
after skiing hard, just slide the switch to the
higher speed for a few minutes and they clear.
www.smithoptics.com
What we all have been waiting fot: A wireless

remote control for your insoles.
i n d u s tr i a l e th e r n e t b o o k
IEB97_p50.indd 51
PHOTO: SMITH OPTICS
PHOTO: THERMACELL
There are typically two problems when using

your smartphone on a skiing trip. For one
thing, power outlets are not readily available
in the wilderness.
Second, your fingers get frozen stiff when
spending too much time tapping on that
touchscreen (unless you are wearing the
eGlove mentioned above). Celestron has come
up with a clever 2-in-1 device to tackles both
problems.
Private Ethernet
Their ThermoCharge 10 is a rugged, ergonomic

hand warmer and a portable power bank. The
power curve design allows for comfortable
use in both your hands and a pocket, while
also maximizing the contact points for heat
transfer.
The hand warmer is good for a full day of
heat up to 12 hours, at temperatures up to
114F. The 10,000 mAh rechargeable lithium
battery can charge smartphones, tablets, sport
cameras, MP3 players and other USB-powered
devices. Dual out ports allow for charging 2
devices at once.
www.celestron.com
The Smith Turbo Fan Prodigy goggles have a tiny two-speed fan built into the frame to actively
promote the circulation of air.
11. 2016
51
05.11.1644 12:02
When things
just work,
work gets done.
Kepwares industrial connectivity software provides
secure and reliable data from the shop floor to the top
floor, so you can focus on productivity.
Learn more at kepware.com/IEB
IEB97_p52.indd 52
03.11.1644 10:39

Industrial Ethernet Book Nº97 (11 - 2016)

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Industrial Ethernet Book Nº97 (11 - 2016)

Încărcat de

Drepturi de autor:

Formate disponibile

11.

The Journal of Industrial Networking and IoT

OPC UA enables sensor to

Lower cost of ownership

CONNECTS THE WORLD OF

The WAGO PFC200 Move Securely Beyond

High-performance controller with integrated 3G modem and standard Mini-SIM card

Embedded data encryption down to the last meter

OPC UA and how it impacts Oil & Gas applications

Preemption standard enables high priority frames and traffic

OPC UA industrial networks for digital factory infrastructure

Smart connectivity transmits data from machines to the cloud

Automotive parts supplier launches IoT initiative

Exploring fundamentals of automation network efficiency

Container and microservices cloud architecture and platform

Lower cost of ownership for industrial IoT networks

The evolution of control system integration and networking

Adapting machines to go global with modern industrial networks

One panel PC coordinates 21 robots in manufacturing cell

Virtual private network for secure remote access

Digital wiring devices using Node-RED development tools

Industrial Ethernet Book

Product & Sources Listing

Update your own products

Wireless network for high

routers are designed to cope with almost any

substation automation, control and protection

PLCopen news: SafeMotion, OPC UA client and libraries

available on the PLCopen website.

PLCopen together with the OPC Foundation has

collect data or even write new production

PLCopen compliant user libraries

To ease the development of user libraries,

Looking at Industrial Ethernets

BASED ON A TRUE STORY, the movie The 33

The miners were ultimately reached

structure of the tunnel walls and movements

An Industrial Ethernet switch like this

Phoenix Contact acquires share in Dutch cybersecurity company

include the power generation, transmission

today. The product range of SecurityMatters

general system pack

Embedded data encryption

NETWORKED PRODUCTION OF THE FUTURE will

Against this background, automation systems

of the IT world. Any security breach can

In order to build a secure system architecture,

about stacking or layering security solutions so

Today, WAGO already fulfills all relevant

The controllers of the PFC family can also

be optimized with analysis methods from the

Real added value

Data analytics tools play a crucial role in the

Integrated automation solutions will therefore

automation capabilities. Finally, the core

Improve reliability, product quality and energy optimization in the facility at a

Visualize & Integrate

)!ovides highly reliable environmental monitoring

) %!"$rate time-stamped data collection for improved

) ""#"'oyment and maintenance with

) "$res data and network security with 128-bit and 256-bit

OPC UA and how it impacts

OPC UNIFIED ARCHITECTURE is an important

)!ovides highly reliable environmental monitoring

)%!"$rate time-stamped data collection for improved

) ""#"'oyment and maintenance with

) "$res data and network security with 128-bit and 256-bit