IT/OT integration with optimized data exchange, secure communication, and reduced administrative effort
A key feature of ‘Industrie 4.0’ applications is the close interweaving of the production and management levels. This involves the use of a large number of OT components, which exchange data with one another and communicate with various IT applications. This results in the creation of highly complex network structures that present a challenge in terms of the volume of data required, secure data transfer, and straightforward configuration. Short innovation cycles in IT mean that users are also facing the question of how they can reduce the costs for IT/OT integration over the lifetime of a plant. In light of the above, the new OPC UA middleware solution dataFEED Secure Integration Server offers the user decisive advantages.
‘Industrie 4.0’ is the buzzword of the moment. While initial work here involved theoretical analyses, the second phase – the rollout of actual applications – is now underway. Key factors deciding the success of any rollout include the integration of the production (operational technology, OT) and management (information technology, IT) levels with end-to-end data exchange. The complexity of the network structures to be supported also rises exponentially with the number of OT and IT applications involved. The volume of data to be transferred is no less extensive, and effort required for installation, setup, and maintenance also increases rapidly. Since the use of open networks is more than likely – and certain in the case of public cloud platforms – data security and protection against attacks are key criteria.
OPC UA: The Standard for ‘Industrie 4.0’
One important prerequisite for the success of ‘Industrie 4.0’ is the use of an open industry standard that is supported by the various providers of the individual system components. The solution path for this was sketched out in the April 2013 report ‘Recommendations for Implementing the Strategic Initiative INDUSTRIE 4.0’, which introduces the OPC UA standard as a potential base technology for the implementation. The foundation here is built on the modern data modelling technology of the OPC UA standard and the use of a uniform information model for all applications. OPC UA overcomes the limits of Fieldbus communication, enabling IT systems – such as those offering enterprise resource planning (ERP) and manufacturing execution system (MES) functionality – to exchange data directly with sensors on the OT layer. Support for secure and reliable communication is also provided.
In ‘Industrie 4.0’ solutions, the IT and OT domains encounter and make different demands on each other.
Middleware: A Key Component
Within an overall “Industrie 4.0” system, the OT components take on the role of OPC UA servers, while IT components play the role of OPC UA clients. However, the OPC UA standard itself does not yet offer a solution for two requirements of ‘Industrie 4.0’: handling a large volume of data and supporting straightforward installation, configuration, and maintenance. A middleware solution is therefore required, such as dataFEED Secure Integration Server as developed by Softing Industrial Data Intelligence. This leverages the possibilities for address space modelling offered by the OPC UA standard and utilizes these particularly for interface abstraction and data aggregation.
Interface Abstraction between IT and OT
Abstract interfaces between the domains of IT and OT support changes or extensions within one level without requiring modifications on the other level. If a new component needs to be integrated or a function modified, this can be completed with very little effort simply by making adjustments within the OPC UA address space of dataFEED Secure Integration Server. This makes it easy for end users to integrate a new IT application into an OPC UA interface that represents the OT side of the system, for example. Conversely, IT applications do not need to be touched for changes within the production domain provided the OPC UA interface implemented in the middleware remains unchanged. This makes it a straightforward matter for a software supplier to integrate a standard interface for their application into customer-specific equipment and environments. Users gain considerable flexibility and can exploit short innovation cycles in the IT domain to the full, enjoying an unrestricted choice of the IT applications and platforms to deploy with reduced integration effort. They also have a full set of options for making changes within the OT domain without needing to restart the IT integration process from the beginning.
The aggregation server drastically reduces the communication connections in an ‘Industrie 4.0’ application.
Data Aggregation and Preprocessing
Data aggregation offered by dataFEED Secure Integration Server means data can be consolidated from multiple sources within one server. Since the IT application now needs to access just one server rather than many individual data sources, this simplifies the communication structure. This also simplifies configuration as it is no longer necessary to configure each OT data source and each IT application separately.
Data preprocessing allows the centralized calculation of the process values required – such as mean values over a prolonged time period or key performance indicators for predictive maintenance. This enables reductions to be made in the volume of data exchanged. In addition, a higher percentage of computing power remains available on the IT application’s target computers.
Built-In IT Security
Last but not least, dataFEED Secure Integration Server also includes data security features that are based on the security functionality offered by the OPC UA standard. This facilitates the centralized administration, regulation, and monitoring of individual access rights for applications. Accordingly, separate access rights can be specified for individual applications and users, access to specific data sets can be restricted to particular use cases, certificates can be defined for data access, and white lists or black lists can be set up for data access from individual IP addresses. In addition, denial-of-service (DoS) attacks versus OPC UA authentication can also be detected.
Key Advantages for Users
This extensive feature set lets dataFEED Secure Integration Server act as the centralized management hub for an ‘Industrie 4.0’ solution. In particular, this enables all security aspects to be configured and monitored at a single point – which is both a major simplification and advantage for the system owner. OPC UA servers, clients, and the associated address spaces can be added and deleted dynamically without requiring a system restart, while various data sources can be flexibly aggregated for access by individual OPC UA applications. The corresponding configuration of the OPC UA address space for a specific client interface allows the straightforward integration of standard applications. If changes become necessary in the OT domain, the IT interface can be kept as it is, unchanged. This reduces operating and integration costs over the lifetime of the equipment. At the same time, decisions about changes and capital spending in the OT and IT domains can be made largely independently of one another.
These advantages can also be seen in practice. As one example, a manufacturer of precision milled parts consolidates around 80 machines using dataFEED Secure Integration Server. To do so, the company uses existing OPC UA servers or equips existing machinery with an OPC UA interface via gateways. Each OPC UA client application accesses the production data for the respective machinery via individually configured access rights. In this way, dataFEED Secure Integration Server actively supports the prevention of faults. The customer has been impressed by the highly flexible filter options and the simplicity of adding new OPC UA servers and clients without having to make configuration changes to existing OPC UA components. Another key advantage is the ability to monitor all security aspects in the customer’s solution from a single, centralized instance.
The universal exchange of data is a key feature of ‘Industrie 4.0’. To achieve this, dataFEED Secure Integration Server provides a centralized OPC UA data integration layer, which enables the simple configuration, efficient management, smooth handling, and easy maintenance of data exchange between the OT and IT domains. Data access can be configured, approved, or locked out centrally for individual components. An OPC UA firewall offers protection against attacks.
By offering significant flexibility for namespace specifications, support for address space filters, browser-based configuration, and a configuration API, dataFEED Secure Integration Server minimizes the highly complex network structures of ‘Industrie 4.0’ solutions, making them easier to handle.
Andreas Röck is Product Manager Industrial at Softing Industrial Data Intelligence