IT/OT integration with optimized data exchange, secure communication and reduced administrative effort
A key feature of ‘Industrie 4.0’ applications is the close interweaving of the production and management levels. This involves the use of a large number of OT components, which exchange data with one another and communicate with various IT applications. This results in the creation of highly complex network structures that present a challenge in terms of the volume of data required, secure data transfer, and straightforward configuration. Short innovation cycles in IT mean that users are also facing the question of how they can reduce the costs for IT/OT integration over the lifetime of a plant. In light of the above, the new OPC UA middleware solution dataFEED Secure Integration Server offers the user decisive advantages.
- Support of all safety functions of OPC UA standard
- Provide different data for different users and applications
- Support for multiple OPC UA Endpoints (client or server), each with its own certificates
- Filtered access, depending on IP address
- Detection of DoS (Denial of Service) attacks on OPC UA authentication
- Aggregation of data from multiple sources in a server
- Application access to aggregation servers, not to many individual data sources
- Reduced configuration effort
- Common, stable OT interface for different IT applications
- Adaptations in automation network transparent for IT applications
- Easy integration of IT applications with standard OPC UA Clients in different OT environments
- Decoupling of investment decisions in IT and OT environment
Solutions for Edge Architectures
- Edge solution with features and benefits identical to those resulting from using central cloud platforms
- Running local clients (e.g. for edge analytics) in parallel with cloud-based applications
- Start with small IoT solution on cloud basis, later adaptation and expansion over time possible
‘Industrie 4.0’ is the buzzword of the moment. While initial work here involved theoretical analyses, the second phase – the rollout of actual applications – is now underway. Key factors deciding the success of any rollout include the integration of the production (operational technology, OT) and management (information technology, IT) levels with end-to-end data exchange. The complexity of the network structures to be supported also rises exponentially with the number of OT and IT applications involved. The volume of data to be transferred is no less extensive, and effort required for installation, setup, and maintenance also increases rapidly. Since the use of open networks is more than likely – and certain in the case of public cloud platforms – data security and protection against attacks are key criteria.
OPC UA: The Standard for ‘Industrie 4.0’
One important prerequisite for the success of ‘Industrie 4.0’ is the use of an open industry standard that is supported by the various providers of the individual system components. The solution path for this was sketched out in the April 2013 report ‘Recommendations for Implementing the Strategic Initiative INDUSTRIE 4.0’, which introduces the OPC UA standard as a potential base technology for the implementation. The foundation here is built on the modern data modeling technology of the OPC UA standard and the use of a uniform information model for all applications. OPC UA overcomes the limits of fieldbus communication, enabling IT systems – such as those offering enterprise resource planning (ERP) and manufacturing execution system (MES) functionality – to exchange data directly with sensors on the OT layer. Support for secure and reliable communication is also provided.
Middleware: A Key Component
Within an overall “Industrie 4.0” system, the OT components take on the role of OPC UA servers, while IT components play the role of OPC UA clients. However, the OPC UA standard itself does not yet offer a solution for two requirements of ‘Industrie 4.0’: handling a large volume of data and supporting straightforward installation, configuration, and maintenance. A middleware solution is therefore required, such as dataFEED Secure Integration Server as developed by Softing Industrial Data Intelligence. This leverages the possibilities for address space modeling offered by the OPC UA standard and utilizes these particularly for interface abstraction and data aggregation.
Interface Abstraction between IT and OT
Abstract interfaces between the domains of IT and OT support changes or extensions within one level without requiring modifications on the other level. If a new component needs to be integrated or a function modified, this can be completed with very little effort simply by making adjustments within the OPC UA address space of dataFEED Secure Integration Server. This makes it easy for end users to integrate a new IT application into an OPC UA interface that represents the OT side of the system, for example. Conversely, IT applications do not need to be touched for changes within the production domain, provided the OPC UA interface implemented in the middleware remains unchanged. This makes it a straightforward matter for a software supplier to integrate a standard interface for their application into customer-specific equipment and environments. Users gain considerable flexibility and can exploit short innovation cycles in the IT domain to the full, enjoying an unrestricted choice of the IT applications and platforms to deploy with reduced integration effort. They also have a full set of options for making changes within the OT domain without needing to restart the IT integration process from the beginning.
Data Aggregation and Preprocessing
Data aggregation offered by dataFEED Secure Integration Server means data can be consolidated from multiple sources within one server. Since the IT application now needs to access just one server rather than many individual data Source: Softing The aggregation server drastically reduces the communication connections in an ‘Industrie 4.0’ application. OPC UA overcomes the limits of fieldbus communication, enabling IT systems to exchange data directly with sensors on the OT layer. Support for secure and reliable communication is also provided. sources, this simplifies the communication structure. This also simplifies configuration as it is no longer necessary to configure each OT data source and each IT application separately.
Data preprocessing allows the centralized calculation of the process values required – such as mean values over a prolonged time period or key performance indicators for predictive maintenance. This enables reductions to be made in the volume of data exchanged. In addition, a higher percentage of computing power remains available on the IT application’s target computers.
Built-In IT Security
Last but not least, dataFEED Secure Integration Server also includes data security features that are based on the security functionality offered by the OPC UA standard. This facilitates the centralized administration, regulation, and monitoring of individual access rights for applications. Accordingly, separate access rights can be specified for individual applications and users, access to specific data sets can be restricted to particular use cases, certificates can be defined for data access, and white lists or black lists can be set up for data access from individual IP addresses. In addition, denial-of-service (DoS) attacks versus OPC UA authentication can also be detected.
Key Advantages for Users
This extensive feature set lets dataFEED Secure Integration Server act as the centralized management hub for an ‘Industrie 4.0’ solution. In particular, this enables all security aspects to be configured and monitored at a single point – which is both a major simplification and advantage for the system owner. OPC UA servers, clients, and the associated address spaces can be added and deleted dynamically without requiring a system restart, while various data sources can be flexibly aggregated for access by individual OPC UA applications. The corresponding configuration of the OPC UA address space for a specific client interface allows the straightforward integration of standard applications. If changes become necessary in the OT domain, the IT interface can be kept as it is, unchanged. This reduces operating and integration costs over the lifetime of the equipment. At the same time, decisions about changes and capital spending in the OT and IT domains can be made largely independently of one another.
These advantages can also be seen in practice. As one example, a manufacturer of precision milled parts consolidates around 80 machines using dataFEED Secure Integration Server. To do so, the company uses existing OPC UA servers or equips existing machinery with an OPC UA interface via gateways. Each OPC UA client application accesses the production data for the respective machinery via individually configured access rights. In this way, dataFEED Secure Integration Server actively supports the prevention of faults. The customer has been impressed by the highly flexible filter options and the simplicity of adding new OPC UA servers dataFEED Secure Integration Server meets all of the requirements in one middleware component. Source: Softing dataFEED Secure Integration Server leverages the possibilities for address space modeling offered by the OPC UA standard and utilizes these particularly for interface abstraction and data aggregation. and clients without having to make configuration changes to existing OPC UA components. Another key advantage is the ability to monitor all security aspects in the customer’s solution from a single, centralized instance.
The universal exchange of data is a key feature of ‘Industrie 4.0’. To achieve this, dataFEED Secure Integration Server provides a centralized OPC UA data integration layer, which enables the simple configuration, efficient management, smooth handling, and easy maintenance of data exchange between the OT and IT domains. Data access can be configured, approved, or locked out centrally for individual components. An OPC UA firewall offers protection against attacks.
By offering significant flexibility for namespace specifications, support for address space filters, browser-based configuration, and a configuration API, dataFEED Secure Integration Server minimizes the highly complex network structures of ‘Industrie 4.0’ solutions, making them easier to handle.