A Secure, Easy-to-Deploy, Industrial IoT System
Skye Controls & Design Inc., in Spencerport, New York, is using Skkynet software to implement secure, real-time, bidirectional Industrial IoT systems for several industrial and commercial applications in companies across the Northeastern United States. These include universities, manufacturing plants, supermarkets, and even a zoo that require remote monitoring and supervisory control of mission-critical systems in real time. They have replaced poorly-functioning VPN-based systems with Skkynet software running on embedded devices, PLCs, and the Azure cloud.
It all started when Rick Lisowski, President of Skye Controls, was contacted by a zoo in a nearby city. They needed to monitor and control the new water systems in a newly-opened amphibian and reptile center. The center houses a wide variety of species, including one of only six Komodo dragons in captivity. Each animal requires its own specially-controlled microenvironment to thrive.
“They had a VPN-based IoT system in place,” said Lisowski, “but there were three problems: It wasn’t secure, the data flow was one-way, and it didn’t work. They were using a Modbus converter connected to a VPN router that was supposed to send data to their own cloud service, where they hoped to access the data. But neither of the components worked properly, and married together they were worse. The zoo management staff never actually got any data.”
After considering a costly and unsuitable IoT platform, Lisowski found the DataHub on a web search. “I downloaded the demo, and set it up on a Beckhoff PLC we use that runs Windows,” he said. “Once I got a DataHub instance working, and saw that it didn’t matter how many tags I used―one or hundreds―I changed my approach.”
After some tests and conversations with Skkynet, Lisowski decided that a DataHub solution would be the quickest, easiest, and most cost-effective approach. He first replaced the zoo’s PLC with his DataHub-equipped PLC. He then made an outbound connection from the PLC DataHub to a second DataHub running on Microsoft Azure, via a Red Lion RAM-6021 Secure Industrial Router. The RAM-6021 provided a firewall and the hardware security that he needed. On the software side, by making an outbound DataHub tunnelling connection, he was able to keep all firewall ports closed on the zoo’s PLC and router. For the final step, he connected the DataHub running on Azure to the Skye Controls Cloud IoT Service, a windows-based IoT service used by the zoo.
The result is a real-time, end-to-end, bidirectional data path from the water filtration systems to the zoo management offices. “The staff and management are really pleased,” Lisowski said. “Now they can monitor each specialized environment from anywhere that has Internet access. They can make changes to temperature and humidity settings in the real-time graphical display right from their desktop. And a huge plus is that the DataHub is secure by design, running behind closed firewalls yet it still lets you read and write data in both directions.”
Before long, other organizations with similar needs for remote access to data started getting in touch with Skye Controls. Some of them were working with the same VPN-based system that the zoo had been using. The facilities manager at Rochester Institute of Technology (RIT) responsible for water filtration for specialized laboratory use had been tinkering with the VPN system for close to a year and had not managed to get any data flow at all. They had a high-tech process that needed precise, robust, real-time control, and were willing to try a new approach.
“I came into the RIT lab with my Red Lion box, connected it up, and had a system up and running in 40 minutes,” Lisowski said. “Now the manager logs in, sees his data, and he’s happy.”
Another nearby university had a similar requirement for water filtration control for their medical labs. Lisowski installed a slightly modified system for them that included a Red Lion Data Station Plus protocol converter to allow them to connect their in-house Allen-Bradley PLC.
In addition to these single installations, Skye Controls is working with a large supermarket chain. Each of their stores needs to purify city water to very high standards, and then monitor all usage for customer consumption, cooking, baking, and sanitation. The data connection is also used for supervisory control, and for creating archives to support the planning and engineering of future systems for new stores. Of course, the connection must not compromise the security of the hundreds of thousands of consumer credit card transactions processed daily. Lisowski’s Beckhoff PLC/Red Lion/DataHub combination met all of these requirements, and a few more.
“Part of the challenge was that they needed a way to manipulate data in the cloud,” said Lisowski. “They wanted to do math, to make real-time calculations on the data. We use the DataHub’s Scripting feature to write to and convert the data as it passes through the system. Also, because they can read and write data in both directions securely, we allow them to change set points and other values right on the fly, from web HMIs at remote engineering stations. They can alter scaling, set alarms and adjust set points, open and close valves if they need to, and do all the overrides, all through the web interface.”
In these real-world industrial IoT implementations, Lisowski gained a deeper understanding of some of the pluses and minuses of various protocols, such as OPC UA and MQTT. “OPC UA is cool,” he said, “but it’s a pain in the rear to use. Setting up the Beckhoff PLC, and getting data in and out with the DataHub is much easier. Three clicks and you’re done. Configuring OPC UA was more difficult than I wanted it to be.”
“The supermarket chain wanted to write the data to a database,” he continued. “The beautiful thing about the DataHub is that we can do that without relying on some MQTT message thing that might or might not work. I didn’t want to risk sending commands and not have it work. We wanted real, solid, live connections all the time. We wanted to monitor systems online with heartbeat timers, and we couldn’t do that with MQTT. The other system used MQTT, and users could never be sure if data was getting there, so they couldn’t be completely sure whether, for example, the water was on or off. In an industrial system with water pressures of 3000 pounds psi, you can’t take a chance. You need to know.”
“I use a heartbeat timer. Every five seconds, a DataHub script at each remote location writes to the cloud, and the DataHub on Azure writes back. That script checks the round-trip heartbeat traffic, and if it stops, it triggers a write to an alarm point. We use that to send the customer an email, or take any other action that they have requested. For example, if the DataHub monitoring data on Azure suddenly can’t see node 10, it will send an email or maybe a text message.
Some of the grocery stores had equipment that communicated by Modbus. Since the RAM 6021 supports Modbus, Lisowski was able to remove the Beckhoff PLC from the communication chain, and instead use the Skkynet ETK on the RAM 6021. This has become one of his standard configurations for customers whose equipment is Modbus-enabled.
In a similar way, some clients require connections to PLCs other than the Beckhoff PLC. For that, Lisowski has a third configuration that uses the Red Lion Data Station Plus DA-30 protocol converter. He uses this to convert the PLC protocol to Modbus, which he then passes to the RAM-6021 running the ETK, which makes an outbound connection to the DataHub running on Azure.
Although the combination of hardware for each of these approaches varies a bit, the principle is the same for all of them. Lisowski uses a DataHub or ETK in the facility to make a secure, outbound connection to the DataHub running on Azure, establishing real-time, bidirectional communication.
“These customers have all had the same problem,” he said. “Someone else came in, thought they knew what they were doing, but didn’t have a clue. They couldn’t provide the security or a steady data stream, or two-way access to the data. I needed real-time, and I needed security. I knew the Red Lion and Beckhoff stuff. When I found out about the DataHub it was just a matter of putting it all together. Now my motto is: I can get any data from anywhere you have it, and push it to anywhere you need it.”