Posts

Case Study: Siemens, Denmark

Integrating OPC servers and data from high-security facility

In a recent data integration project, Siemens engineers in Copenhagen, Denmark were able to connect equipment and instrumentation running in a high-security facility to a remote monitoring location, using the Cogent DataHub®. The goal was to allow technicians access to the machines they needed to work on, without breaching security or permitting any non-authorized personnel on site.

At first the project promised to be a typical OPC application. The main objective was to connect a chiller unit with an OPC server running at a secure facility to two SCADA systems at a monitoring station, each enabled as an OPC client. However, it soon became apparent that there would be some problems with networking. OPC networking depends on DCOM, which at the best of times can be difficult to configure and slow to reconnect after a network break. To make matters worse, the OPC server provided by the chiller manufacturer was not up to the task.

“This particular OPC server has some strange behaviors,” said Carsten Barsballe, the project leader. “It won’t run as a service, and it won’t allow remote connections using DCOM, because when you disconnect, you are not able to reconnect. So we decided to encapsulate it in the DataHub.” Carsten installed a DataHub on the same machine as the chiller’s OPC server, and configured it to run as a service, causing it to connect whenever the system starts. This allows him to use the DataHub for all OPC client connections.

At the monitoring facility, Carsten discovered another potential setback. His SCADA systems were not able to connect remotely to an OPC server. They required a local OPC connection, so Carsten decided to use the tunnelling capabilities of the DataHub. He installed two more DataHubs, one on each SCADA system machine, and configured connections across the network to the first DataHub. His SCADA systems each connected to their local DataHub, and the data link was complete. Technicians could now view data from the high-security facility from the safe distance of the monitoring location.

“The two SCADA systems are separate from the chiller unit, but fully connected in real-time, so technicians can work on them as they are used to,” said Carsten. “This is a way to keep people from touching things they don’t know about. We have lots of people working at all hours, and now there is no need to for them to be onsite at any time.”

With the chiller system up and running, Carsten plans to integrate more data sources into the system. They have a few UPS (uninterruptible power supply) units with SNMP connectivity that they need to monitor, and by adding an SNMP-OPC server, the data from these will be brought into the DataHub. After that, they will also attach an OPC server for several meter-reading input devices. All of this data will then be sent across to the SCADA systems, and made available to the service people who need access to it.

“The DataHub is running very well,” said Carsten. “We do a lot of this kind of data integration, and there will be other projects. Now we have a good feeling for this product. We have chosen the right solution.”

Case Study: Kimberly-Clark, Switzerland

Networking control and video systems for quality control using the Cogent DataHub

The Kimberly-Clark production facility in Niederbipp, Switzerland, is the leading tissue paper producer for Switzerland and Austria, supplying Hakle, Tela, Scott, Kleenex, and other popular brands of tissues for consumers throughout Europe.

In a recent upgrade to their video-based quality control system, Kimberly-Clark needed to connect their existing ABB QCS (Quality Control System) to a new, state-of-the-art Viconsys Process and Quality Vision System, to ensure the highest quality product. For implementation, they contacted Logic Park, an engineering and system integration company located near Thun, Switzerland.

“This project was a little unusual,” said Bruno Maurer, Head of Solutions at Logic Park. “The two systems had to be connected across a network. But each system was protected by a firewall, and each offered only an OPC server interface for data connections. We had to bridge these two OPC servers, passing the data across the network. Using DCOM for networking was out of the question, because it would open too many ports in the firewalls, and it is difficult to configure. What we needed was a way to tunnel the data across the network, and bridge the OPC servers at either end of the tunnel.”

To achieve these goals, Bruno turned to the Cogent DataHub®, which offers both OPC tunneling and bridging in a single, integrated product. He installed one DataHub on the same machine as the ABB QCS system, and connected it to that OPC server.

He then installed a second DataHub on the Viconsys computer, and connected it to the Viconsys OPC server. Then he configured the OPC tunnel, and was able to see both sets of data on both DataHubs. From there, it was a straightforward task to configure the necessary bridges to write data from one OPC server to the other OPC server. He had a test connection running in a several hours, and within a few days the new system was completely functional.

“The DataHub worked very well for this project,” said Bruno. “Taken by itself, the OPC tunnel is robust and secure. Combined with OPC bridging, the DataHub has given us a complete and reliable way to network real-time data.”

Case Study: ABB Energy Automation, Italy

Secure OPC tunnelling between power plants and company offices

In two recent projects, Italy’s ABB Energy Automation has developed a control solution that feeds data from power plant facilities directly to corporate offices – in real time – using the Cogent DataHub®. A key requirement was to provide a highly secure means of data transmission, with the minimal risk of break-ins. The DataHub tunnelling solution establishes a secure, reliable connection between the power plant and corporate networks.

ABB Energy Automation implements software and control systems for power plants to ensure that equipment operates at optimum speed and efficiency. For this project, it became clear that several Italian power companies would benefit substantially by monitoring the performance of the plant directly from the company offices. Mr. Michele Mannucci, ABB Project Engineer, began looking for a way to make the connection, using the most reliable and secure means available.

“Customers are very sensitive about security these days since they need to exchange information on the web,” he said. “We had OPC DA servers on our equipment, but found that using DCOM for networking was too risky. It required us to open too many ports in our firewalls. We had to find a way to avoid using DCOM.”

A search on the web brought Mr. Mannucci to the DataHub. For the first test, he connected the DataHub to the plant’s DigiVis Freelance 2000 OPC server, and then connected to an OPC client, tunnelling through the plant firewall using just one open port. With that working, he installed another DataHub on the corporate network, and then created a mirroring connection between the two DataHubs.

For the production system, the company decided to use ABB’s own proprietary OPC server on the secure LAN in the plant, and connect that to the DataHub. From the DataHub the data flows out through a single port on the plant firewall via SSL-encrypted TCP to a DataHub in the corporate offices, which is connected to the corporate LAN. The two DataHubs mirror the data, so that every data change on the plant LAN is immediately received on the corporate LAN.

“For us, this OPC tunnel is very good, because we only need to open one port, and we are secure from DCOM break-ins,” said Mannucci. “We are considering installing this same solution in our top plants.”

It took only a few days for Mannucci to go from initial testing to a working system in the first power plant. The second system was up and running in a similar time frame. Both systems have been running 24/7 since installation, with no breaches in security.

Case Study: TEVA API Pharmaceuticals, Hungary

TEVA combines tunnelling and aggregation to network OPC data through a firewall

Laszlo Simon is the Engineering Manager for the TEVA API plant in Debrecen, Hungary. He had a project that sounded simple enough. Connect new control applications through several OPC stations to an existing SCADA network. The plant was already running large YOKOGAWA DCS and GE PLC control systems, connected to a number of distributed SCADA workstations. However, Mr. Simon did face a couple of interesting challenges in this project:

  • The OPC servers and SCADA systems were on different computers, separated by a company firewall. This makes it extremely difficult to connect OPC over a network, because of the complexities of configuring DCOM and Windows security permissions.
  • Each SCADA system needed to access data from all of the new OPC server stations. This meant Mr. Simon needed a way to aggregate data from all the OPC stations into a single common data set.

After searching the web, Mr. Simon downloaded and installed the DataHub®. Very quickly he had connected the DataHub to his OPC servers and determined that he was reading live process data from TEVA’s new control systems. He was also able to easily set up the OPC tunnelling link between the OPC server stations and the SCADA workstations, by simply installing another DataHub on the SCADA computer and configuring it to connect to the OPC server stations.

“I wanted to reduce and simplify the communication over the network because of our firewall. It was very easy with the DataHub.” said Mr. Simon after the system was up and running. Currently about 7,000 points are being transferred across the network, in real-time. “In the future, the additional integration of the existing or new OPC servers will be with the DataHub.”

Case Study: Mukhaizna Oil Field, Oman

Optimizing OPC connections with the DataHub

In 2005 the Sultanate of Oman issued a Royal Decree to develop the giant Mukhaizna oil field covering a vast expanse of desert in the center and south of the country. A major worldwide producer of oil, natural gas, and chemicals was given responsibility for developing the Mukhaizna field, and from 2005 to 2008 oil recovery rates were increased by more than 600% through the use of a steam-assisted gravity drainage process. As each year goes by, the company makes every effort to continuously upgrade technology and improve productivity of the field.

Eight separate production facilities in the Mukhaizna oil field are using Rockwell PLCs, linked to Iconics HMI/SCADA systems for data visualization and operator control. This data collection and distribution mechanism worked well when first implemented, but as the number of data points increased over time it became clear to the project engineers that they needed a way to improve performance. So they began to look for a way to streamline the data flow. The solution they found not only performed well, but it created other, significant opportunities for real-time data integration.

Software Toolbox logo

At each of the eight locations, Rockwell PLCs are connected to an Iconics Genesis32 HMI through an OPC server. The TOP Server OPC server from Software Toolbox (Cogent’s Sales and Technical Partner) gathers data from as many as 20 PLCs, and feeds that to the HMI. As new equipment was brought online, the number of tags in the system approached 30,000, which is normally not a problem for TOP Server. But something was clearly different with this system and it became apparent that some sort of optimization was necessary.

Optimization

The problem was that the HMI was forcing the TOP Server to make device reads, which bypassed TOP Server’s optimization at the device level. Device reads by an OPC client are intended to cause the OPC server to get the information and reply back to the OPC client before doing anything else. While these types of calls are useful in critical situations, all communication optimization has to be done through full system design. The HMI was also requesting updates on groups of OPC tags as it needed them, but these groups were often in a different logical order than how the data points were represented on the PLC. The combined effect was forcing the TOP Server to make more requests for smaller amounts of data, slowing the data-gathering process.

“The OPC server seemed to be dying under the load,” said Juan Munoz, Project Manager for the Mukhaizna oil field project. “Even at rates as low as once per second, it was difficult to scan 30,000 tags, and get the critical data changes that we needed.” Based on his experience with the TOP Server in other projects, Mr. Munoz knew the server itself was not the issue, so he searched the Software Toolbox website for a solution and found the Cogent DataHub®.

The DataHub, developed by Cogent Real-Time Systems (a subsidiary of Skkynet), is a highly optimized data integration tool. It is a memory resident real-time database that provides quick, reliable and secure access to valuable process data and makes it available to other production and management systems, database archives, and remote clients.

Once he started configuring the DataHub, Mr. Munoz soon realized how it could solve his data flow problem. Acting as an OPC client to TOP Server, the DataHub can request data based on tag value changes (referred to as “asynchronous advise”). This means that instead of 30,000 tags per second, TOP Server only sends data for a tag when it changes value. It is free to poll the devices in the most efficient way, always keeping the DataHub up to date with the latest data values. The DataHub keeps all the latest tag values in memory, and can efficiently send them to the HMI on each poll.

“The DataHub effectively decouples the OPC server from the client,” said Mr. Munoz. “All the load is on the DataHub’s shoulders now, and the performance is much better.” The TOP Server is now free to optimize the communications to the device while the DataHub protects it from device reads. This has relieved the company from having to redesign their HMI and PLC configurations from the ground up, saving them tens of thousands of dollars in engineering and development work.

When he was satisfied with the results at the first location, Mr. Munoz began installing the DataHub at the seven other facilities. He experienced a similar performance boost, and at the same time created a new data integration opportunity. He now had most of the pieces in place to bring all of the live production data to a central location, using OPC tunnelling.

OPC tunnelling

OPC tunnelling is a reliable and secure way to connect OPC servers and clients over a network. OPC DA uses DCOM for networking, which is difficult to configure, does not respond well to network breaks, and can pose significant security risks. The DataHub mirrors data from OPC servers and clients over TCP, which is a more robust protocol for networking.

To implement OPC tunnelling, Mr. Munoz installed another DataHub on a Windows server at the Mukhaizna oil field central office. After configuring tunnelling connections between that DataHub and the remote DataHubs, he was able to access the data from all eight field locations as a single, common data set, without putting any more load on his control system. This data could now be logged and shared at the management level of the company.

Using the DataHub’s database interface, Mr. Munoz configured connections to OSIsoft PI and SQL Server databases, to record production data at the remote sites and at the central office. Historical records and reports are now available through standard tools such as SQL and Crystal Reports. Mr. Munoz also configured an OPC connection from the central DataHub to an Iconics Web HMI to give managers access to the live data from all of the eight field sites. Operators, on the other hand, continue to control the processes from the HMIs running at the remote locations.

Among the critical information that operators and management need to monitor is the available memory and status of programs running at each field location. The company was able to achieve this by configuring the DataHub’s System Monitor feature, which allowed Mr. Munoz to add points that monitor the available computer memory and status of the OPC server running at each remote location. This data is accessed locally by operators, and is also tunnelled back to the central DataHub, so it can be viewed by users of the Web HMI on the management network.

“The DataHub is very easy to use,” said Mr. Munoz. “In fact, at a recent training session we showed some other people at the company what we are doing, and they are very impressed.”

Redundancy

The most recent project that Mr. Munoz has decided to tackle with the DataHub is to implement redundancy. To provide increased availability, the company has installed an additional OPC server at some locations. Working with Win Worrall, Product Support Engineer and Developer at Software Toolbox, Mr. Munoz has implemented redundancy in the DataHub to monitor the quality of the data coming from the local OPC server.

If the quality of an indicator changes to “Bad” or “Not Connected” on the primary OPC server, DataHub immediately switches to the redundant OPC server and continues collecting data from there. Although this is currently undergoing testing before being implemented in the production facility, Mr. Munoz reports that there is no data loss during the switchover, and that the performance is very reliable.

Scripting

To gain maximum value from the DataHub, Mr. Munoz has developed a working knowledge of the DataHub Scripting feature. “The scripting language did take a little time to learn, but it is very useful for the types of scripts we need to use. We can develop scripts quickly now, because the language is object oriented.”

Starting with a demo script from the DataHub archive, Mr. Munoz has been able to access data from a legacy UNIX system and make it available through OPC. To access the data, Mr. Munoz wrote a DataHub script to read a CSV file every minute and write the values to points in the DataHub. Because the DataHub is also an OPC server, this allows points from the UNIX system to be presented as OPC tags to the HMI system.

“I am impressed with how quickly Juan has picked up the scripting,” said Mr. Worrall. “In fact, he’s pretty good at getting the most out of the DataHub in just about every way.” “We are very grateful to Win and the overall support from Software Toolbox on this project,” said Mr. Munoz. “We haven’t found many problems. In all aspects, the DataHub is performing very well.”

————
Software Toolbox and TOP Server are trademarks of Software Toolbox, Inc. Other product names, brand names and company names mentioned in this publication may be trademarks of their respective owners.

Advanced Tunnelling for OPC with Cogent DataHub

OPC has become a leading standard for industrial process control and automation systems.  Among several OPC standards, the one most widely used throughout the world is OPC DA, or OPC Data Access. Many hardware manufacturers offer an OPC DA interface to their equipment, and OPC DA servers are also offered by third-party suppliers.  Likewise, most HMI vendors build OPC DA client capabilities into their software.  Thus data from most factory floor devices and equipment can connect to most HMIs and other OPC DA clients.  This universal connectivity has greatly enhanced the flexibility and efficiency of industrial automation systems.

But OPC DA has a major drawback—it does not network well.  OPC DA is based on the COM protocol, which uses DCOM (Distributed COM) for networking.  DCOM was not designed for real-time industrial applications. It is neither as robust nor secure as industrial systems require, and it is very difficult to configure. To overcome these limitations, Cogent offers a “tunnelling” solution, as an alternative to DCOM, to transfer OPC data over a network.  Let’s take a closer look at how tunnelling solves the issues associated with DCOM, and how the Cogent DataHub from Cogent Real-Time Systems provides a secure, reliable, and easy-to-use tunnelling solution with many advanced features.

Making Configuration Easy and Secure

The first problem you will encounter with DCOM is that it is difficult to configure.  It can take a DCOM expert hours, and sometimes days, to get everything working properly.  It is difficult to find good documentation on DCOM because configuration is not a simple, step-by-step process.  Even if you are successful, the next Windows Update or additional new setting may break your working system.  Although it is not recommended practise, many companies “solve” the problem by simply bypassing DCOM security settings altogether.  But this kind of granting broad access permissions is becoming less and less viable in today’s security-conscious world, and most companies cannot risk lowering their guard to allow DCOM to function.

Tunnelling with the Cogent DataHub eliminates DCOM completely, along with all of its configuration and security issues.  The Cogent DataHub uses the industry standard TCP/IP protocol to network data between an OPC server on one computer and an OPC client on another computer, thus avoiding all of the major problems associated with using the DCOM protocol.

The Cogent DataHub offers this tunnelling feature by effectively ‘mirroring’ data from one Cogent DataHub running on the OPC server computer, to another Cogent DataHub running on the OPC client computer, as shown in the image above.  This method results in very fast data transfer between Cogent DataHub nodes.

Better Network Communication

When a DCOM connection is broken, there are very long timeout delays before either side is notified of the problem, due to DCOM having hard coded timeout periods which can’t be adjusted by the user.  In a production system, these long delays without warning can be a very real problem.  Some OPC clients and OPC client tools have internal timeouts to overcome this one problem but this approach does not deal with the other issues discussed in this paper.

The Cogent DataHub has a user-configurable heartbeat and timeout feature which allows it to react immediately when a network break occurs.  As soon as this happens, the Cogent DataHub begins to monitor the network connection and when the link is re-established, the local Cogent DataHub automatically reconnects to the remote Cogent DataHub and refreshes the data set with the latest values.  Systems with slow polling rates over long distance lines can also benefit from the user-configurable timeout, because DCOM timeouts might have been too short for these systems.

Whenever there is a network break, it is important to protect the client systems that depend on data being delivered.  Because each end of the tunnelling connection is an independent Cogent DataHub, the client programs are protected from network failures and can continue to run in isolation using the last known data values.  This is much better than having the client applications lose all access to data when the tunnelling connection goes down.

The Cogent DataHub uses an asynchronous messaging system that further protects client applications from network delays.  In most tunnelling solutions, the synchronous nature of DCOM is preserved over the TCP link.  This means that a when a client accesses data through the tunnel, it must block waiting for a response.  If a network error occurs, the client will continue to block until a network timeout occurs.  The Cogent DataHub removes this limitation by releasing the client immediately and then delivering the data over the network.  If a network error occurs, the data will be delivered once the network connection is re-established.

Cogent DataHub Other tunnelling products
The Cogent DataHub keeps all OPC transactions local to the computer, thus fully protecting the client programs from any network irregularities. Other products expose OPC transactions to network irregularities, making client programs subject to timeouts, delays, and blocking behavior. Link monitoring can reduce these effects, while the Cogent DataHub eliminates them.
The Cogent DataHub mirrors data across the network, so that both sides maintain a complete set of all the data. This shields the clients from network breaks as it lets them continue to work with the last known values from the server. When the connection is re-established, both sides synchronize the data set. Other products pass data across the network on a point by point basis and maintain no knowledge of the current state of the points in the system. A network break leaves the client applications stuck with no data to work with.
A single tunnel can be shared by multiple client applications. This significantly reduces network bandwidth and means the customer can reduce licensing costs as all clients (or servers) on the same computer share a single tunnel connection. Other tunnelling products require a separate network connection for each client-server connection. This increases the load on the system, the load on the network and increases licensing costs.

These features make it much easier for client applications to behave in a robust manner when communications are lost, saving time and reducing frustration.  Without these features, client applications can become slow to respond or completely unresponsive during connection losses or when trying to make synchronous calls.

Securing the System

Recently, DCOM networking has been shown to have serious security flaws that make it vulnerable to hackers and viruses. This is particularly worrying to companies who network data across Internet connections or other links outside the company.

To properly secure your communication channel, the Cogent DataHub offers secure SSL connections over the TCP/IP network.  SSL Tunnelling is fully encrypted, which means the data is completely safe for transmission over open network links outside the company firewalls.  In addition, the Cogent DataHub provides access control and user authentication through the use of optional password protection.  This ensures that only authorized users can establish tunnelling connections.  It is a significant advantage having these features built into the Cogent DataHub, since other methods of data encryption can require complicated operating system configuration and the use of more expensive server PCs, which are not required for use with the Cogent DataHub.

Advanced Tunnelling for OPC

While there are a few other products on the market that offer tunnelling capabilities to replace DCOM, the Cogent DataHub is unique in that it is the only product to combine tunnelling with a wide range of advanced and complimentary features to provide even more added benefits.

Significant reduction in network bandwidth

The Cogent DataHub reduces the amount of data being transmitted across the network in a two ways:

  1. Rather than using a polling cycle to transmit the data, the Cogent DataHub only sends a message when a new data value is received.  This significantly improves performance and reduces bandwidth requirements.
  2. The Cogent DataHub can aggregate both client and server connections.  This means that the Cogent DataHub can collect data from multiple OPC servers and send it across the network using a single connection.  On the client side, any number of OPC clients can attach to the Cogent DataHub and they all receive the latest data as soon as it arrives.  This eliminates the need for each OPC client to connect to each OPC server using multiple connections over the network.
Non-Blocking

While it may seem simple enough to replace DCOM with TCP/IP for networking OPC data, the Cogent DataHub also replaces the inherent blocking behaviour experienced in DCOM communication.  Client programs connecting to the Cogent DataHub are never blocked from sending new information.  Some vendors of tunnelling solutions for OPC still face this blocking problem, even though they are using TCP/IP.

Supports slow network and Internet links

Because the Cogent DataHub reduces the amount of data that needs to be transmitted over the network, it can be used over a slow network link.  Any interruptions are dealt with by the Cogent DataHub while the OPC client programs are effectively shielded from any disturbance caused by the slow connection.

Access to data on network computers running Linux

Another unique feature of the Cogent DataHub is its ability to mirror data between Cogent DataHubs running on other operating systems, such as Linux and QNX.  This means you can have your own custom Linux programs act as OPC servers, providing real-time data to OPC client applications running on networked Windows computers.  The reverse is also true.  You can have your Linux program access data from OPC servers running on networked Windows computers.

Load balancing between computers

The Cogent DataHub also offers the unique ability to balance the load on the OPC server computers.  You may have a system where multiple OPC clients are connecting to the OPC server at the same time, causing the server computer to experience high CPU loads and slower performance.  The solution to this is to mirror data from the Cogent DataHub on the OPC server computer to an Cogent DataHub on another computer and then have some of your OPC clients connect to this second ‘mirrored’ computer.  This reduces the load on the original OPC server computer and provides faster response to all OPC client computers.

Advanced Tunnelling for OPC Example – TEVA Pharmaceuticals (Hungary)

TEVA Pharmaceuticals in Hungary recently used the Cogent DataHub to combine tunnelling and aggregation to network OPC data over the network and through the company firewall.

Laszlo Simon is the Engineering Manager for the TEVA API plant in Debrecen, Hungary. He had a project that sounded simple enough. He needed to connect new control applications through several OPC stations to an existing SCADA network. The plant was already running large YOKOGAWA DCS and GE PLC control systems, connected to a number of distributed SCADA workstations. However, Mr. Simon did face a couple of interesting challenges in this project:

  • The OPC servers and SCADA systems were on different computers, separated by a company firewall. This makes it extremely difficult to connect OPC over a network, because of the complexities of configuring DCOM and Windows security permissions.
  • Each SCADA system needed to access data from all of the new OPC server stations. This meant Mr. Simon needed a way to aggregate data from all the OPC stations into a single common data set on each SCADA computer.

After searching the web, Mr. Simon downloaded and installed the Cogent DataHub. Very quickly he had connected the Cogent DataHub to his OPC servers and determined that he was reading live process data from the new control systems. He was also able to easily set up the tunnelling link between the OPC server stations and the SCADA workstations, by simply installing another Cogent DataHub on the SCADA computer and configuring it to connect to the OPC server stations.

“I wanted to reduce and simplify the communication over the network because of our firewall. It was very easy with the Cogent DataHub.” said Mr. Simon after the system was up and running. Currently about 7,000 points are being transferred across the network, in real-time, using the Cogent DataHub. “In the future, the additional integration of the existing or new OPC servers will be with the Cogent DataHub.”