Brave new Industry 4.0 world: the possibilities opened up by modern communication technology are manifold. In industry, they range from increasing energy efficiency and needs-based maintenance to optimizing production planning. Entire production plants are expected to work more efficiently and therefore more cost-effectively. Machine condition and performance data provide important information: When do wearing parts need to be replaced before they lead to breakdowns? What is the capacity utilization of the machines? In which production lines is capacity still available? Manufacturing companies need such information in order to increase efficiency and productivity and save costs in the face of intense competition.

By connecting many machines to a cloud solution, insights can be gained into how the machines can meet the given requirements even better. At the same time, customers benefit from machine monitoring and simplified remote maintenance. Gerhard Schubert GmbH operates such a system with Grips.world. The packaging machine manufacturer presented this digital platform for the first time at last year's Interpack trade fair. The web-based platform is designed to improve internal communication and the exchange of information with customers. The main aim of Grips.world is to optimize production and keep machine efficiency at a high level over the entire service life. The platform can be accessed by Schubert Group employees as well as customers, suppliers and Schubert's TLM packaging machines. Access is gained via any web browser - regardless of the end device or operating system.

Question mark Security

It is essential to keep this in mind: With digitalization in the sensitive production area, companies must under no circumstances create gateways for cyber attacks and risk their IT security. This would not only lead to costly machine and production downtimes, but also to the loss of data and thus the loss of competitiveness.

In order to make the communication of machine information as secure as possible, Schubert System Elektronik - a subsidiary of mechanical engineering company Gerhard Schubert - has developed a new solution in collaboration with IT security specialist Genua. The so-called GS.Gate can be connected to machines regardless of the manufacturer in order to record, analyze and filter machine status and performance data and to forward it securely to monitoring systems or the cloud.

Security by design

Matthias Ochs (Managing Director of Genua), Ralf Schubert (Gerhard Schubert) and Lothar Kümmerlin (Schubert System Elektronik) presented their jointly developed GS.Gate to the public for the first time at SPS IPC Drives 2017.

© Schubert System Electronics

To achieve a high level of protection at the critical interface between machine and network, the GS.Gate is designed according to the security-by-design principle: The applications for communication with the machine and for data processing are strictly separated from the security systems that enable external communication, for example to the cloud. Machine manufacturers or operators can install applications that meet their individual requirements in one area; security systems are located in the second area. This separation extends to the operating system and hardware level. This prevents hackers from exploiting a vulnerability in an application and then leveraging the security systems.

The separate areas each have their own operating systems and dedicated hardware resources - there is no overlap here. This is made possible by a microkernel operating system that runs as the lowest level on the GS.Gate and creates the separate areas. "Only the specially hardened security systems, which are kept up to date with regular updates and protected against the latest threats, are visible to the outside world. Behind this protective shield, the data processing applications can be operated without the constant intervention of updates and patches, which always carry the risk of disruptions to the coordinated processes," explains Matthias Ochs, Managing Director of Genua.

A VPN gateway forwards the information obtained exclusively via encrypted connections to the monitoring systems or the cloud, and a firewall protects the solution from unauthorized access and malware. The gateway is administered and maintained via an integrated access point for remote access, also via encrypted connections.

In physical terms, the GS.Gate therefore offers two separate areas on compact hardware. All common controllers are connected to the basic device exclusively via Ethernet. OPC-UA or a proprietary protocol can be used as the protocol. In addition, connection to an Ethernet-based fieldbus (e.g. Profinet, Sercos, Ethercat) or the IO-Link sensor-actuator bus is possible via a corresponding device option. With the Ethernet variant, the gateway acts as a slave, with the IO-Link variant as a master. "In principle, the data is always temporarily stored on the GS.Gate. Downstream data pre-processing can be implemented on a customer-specific basis by the machine and system manufacturer using the software container we provide," explains Lothar Kümmerlin, Managing Director at Schubert System Elektronik.

Use in packaging machines

Genua also uses this separation technology for solutions in the governmental high-security sector in order to meet the requirements of confidentiality protection. This high level of security enables protected data exchange in production areas - a basic prerequisite for companies to network their machines and benefit from the advantages of Industry 4.0 described above.

The GS.Gate acts as a link between machines and the cloud. The applications for communication with the machine and for data processing are strictly separated from the security systems that enable access to the cloud.

© Schubert System Electronics

The new GS.Gate is already being used in Schubert's TLM packaging machines. This modular machine series consists of carton erecting, grouping, filling and closing machines and palletizers. Customers can put together their own individual packaging system from the sub-machines. The GS.Gate is functionally located between the packaging system and a data network. The status can be read via status LEDs and the gateway can be set to remote maintenance mode or disconnected from the Internet via a switch. The customer can write configuration data to a CFast card. The GS.Gate can be easily installed in the control cabinet of the packaging system. A remote display element is connected via CAN bus. Among other things, an LED on this indicates whether remote maintenance mode is activated.

The secure networking of TLM machines via the new digital platform opens up new possibilities. In future, all TLM machines will be equipped with the GS.Gate, which is connected to Grips.world. This will allow the operating data of each machine to be recorded and analyzed. Schubert is aiming for continuous status monitoring in real time. "Data analysis with Grips.world enables us to identify problems before they even arise. In this way, negative effects on our customers' production can be avoided," explains Marcel Kiessling, Managing Director of Sales, Service and Marketing at Schubert. "In the long term, knowing the status of the machines enables us to continuously improve the performance of our customers' machines."

Digital twins

A central element within Grips.world will be the digital twin of the machine. This is a three-dimensional image of the TLM machine that can be moved in real time using the original code of the packaging machine control system. The advantages for customers lie in accelerated design processes and shorter delivery times. At the same time, it will be possible, for example, to carry out the complete validation of a pharmaceutical machine digitally in advance. The digital twin can also be used to carry out test runs with new product formats.

Author: Bastian Beha is Marketing Manager at Schubert System Elektronik.