Controllers, especially PLC controllers, have always formed an essential technical basis for the automation of industrial processes. Even in the age of Industry 4.0 (I4.0) and the Industrial Internet, it can be assumed that these will continue to be needed for the production automation of tomorrow. However, they must be adapted to I4.0 production conditions. What is this about in detail? Industry 4.0 is synonymous with highly networked production systems based on Cyber Physical Systems (CPS), which are also referred to as Cyber Physical Production Systems (CPPS) in this context. These must fulfill the following conditions:

• Networking in local and global networks
• Overcoming the strong information encapsulation of control systems
• Introduction of the service paradigm in production automation (production services)
• Autonomy, reconfigurability and agility (plug & work)
• Interoperability between heterogeneous control systems
• Dynamic changeability of dependencies at runtime
• Use of models to develop 'higher-level' control approaches
• Orchestration of heterogeneous control systems.

Most of today's PLC control systems cannot fulfill these requirements, or can only do so in a rudimentary way or with extremely high effort. Why is this the case? Due to their historical development, programmable logic controllers are designed as proprietary device systems that are operated locally under real-time conditions. If these controllers need to be networked from the user's point of view, proprietary or standardized TCP/IP protocols are also used. This means that standard technologies from the internet and the web have hardly played a role in PLC controllers to date. However, a change has been taking place for some years now and PLC manufacturers are increasingly integrating ICT technologies from the web world into their systems.

Different approaches for a cloud PLC

Figure 1: Cloud-based machine tool control according to piCASSO: The machine's local actuators and sensors are connected to the cloud via the 'active network bridge'. This takes over the coupling of the non-real-time with the real-time inside the machine.

© University of Stuttgart

From today's perspective, it no longer seems impossible that time-critical and mission-critical functions will also be outsourced to an industrial cloud in the future. For example, the IT encapsulation of the control functionality must be removed. This means that control functions and/or control components are separated from the classic PLC as software objects. Only in this way can the controller function as a software instance in a cloud and also intervene online and with maximum flexibility at the process-related levels (control, regulation). Current research projects are pursuing two different approaches here:

• Relocation of a classic PLC as a virtualized control system to a cloud
• and relocation of the control programs/algorithms as services in a cloud.

In principle, both approaches take into account that control programs are usually created in accordance with the IEC 61131-3 standard. The reason for this is that the industry currently only accepts control systems from the cloud if the engineering is also carried out in accordance with industry standards.

The approach of virtualizing a PLC in the cloud includes the piCASSO project, which is coordinated by the University of Stuttgart (Figure 1).

Virtualization of a PLC in the cloud

A scalable control platform for cyber-physical systems in industrial production is being researched. In this context, virtualization means that a classic soft PLC no longer runs directly on a computer. Instead, there are a number of virtual machines (virtual computers) within a server, each of which can run a soft PLC. The control platform implemented in piCASSO offers scalable computing power that is automatically made available depending on the complexity of the algorithms. The main focus of the research is on the strict requirements of production technology such as real-time capability, availability and safety. Robots and production systems that are controlled via the cloud serve as demonstration objects for the project results.

In this approach, the machine's local actuators and sensors are connected to the cloud via an 'active network bridge'. This network component establishes the connection between the real-time-capable network inside the machine and the non-real-time-capable environment. Active here means that real-time relevant calculations - such as the execution of control algorithms - do not take place in the cloud, but in the network bridge itself. On the other hand, the data for higher-level methods, evaluations or real-time simulations is transferred to the cloud.

Although a classic software PLC - Codesys, for example - can run as a virtualized controller in the cloud, networking and a lack of compatibility with the web world are problematic, as it was originally developed as a closed system and not as an Internet service. It is virtually impossible for third parties to intervene in, modify or extend these control systems. In other words, functionalities or control algorithms cannot be extracted as services, or only with difficulty. In addition, complex virtual machines are required, which are only available as complete platforms (operating system and all associated components for a virtual computer) and cannot be instantiated and used as 'lightweight' web objects. Another disadvantage is that virtualization in principle does not support the service paradigm and therefore does not have the flexibility of the service-oriented architecture (SOA) that is widely used in the web world.

However, the advantages of virtualization lie precisely in the fact that real-time behavior can be achieved by designing the operating systems for the virtual machines accordingly. This is achieved, for example, by extending the LinuxRT real-time operating system with cloud computing mechanisms and methods for instantiating multiple control kernels.

Controls as a service from the cloud

The CICS (Cloud-based Industrial Control Services) project was launched in 2014 with the aim of using industrial control programs in accordance with IEC 61131 as a service from a cloud. The project is coordinated by Düsseldorf University of Applied Sciences and the University of Augsburg in collaboration with the Fraunhofer Institute for Embedded Systems and Communication Technology ESK. In contrast to the virtualization of classic PLC control systems, the CICS concept is developing a new PLC based on web technologies. The CICS architecture model is essentially based on two prerequisites:

• Based on a classic PLC, a CICS controller consists of the components control program (CICS Program), runtime (CICS Runtime) and I/O configuration (CICS Router). These components can be distributed as services in the network according to demand and application.
• Various models for implementing this architecture are based on web technologies.

This results in two server-based and two client-based implementations of a CICS controller with the advantage of service capability. As an abbreviated explanation, only two solutions are explained here:

In the client-based solution, the cloud is only used to manage the CICS controller services. The complete PLC runs in the client (web browser) as a service instance. Process data communication to the automation devices takes place directly between the client and the device - without the involvement of the cloud.

In a server-client mixed solution, the CICS runtime is executed in the cloud in the form of instantiable services, while the I/O configuration runs as a CICS router instance in the client. Here too, process data communication takes place directly between the client and the automation device, although the I/O image of the PLC is also transferred to the cloud via a block channel between the client and the runtime instance.

Both exemplary solutions offer the advantage of extremely high flexibility during runtime (changeability). The required service paradigm can be fully implemented down to the level of the control algorithms and I/O configuration. One disadvantage at present is that all components of a CICS controller - including the PLC runtime - run in a JavaScript environment that is not real-time capable. However, this will be relativized in the future by the availability of deterministic IP networks, real-time web browsers and corresponding real-time operating systems in the cloud.

Connectivity in the cloud

A cloud PLC requires a reliable bidirectional connection to the field level in both cyclical and event-driven operation. In future, this can be largely deterministic within a private cloud via TSN (Time Sensitive Networks), depending on the configuration of the local server infrastructure. If a public cloud - i.e. an external cloud provider - is used, expensive and inflexible multiprotocol label switching (MPLS) must be used as things stand today. The cost of an MPLS link between two companies is more than ten times the cost of a corresponding broadband Internet connection. MPLS is a connection-oriented transmission in which the packets to be transmitted take a fixed route within a provider's network with the help of so-called labels. This means that, in contrast to the connectionless Internet, an MPLS link must be switched between two partners before communication can take place. Depending on the provider and the capabilities of the routers, this can involve a certain amount of effort. A change in a link or the addition of participants to an MPLS VPN requires the provider to intervene in its network. In this way, MPLS guarantees the required QoS (Quality of Service), i.e. a defined bandwidth and latency. In future, SDN (Software Defined Networks) and corresponding MNS (Managed Network Services) will make this much simpler, more flexible and more cost-effective.

If the requirements for deterministic IP-based communication are met, two different transport mechanisms come into play: TCP and UDP. While a wide variety of application protocols based on these (including the common M2M protocols) are used in virtualized control systems, service-oriented cloud PLCs focus on protocols that are supported by every common web browser or JavaScript-based application server such as node.js. Appropriate gateways are then used to build a bridge to classic industrial protocols if required.

Figure 2: Round trip times for different web protocols and browsers.

© CCAD / Fraunhofer ESK

For example, the CICS project primarily relies on WebSocket in conjunction with JSON, while WebRTC is an alternative. While WebSocket is based on TCP, WebRTC uses UDP. Both have their specific advantages and disadvantages in terms of performance and security. As one participant establishes a direct connection to the other participant in WebSocket, this participant must also be accessible from the outside in a public cloud scenario. With WebRTC, on the other hand, both participants first establish a connection with a signaling server and then connect directly. This means that none of the participants need to be directly accessible from outside. Studies on round trip time (RTT) show that WebRTC is superior to the WebSocket protocol, partly due to shorter connection set-up times and a more efficient security layer (Fig. 2).

Since process data transmission and video/audio streaming are possible simultaneously via WebRTC, service-oriented control systems can be easily coupled with real-time image recognition services in the future, which could lead to completely new low-cost applications. One example is telemetry applications in which the automatic recognition of the scenario does not take place on site but on powerful servers and a mobile robot is controlled using this. IoT applications are also conceivable in which video/audio information is transmitted in addition to other sensor information in order to analyze the respective environments in real time.

The challenges ahead

Even if it is unanimously agreed that service-oriented architectures play a special role as a new technology in the world of automation and therefore also in Industry 4.0, the introduction of the service paradigm in control technology poses a particular challenge. In addition to suitable engineering tools, new business models for the use of cloud computing control systems are particularly important. This includes, for example, being able to rent out control functions and algorithms on a time-related basis in the future (control as a service). Many devices, machines and systems that are equipped with control systems do not work around the clock, but only for a limited period of time. By eliminating hardware controls, investment costs can be converted into ongoing operating costs, which can often be much more economical for the operator. In short: familiar service business models from the IT world could certainly also be used for cloud control in the future after appropriate adaptation.

With regard to PLC control systems, the first use cases for the use of complete control systems as a service from the cloud can be expected in around two years' time and for the use of control algorithms as 'software as a service' probably from 2020.

Authors:
Reinhard Langmann is a professor at Düsseldorf University of Applied Sciences in the field of automation technology;
Michael Stiller is a research associate at the Fraunhofer Institute for Embedded Systems and Communication Technology ESK.