The trend towards digitalization poses a number of challenges for manufacturing companies: The individualization of products, faster product cycles and greater product diversity require, among other things, more flexibility in production at lower costs. The 'smart factory' is intended to provide the answer to this. The much-vaunted Rami model, which depicts the architecture for Industry 4.0 and the factory of the future, may be good and correct in this context, but in practice many users still find it difficult to classify a new specific task in this matrix.

From Wago's point of view, there are currently five attributes that make up a smart factory: Field signal integration, horizontal networking, cloud connectivity, cyber security and modularization. It is crucial that the transition to the smart factory can be achieved with scalable effort and a predictable ROI. However, this also means that the path to this goal and the integration of these key features can take place step by step and as required - after all, production managers themselves know best what they expect from automation and digitalization in the future.

Attribute 1: Sensor integration

The pivotal point of the digital transformation is initially the adaptation of the production process using sensor technology. Sensors are already included in the production module for automation, but for a complete digital transformation of the physical production process, components that were previously purely passive - such as a storage container, a transfer belt, a pipeline or even the product itself - must also be recorded. Wear objects such as bearings on motors and drives also need to be recorded for complete digitalization. This means that all components involved in the production process, right down to the smallest part, need to be digitally adapted.

The integration of this new multitude of different sensors in the most cost-efficient way possible is therefore a cornerstone of the digitized factory and a correspondingly great challenge. In the case of the I/O system 750 from Wago, for example, more than 500 I/O modules, 60 controllers and 40 fieldbus couplings record virtually every signal from the field level. The first step - namely the acquisition of elementary data - has thus been taken.

Attribute 2: Horizontal networking

The production process is usually divided into several manufacturing steps. In order to create an optimal process here too, all production islands involved must be networked with each other. This also enables 'module-to-module' communication, so that production islands can coordinate with each other and, if necessary, with the product without the need for the higher-level production host computer. However, this horizontal networking not only applies to the internal production process, but also to the external logistics of the manufacturing process. The supply of raw materials and also the outflow from the logistics provider must be integrated as required. In short, it must be possible to operate several clients with different communication protocols from one node.

Multicommunication lines such as those available in the PFC controllers from Wago create the prerequisites for this: For example, communication can be carried out from the controller to the upstream and downstream production islands - and also via Bluetooth to the product itself and via Ethernet TCP/IP to the higher-level production management system. All this with separate communication paths in the controller.

Attribute 3: Vertical networking

When it comes to the vertical networking of digitalized production, everyone immediately talks about cloud connectivity. In reality, however, this is far from always accepted. In particular, cloud networking on publicly available servers on the internet - i.e. a 'public cloud' - raises major concerns, as this may open up access to the production process worldwide. When vertically networking the digitalized factory, a conscious distinction should therefore be made between the open cloud application and vertical networking to external production computers that still belong to the company.

The internet structure is only used as a network through, for example, own access to own servers protected with VPN, https and other individual encryption methods and 'encryption' in the communication of private client-server topologies. This architecture, known as a 'private cloud', differs from the public cloud essentially in its server landscape and the server connection to open, rented server landscapes.

The MQTT protocol standardized in the PFC200 controller ensures a seamless connection with web and cloud services: Data can be sent securely from the field level to the cloud via this interface.

© Wago contact technology

Regardless of private or public cloud: in both cases, the focus is on vertical connectivity from the production module - across company boundaries. In the B2C business, for example, access to the servers can also be made possible for the end consumer, for example to place an order directly at the production module. By offering the option of integrated remote access, the aforementioned PFC controllers can take on the role of an IoT gateway (Internet of Things gateway). This means that in addition to the actual controller, parallel communication protocols can be integrated via which access takes place - physically via Ethernet or the mobile network, logically via MQTT.

As with horizontal networking, multi-communication access to the controller enables different clients to access the controller. This allows status information such as run/stop, connection status, device information and variables defined in the IEC program to be sent to the cloud and visualized. The variables that are to be transferred to the cloud or that are to be protected can be defined via the programming. Sensitive data does not leave the company in this way.

It is up to the user whether the controller sends the data to well-known cloud providers such as Microsoft Azure, Amazon Web Services or IBM Bluemix. In addition, connections to cloud-based third-party solutions can be implemented using the MQTT protocol as well as to the user's local servers.

With 'Cloud Data Control', Wago also offers a solution that forms the link between the elements of the real and digital worlds. It manages and monitors all PFC controllers as well as their applications and data. The cloud service is hosted on Microsoft Azure, with a web portal serving as a user interface for the user. This provides access to functions such as project, controller and user management or controller status monitoring, alarm functions and email notifications. Texts, trends, tables, diagrams, pointer elements and command buttons can be conveniently and clearly operated on a dashboard. Finally, the REST or OPC UA interface is used for application-specific solutions - for example for energy monitoring, but also for predictive maintenance applications.

Attribute 4: IT security

Wherever production data is recorded and transferred to a cloud, IT security plays a major role. And for good reason: production data is a valuable asset that requires special protection. To ward off cyber attacks, the PFC100/200 controllers, for example, feature TLS1.2 encryption (SSH, FTPS, HTPS, etc.) and offer onboard VPN functionality based on the so-called 'Strongswan Package', a secure communication solution for Linux operating systems. When communicating with a controller, an encrypted LAN/WAN connection is established, the content of which can only be understood by the two endpoints. In addition, connections are only established after authentication has taken place. Pre-shared key is an easy-to-implement encryption method in which the keys must be known to both participants prior to communication.

A VPN connection is established using the openVPN and IPsec standards. While IPsec encrypts at operating system level or layer 3, OpenVPN ensures data integrity at application level (layer 7). This creates tap-proof and tamper-proof communication connections between the controllers and the network access points. In addition, the controllers in question contain an integrated managed switch, which can be used to implement lines or redundant Ethernet connections. They also enable bandwidth limitation directly in the switch. This enables continuous integration into ring structures or a redundant connection to the network infrastructure. User management and access protocols such as HTTPS, FTPS, SNMPV3 and SSH are also integrated and ports that can be switched off, MAC whitelisting and firewalls further increase security.

The logging of all configurations on the controller provides further security. For this purpose, the controller's operating system generates system files or application-specific log files. It logs all accesses, actions and events and saves them directly on the system.

Depending on the application and risk analysis, there are different requirements for the level of a security solution. In principle, however, a few simple precautions should be taken even in less critical applications: Insecure protocols such as Telnet, http, ftp or SNMP should be avoided if possible and encrypted protocols should be preferred; ports (protocols) that are not required should be deactivated at best. Default passwords should always be changed and user roles assigned.

Attribute 5: Modularization

DIMA is a neutral software interface between the production modules and the production control system and is based on the digital description of production modules with MTP - Module Type Package - as the core element.

© Wago contact technology

Due to ever shorter product life cycles coupled with the resulting smaller quantities through to the individual production of batch size 1, production is required to react very flexibly and adaptably to this requirement - without increasing production costs. The required adaptability can only be achieved by modularizing the production process. This applies not only to the production modules, but also to the automation of the entire production process. To this end, Wago introduced the DIMA-MTP methodology in 2015, which is now on its way to international standardization.

The content is the standardization of the interface between the production modules and the higher-level production host computer. This standardization means that production modules can be exchanged without having to adapt the production host computer. The DIMA MTP concept also has a software driver for the production module, similar to replacing printers on a PC, which are immediately active for use again thanks to the standardized printer driver: The Module Type Package (MTP), which contains the digital description to the production module and is therefore the virtual description of what is physically available. In detail, the MTP describes the functions of the production module, its visual representation in the production control computer, diagnostic information and technical data. It is structured in AutomationML and is generated when the PLC is programmed - in Wago's e!Cockpit engineering tool even 'at the touch of a button'.

Embedded in the DIMA methodology, the MTP is therefore an important building block for solving the Industry 4.0 requirements for modular systems that are not only modular in design, but also modularly automated, thus laying an essential foundation for the self-sufficient, self-managing factory. Only in this way can system modules be combined flexibly and independently of the manufacturer and thus form the basis for greater flexibility and a high degree of adaptability.

Author:
Ulrich Hempen is Head of Market Management Industry & Process at Wago Kontakttechnik.

Understanding the Smart Factory

© Wago contact technology

At the Hannover Messe 2018, visitors to the Wago stand in Hall 11 can use a virtual juice factory to experience how data can be transferred from the field level to the cloud, production data can be networked across factory boundaries, value-added processes can be optimized from incoming raw materials to outgoing goods and system modules can be exchanged without any programming effort. At several technology islands, visitors can try out for themselves how easy it is to set up site-to-site communication, for example, bypassing a public cloud.