Logiccloud
The PLC in the cloud
Can a PLC be distributed to fog or cloud computers anywhere in the network and used as a smart service via a pay-per-use billing model? The implementation of the technology in a corresponding product is in progress.
The digitalization of production is also having a major impact on automation technology. In particular, the use of cloud computing and the application of the service paradigm will significantly change the underlying technology. Traditional automation systems, which are structured according to the familiar ANSI/ISA-95 hierarchy levels of production automation, will not meet the new requirements. Looking at the requirements of ubiquitous networking, cloud computing and the service paradigm, it becomes clear that the CPS-based automation model in particular, as shown in Figure 1, largely meets the requirements.
It therefore seems sensible to use this architecture as the basis for future developments. The model was developed in 2012/13 in a working group of the VDI/VDE Society for Measurement and Automation Technology and consistently relies on the distribution of all functions at all levels of the automation pyramid as services in a domain-oriented network structure (cloud). As real automation devices, only the sensors and actuators remain as CPS components in the technical process. The previous concepts and solutions for implementing the model in Figure 1 in the real-time control level (Level 2) have so far only been demonstrated for prototypical individual control systems. Concepts for implementing these solutions for a highly scalable, reliable and secure cloud-based automation environment are not yet available.
The Logiccloud concept
This article therefore deals with a concept for a scalable and safe PLC from the cloud with dynamic resource pools that can implement essential control functionalities in accordance with IEC 61131-3 under non-critical real-time conditions, over 50 ms.
In terms of Industry 4.0 and the Industrial Internet, the concept of a PLC from the cloud assumes that web technologies form the technical basis. On the web, as a global computer network, there are basically two types of network computers available: server computers, which provide IT entities (objects, services, programs, data) and can also execute them, and client computers, which merely execute IT entities.
The working principle in this server/client computer network is the client-server principle. This means that a client must first make a request so that an IT entity can be executed on the server. This means that application-related IT units in the server cannot (automatically) become active on their own. The client is usually a web browser on the client computer. However, this can also be another client component.
If we consider any application-specific functional system - such as a control system - that is implemented using web technology, the models shown in Figure 2 result for the execution (RUN) of this system:
(a) The functional system is only stored on the server and is only executed there. The execution of the system on the server is started by the
client (server mode).
b) The functional system is stored on the server and is loaded into the client via a request. The system is only executed in client mode (client mode).
c) The functional system is stored on the server and components of the functional system are also executed on the server. Additional components are loaded into the client via a request and executed there. The execution of the system components in the server is started by the client (mixed mode).
In all three cases, the functional system can be distributed across several servers (cloud) or several clients. In terms of automatic and simple scalability with dynamic resources, the server mode according to Fig. 2a plays a particularly important role, as various tools already exist for this in the web sector, such as container technologies.
The Logiccloud concept is based on this basic structure. This results in the basic component structure of a PLC from the cloud shown in Figure 3.
The server (cloud) contains n software instances of a PLC controller on which different IEC 61131-3 control programs can be executed. Each controller instance is connected to a real automation device - sensors, actuators - via suitable network protocols (MQTT, OPC UA). The automation devices are structured as CPS components according to the model shown in Figure 1 and contain a corresponding IP connector or a gateway for communication with the control instance. The control instances are managed and operated via the web browser (client).
Observe real-time conditions
Figure 3: The basic component structure of a PLC from the cloud according to the server mode model (Figure 2a)
© LogiccloudThe fundamental problem for a practicable and industry-compatible implementation of the structure shown in Figure 3 is to create a way of actually managing and operating n control instances with m automation devices and p control programs distributed across the network on different nodes (fog or cloud nodes). Real-time conditions, reliability and security must be taken into account. Figure 4 shows the backend architecture developed in the project and based on the structure shown in Figure 3 for a PLC from the cloud, which is currently being further developed into a market-ready variant under the name Logiccloud. The architecture consists of five main components:
System administration: This includes Identity & Access Management, Device & Location Management and all functions for service-based billing.
Runtimes: The Runtimes component contains all services that are used at runtime in Logiccloud, such as PLC runtime logic, I/O runtime and I/O connectors.
Library services: This component provides services that are used in the design and runtime processes, such as the IEC 61131-3 program compiler or function library management.
Cluster infrastructure: This is the backbone of the entire control cluster and provides tools for the operation of the entire system. This includes the database, the certificate manager, the caching and communication infrastructure.
System monitoring: It is responsible for collecting metrics and logs from the infrastructure and provides means to visualize system performance or health.
The properties of the PLC control instances are essentially determined by the two components Runtimes and Library Services.
The runtimes
In a cloud-based automation architecture - a Cyber Physical Production System (CPPS) - data, services and functions are stored, retrieved and executed where they are most advantageous in terms of flexible and efficient development and production. Services, data and hardware components can be distributed to any number of nodes in a network and form functional modules that make up the automation system. The aim is to create globally networked and distributed systems that, in principle, allow any communication paths across all factory levels. For this purpose, the Runtimes component includes the subsystems shown in Figure 5 in particular. The PLC Runtime subsystem is responsible for processing the IEC 61131 control program. It mainly works in cycle mode and uses the I/O Broker subsystem to convert I/O input images into I/O output images. Communication with the physical automation devices takes place via the I/O Connectors subsystem. The Runtimes component also contains a simulation subsystem that can be used to test a PLC program without real I/O signals. A Digital Twin subsystem is also planned for the future, with which virtual models can be connected as an image of the actual physical reality based on the I/O images of the I/O runtime. All subsystems of the runtime component are designed as services.
The library services
The Library Services shown in Figure 6 are also an important component for the Logiccloud PLC.
The core elements of the Library Services are the PLC program compilers for various IEC 61131-3 programming languages and function library management in order to be able to use function libraries in the control programs. A Digital Twin Mapper for connecting 3D models to the PLC runtime and a Logiccloud marketplace (Market Place Services) for integrating third-party components are also planned. The backend architecture shown in Figure 4 is overlaid with a
Logiccloud portal, which the user can use as an application environment (front end) for engineering, management and operation.
Implementation and evaluation
The Logiccloud concept is based on state-of-the-art web technologies. These include:
Container technology with Kubernetes for the automated and arbitrary distribution of control instances to various network nodes; JavaScript and C/C++ for backend programming; HTML5 and responsive design for the frontend portal.
In addition, the implementation uses various open source tools such as Keycloak for system security, Grafana and Prometheus for analytics, logging and metrics.
All functionalities in the Logiccloud system are implemented as microservices and can be flexibly expanded. The Logiccloud portal offers the creation of PLC projects and control programs in the IEC 61131-3 languages ST, LD, SFC and FBS as part of an integrated development environment (PLC IDE).
Safety-oriented implementation
In addition to the real-time capability of the PLC instances, particular attention is paid to their security, reliability and safety during implementation.
In terms of security mechanisms, the implementation takes into account the fundamental threats and risks identified in the Open Web Application Security Project. The Logiccloud system is therefore designed with security in mind from the outset and uses standard technologies such as Oauth2 with 2FA, granular role- and authorization-based access control, encrypted communication and runtime isolation within the Kubernetes cluster. In addition, automatic anomaly detection is integrated to identify and prevent a large number of attacks on the platform.
A number of measures are available to ensure the reliability of the running SPS instances. These include caching mechanisms for runtime and I/O images, synchronization mechanisms to quickly replace a faulty PLC runtime instance, permanent monitoring of the infrastructure using self-healing capabilities and the provision of an additional resource pool that can serve as a buffer in emergencies.
Each PLC instance controls real physical automation devices and must be reliably connected to them via the network - intranet or internet. However, the system cannot intercept network connection problems, but some countermeasures are provided to ensure machine safety in particular. For example, the planned use of redundant or hybrid network connections with fast failover; the relocation of local PLC instances to the edge; the introduction of watchdog and ping signals to detect power failures and the generation of warnings in the event of abnormal behavior, such as increased latency times.
Ultimately, however, the user of such a control system must carry out a risk analysis in relation to the technical process to be controlled and define its requirements.
Logiccloud will be developed into a complete control product over the course of 2022 and will be available to the first industrial users from the end of 2022. Interested parties can find out about the status of the work on the logiccloud.com website.
Who is behind Logiccloud?
The roots of Logiccloud go back to a research project by Prof. Reinhard Langmann at Düsseldorf University of Applied Sciences in 2014. The project was dedicated to the approach of a virtualized PLC in the cloud. The ZVEI was also involved in the project, of which Bernhard Böhrer, then Managing Director and shareholder of WEBfactory, was a member of the board of the Automation Research Association. Bernhard Böhrer continued to pursue the idea of virtualized PLCs and founded Logiccloud AG in 2021, which he has headed up as CEO ever since. The company currently consists of six employees with many years of experience in automation and software development. The aim of the young company is to use Logiccloud to provide a cloud platform for industrial control systems, the "PLC from the cloud". Market entry with a product ready for series production is planned for November 2022.




















