By Dave Harrold
, co-founder of the AFAB Group
IT ONCE WAS so simple. You bought a control system from a reputable manufacturer; it came with a real-time, no-frills proprietary operating system and a proprietary, but highly optimized, communication protocol. If you needed to share data with business systems, the manufacturer could provide a programmable gateway device.
When those pesky folks from IT heard you had a “computer” in the production unit, they stopped by and asked some questions, but once they learned it was all proprietary hardware and software, they disappeared.
Control system manufacturers charged big bucks for those systems, but they worked and worked well. Once or twice a year the manufacturer issued bug fixes and upgrades, and if users felt they needed security, they installed keypad locks on the control room doors.
But users weren’t satisfied. Microsoft had shown them a glitzier, more open world; one that promised all sorts of connectivity and application sharing; a world where users could use such things as C++ and ActiveX to create gee-whiz graphics. So, the cry went out, “We want open systems! We want our control systems to be less expensive to purchase! We want to use Microsoft!” A scant few warned, “Be careful what you ask for; you just might get it,” but their pleas were blown away by the winds of change.
Control systems are now “open.” They use Microsoft’s operating systems and Ethernet communications, and users can mix and match all sorts of devices and applications from many suppliers.
You also get to decide if this week’s batch of patches from Microsoft should be installed. You get to set up and manage all sorts of administrative and security controls, including virus and intrusion protection. You even get to become intimate with things like Active Directory, OPC, servers, firewalls, routing and switching, and much more.
And, just when you think you’ve got your arms around all this, here come those IT folks asking questions—a lot of questions. As soon as they learn you’re using commercial, off-the-shelf hardware and software, they begin explaining corporate IT policies regarding anti-virus software, firewall configuration, disabling default accounts, auto-logoff, and a boatload of other mind-numbing practices required to use open systems in your company.
Dennis Brandl, chairman of the SP95 committee and founder of BR&L Consulting, Cary, N.C., says, “The problems escalated when Microsoft removed support for NT. Now, all of the Windows systems use the same Active Directory structure, and it’s been optimized for office workers. Companies are finding their strategies falling apart when a separate security and management domain is required for production units.”
Roger Manternach, a senior engineer with systems integrator Cornerstone Controls, Cincinnati, Ohio, adds, “The emphasis on achieving good process control is unfortunately being replaced with a need to keep open control systems secure and in compliance with corporate IT policies. No longer do automation engineers spend their day working with operators and process engineers to improve process quality, reduce bottlenecks and optimize the process. Automation engineers have morphed into the ‘plant IT guys.’ ”
So, is it possible to juggle the duties of plant IT guy and automation engineer?
FIGURE 1: MULTI-LAYER NETWORK COMMUNICATION ACCESS
Many large-scale LANs use the network communication access structure shown on the left. On the right, the communication access layers have been reconfigured to retain maximum network uptime and minimized unnecessary network traffic, while adding the real-time response requirements required by instrumentation, control and automation equipment.
Talking and Listening…Really
Sometimes IT issues aren’t so much technical as they’re cultural. Many books explain the value a company can reap by encouraging cooperation across domains. Though some companies are slow to subscribe to such beliefs, Dick Hill, vice president and general manager of ARC Advisory Group, Dedham, Mass., reports more companies are, at least in the area of IT, successfully changing their culture and integrating domains.
“We’re encouraged to see an increasing number of enlightened companies recognizing the benefits of integrating plant IT and enterprise IT into the same department under a common boss,” says Hill. “These companies realize that when people are in the same department and have the same boss, they talk more frequently, they’re more willing to listen to a peer’s explanation of needs, and they’re more likely to work together to develop an appropriate and workable outcome.”
Johan Nye, control systems chief engineer at ExxonMobil, Irvine, Tex., also explains the benefits of plant-enterprise integration. “ExxonMobil is transitioning from proprietary to open digital control, and we’re learning to manage security risks as an integral part of our process control practices. In addition to the technical factors, we’re addressing policy and people aspects, including integrating security into our safety and reliability policies. For instance, the first security priority of enterprise IT systems is usually the data, which often is best protected by shutting down access, but that’s certainly not an appropriate solution for a process control system. It’s fundamental that everyone understands that we’re talking about a process control system that uses IT—not an IT system that does process control. It’s not about protecting the data. It’s about protecting the process.”