Distributed Control

IT Tools Elevate DCS Capabilities

Fewer Rivalries and Better Collaboration Are Allowing Distributed Processes to Apply More IT-Based Expertise, Software and Networking to Streamline Operations—and May Even Enable More BYOD, If Security Can Be Maintained

By Jim Montague

There's an inevitable progression when process applications and their distributed control systems (DCSs) get their first fieldbus connections, Ethernet ports and Internet protocol (IP) addresses—and they all move toward information technology (IT) and its debatable focus on authentication over uptime. Luckily, despite past prejudices and rivalries, there are many useful tools and friends in IT, who can help DCSs take advantage of their increasingly broad and mobile network ties and Internet links.

For instance, Byworth Boilers in Keighley, U.K., builds industrial steam and hot-water boilers and accessories, including its Unity intelligent boiler-house control system. The company recently sought to improve its controls by reconsidering a boiler as one complex process, which could be better controlled as a single system, instead of depending on several, discrete, standalone controllers for each loop, such as water-level maintenance. Combined with improved sensors to improve control quality, Byworth reports its unified approach to control allows all critical loops and discrete measurements to be combined to produce a holistic system with cross-coupled and feed-forward actions, which produces optimized boiler control at all times, regardless of external variables and disturbances.

To achieve its single-control vision and adopt the most useful control hardware, functional specification, software design and initial commissioning, Byworth evaluated several supporting control systems, and selected ABB's Freelance because of its DCS-structured, all-in-one database for control and graphical display, compact size, ease of programming and lower cost, and then integrated the new DCS into its own functional control system design (Figure 1). So instead of the usual, fragmented PLC/SCADA solution, Byworth implemented multiple Freelance controllers, usually one per boiler, and then integrated them into its boiler-house system by duplicating Freelance's system code and making slight changes needed by particular boilers. No master supervisory controller is needed because ABB's network connection between controllers provides one system view from any control position.

Also Read: Mission possible: Control and IT integration

Freelance and Unity's system consists of a Freelance 2013: PM 783F controller running on a 2-MB central processing unit, as well as two DC 732F digital I/O modules, one AI 723F analog input module, one AX 722F analog I/O module and Control Builder F Professional software with DigiVis process visualization. Also, a touchscreen PC is used for local display and operations.

"Current integrated systems simply aren't using the data they collect in an effective manner," says Jason Atkinson, Byworth's control system developer. "With Unity, we thought about how all of these discrete signals can be brought together and made to work in a user-friendly system that's far greater than the sum of its parts. What we're offering is a boiler house that makes intelligent decisions based on multiple pieces of information."

As a result, Unity operators can view boiler-house data analyses and trends relating to many values from a central user interface, built-in touchscreen, or remotely via PCs, tablet PCs or smartphones. These values include Byworth's boiler and manifold pressures, boiler water levels and conductivity, hot-well levels and temperatures, blowdown temperatures, flue temperature and gas analysis, and other ancillary values, depending on boiler configuration.

In addition, all alarms and tests conducted are logged and can be exported to a printer if required, while a straightforward traffic-light warning system alerts users to any changes in plant conditions and draws focus to areas requiring attention or adjustments.

Atkinson adds this comprehensive, joined-up approach to managing multiple processes gives Unity a unique advantage over other control systems, which typically employ third-party applications to control each aspect of the boiler house. Also, several options are available to connect Unity remotely by local area network (LAN) or wide area network (WAN), or more recently, via 3G connectivity. These links help Unity to quickly integrate into machine-to-machine (M2M) architectures, which allows more productive service visits via predictive maintenance and pre-accessing problems as they develop, as well as avoiding expensive, unplanned downtime and costly, energy-wasting, abnormal running conditions.

"There's a need to continuously increase productivity, move equipment closer to processes for better quality and cost effectiveness, and locate people further away from processes for safety, reduced costs and greater efficiency," says Bernhard Eschelmann, technology manager of ABB's process automation division. "The impact of these goals drive advances in fieldbus and wireless communications; improve cybersecurity; integrate horizontal and vertical systems and automation and electrical applications; enhance operator efficiency in central control rooms with remotely integrated operations; improve value-added functionality such as analyzing data from control systems; and increase uptime by using remote access, diagnostics, services and asset management.

"So, control may be found on any one or multiple levels, such as drives, controllers, server and smart fieldbus devices, depending on their time, safety and availability requirements. However, there's still a requirement to separate critical process control from IT, but simultaneously more data needs to be provided to the IT environment in a secure way, so more components like routers/switchers, will require IT knowledge at the control level."

Cooperation Cures Misunderstandings

Of course, the improvements in Byworth's boilers are directly assisted by mainstream, IT-supported data processing, networking and software, and these gains are indirectly aided by better working relationships between plant-floor and IT personnel and closer ties among the systems and networks they use.
"There are still big chasms between IT and automation infrastructures, but they're getting smaller because today's DCSs have more commercial, off-the-shelf (COTS) hardware and software than ever. And because COTS comes from the IT space, more IT is getting into the control world," says Peter Martin, vice president of business value consulting at Schneider Electric and a member of Control's Process Automation Hall of Fame. "In fact, the physical platforms used by process control systems (PCSs) are close to becoming indistinguishable from their IT counterparts.

Plant-floor SCADA systems used in PCSs look just like a lot of business hardware and software. So the opportunity now is less integrating two sides because technology has already brought them together, but more rethinking their remaining functional separations. IT is based on business transactions and human-scale schedules, but plant-floor control and computing is based on real-time timeframes relative to processes being controlled. What needed is for IT and automation to be less enamored of new technologies like the cloud, big data and the Internet of Things, and concentrate on specific problems they can solve with them."

Claudio Fayad, marketing director for DeltaV and DeltaV SIS at Emerson Process Management, reports that, "Process control got the IT world's attention when we began using Ethernet and then wireless, but IT and automation soon realized that process applications require different policies than the current IT policies since, for instance, they can't be routinely stopped for software patching. We test patches at Emerson, determine which are critical and which can wait, and work with users to apply them based on their schedules, required latency and service levels. Now the big push is in monitoring networks for threats, so users also need to have the right permissions. So we think the control side won't be invaded by IT, but instead we'll have more IT-friendly capabilities on the plant floor, such as providing reports showing that all users have passwords, or confirming IP addresses for all connected devices. In fact, DeltaV already locks all unused ports, controls MAC addresses and registers workstations on a database according to predefined assignments. Also, our year-old DeltaV firewall contains automation oriented firmware, so it and its users can pick only the servers and communications that they want to exchange data with, document activity, and set up alerts and alarms."

Mark Wylie, global vertical marketing manager at Belden, agrees that IT and controls have converged around Ethernet, but each still retains different priorities. Control systems protect the availability of their processes, but IT protects confidentiality and data integrity. So what they're trying to develop now are hybrid experts that can speak to both worlds, manage their requirements and priorities, and develop well-planned Ethernet networks that can use the strengths of both sides."

Collaboration + Cloud = Efficiency

Similarly, many recent innovations can also help distributed control applications maximize the benefits of cooperation between IT and the plant floor. "There's stronger integration between process control and IT now, but it's still very different than what goes on in the traditional IT world," says Jack Gregg, director of Experion product marketing at Honeywell Process Solutions. "And the latest technical innovations, like virtualized computing and cloud-based engineering, are integrating us even closer. Honeywell and our customers are executing many projects in the cloud. In the past, control engineering work had to be done in one place, but with the cloud, we can work and collaborate from wherever we're at, which also means we can leverage resources anywhere in the world."

Gregg explains that Honeywell and its clients use its cloud-based Virtual Engineering Platform (VEP), which lets users perform design and engineering tasks in a simulated, design-independent environment. This is accomplished by separating physical design and functional design. The functional design can be performed in the cloud or VEP, while the physical design is completed separately, and evolves through the project. "This means functional design engineers can see simulated in the cloud all the displays, I/O points, controls and software they're going to use, and it behaves like the dedicated controls their systems will actually employ later," says Gregg. "So instead of spending a year on a traditional factory acceptance test (FAT), many engineers can now do it in a virtual environment and wait to order hardware until later in their job, which gives them a lot more flexibility and means they won't have to refresh equipment as soon."

Gregg adds that IT staffs understand that patch management is key to a secure and reliable control system, and so  tools that help the to deploy software patches safely on the plant floor are crucial. Honeywell's control system patching tool assist in this area by checking that all nodes on a network are up to date, and then applies patches where needed. Honeywell also introduced its Secure Communications capabilities option this past April, which provides encrypted communications between control system nodes, preventing intruders from seeing what users are doing on their networks and stops man-in-the-middle attacks as well. "This is a control system perspective with an IT hat on," says Gregg. "Our technologies are evolving toward virtualization and the cloud. However, to apply them to process controls, safety and security have to be accounted for, risks assessed and addressed, and not just handled afterwards."

Streamlining Longer-Distance Links

Besides cozying up to IT systems in individual process applications and facilities, some DCSs are using their new and improved relations with IT to cooperate on aiding more remote functions. For example, the Summail Gas Plant in the Kurdistan region of Iraq is being developed for power generation by DNO International in Oslo, Norway, which holds stakes in oil and gas blocks in various stages of exploration, development and production in Kurdistan, Yemen, Oman, United Arab Emirates (UAE), Tunisia and Somaliland. Raw wellhead gas is processed to remove toxic gases and moisture content, and a high-capacity compressor builds up the gas pressure required to fuel its power station.

DNO uses an integrated control and safety system at the Summail plant, which includes process controls, emergency shutdown, fire and gas detection and alarm annunciation systems, and a fully redundant SCADA server. However, as part of new factory acceptance test (FAT) requirements, the plant's engineers recently learned that safety and control components from HIMA and Rockwell Automation, respectively, needed to communicate to exchange critical information.

Consequently, system integrator ANG Automation Solutions in Dubai, UAE, suggested using eWon's Flexy modular M2M routers for remote access and PLC programming, protocol conversion, SMS alarms to field engineers and daily reporting to DNO's headquarters. Because it can link up and exchange data regardless of the protocols used by the devices it's connecting, Flexy routers were installed and fine-tuned by ANG in several cabinets before they were shipped to the Summail plant. Functioning as a Modbus TCP gateway, three Flexy 201 base modules were used for communication between the HIMA and Rockwell Automation PLCs, and one Flexy 201 base module with a WAN extension card provided remote access, support and troubleshooting from the plant in Iraq to the company's headquarters in Dubai (Figure 2). Combining a WAN card and Flexy gave the main office remote access to its LAN network, including PLC programming, emergency shutdown system, SCADA software and modifications.

Balaji Vedanarayanan, ANG's managing director, reports that eWon's solution was seven times less expensive than a standard system using a gateway and VPN server. "So we were more than happy to take eWon into an oil and gas application," added Vedanarayanan.

Bring Your Own—Securely

Because smartphones and tablet PCs have invaded every area of mainstream life, they're also inevitably showing up in many process facilities. However, the presence of BYOD handhelds is usually tightly regulated to avoid unauthorized communications and access, and the potential for intrusions and data loss.

"Many businesses allow employees to bring personal devices to work and link to their corporate networks, but we're not seeing much of this in the process industries. Most of the BYODs we're seeing are dedicated, secure, point-to-point devices, such as companies giving out tablet PCs, but requiring them to be tied securely to the firm's secure server, and only allowing them to be used for  company business," says Roy Tanner, global marketing manager for 800xA distributed control platform at ABB. "We have heard of some smaller sites and system integrators that use 800xA on their tablets via VPN connection, but these should have at least three to six layers of protection, and probably still shouldn't allow access to control functions. Just like in Jurassic Park, "Nature will find a way," in this case to have control via BYOD and virtualized computing, but they'll first have to prove they have the right security layers in place. For instance, ABB Tropos wireless communications can put different security levels and priorities on different virtual local area networks (VLANs), so users can have different VLAN for controls, video, guests and other functions, and this make it easier to secure multiple devices."

Once security is achieved and maintained, Tanner adds that ABB can display KPIs in a 3D format on 800xA's collaboration table, on energy-harvesting wireless instruments, or on augmented-reality interfaces such as tablet PCs or Google Glass that overlay value-added information onto existing display images.