PC-based supervisory control and data acquisition (SCADA) systems help plant personnel fix problems fast by providing quick and secure access to process data.
Access is implemented within the SCADA system by configuring built-in design tools to acquire data from industrial controllers and other devices installed at each site, and to then distribute this information to local and remote users (Figure 1 in gallery above).
With the SCADA application developed, thin clients such as PCs, smartphones and tablets can be used for local and remote access to process data.
SCADA Tools for Data Acquisition
Local and mobile access to data is a necessity for modern process operations. The first step to providing this access is gathering data from industrial controllers, motor drives and other smart devices. The tools needed to acquire, store, track and present this data are built into modern PC-based SCADA software packages, such as AutomationDirect’s Point of View.
With modern SCADA systems, there is no need to create custom code as a variety of tools are available to help with data acquisition tasks. A host of built-in graphic tools and data objects are also available to assist with collecting, storing and monitoring data such as alarms, events and process operation. Standard report worksheets are also available to allow automated report generation, and this information can be sent to a printer or saved to a file. All of these tools are native to modern PC-based SCADA software systems.
Some SCADA systems also provide the option to dynamically interface with external databases. This powerful option requires a little more knowledge beyond basic SCADA/HMI configuration, primarily a basic understating of database structures. These database options are supported by SQL, Excel and ODBC tools.
SCADA systems may also support ADO.net, which provides an intuitive, flexible and powerful interface via several standard communication technologies. ADO.net allows easy connection to variety of data sources. It supports the retrieval, handling and updating of data in sources complying with SQL Server and XML standards, as well as sources supporting technologies such as OLE DB and ODBC. ADO.net is part of a base class library included with Microsoft .NET framework. This includes a set of components that can be used to access data based on disconnected data sets and XML.
These embedded database interfaces allow the exchange of data between the process and third-party software such as enterprise resource planning (ERP), maintenance management and historian systems, all without the need for custom coding.
Once data is gathered and configured, local remote access can be implemented via a variety of methods as listed in Table 1 and described in detail below.
Table 1: Data Access Implementation Methods
- Direct via the SCADA system
- Via applications such as historians and ERP systems installed on a corporate intranet
- Via a SCADA application installed in the cloud
Modern PC-based SCADA applications offer various thin client options to view and interact with process data. Remote access can be implemented directly via the SCADA system using one or more secure viewer thin clients, each running on a dedicated PC. This option only requires installation of the secure viewer client program in each thin client PC.
These thin clients can be configured so users do not have the ability to minimize or close the SCADA screen, ensuring priority information is always visible. They are typically connected to the main SCADA PC on a local area network (LAN), and are by far the easiest to configure and most secure of all the remote access options. They are commonly used for local operator interface to the process, and are typically not connected to any network outside the LAN.
As SCADA applications expand to include historians and ERP systems, servers are typically installed on a corporate intranet. Plant or corporate IT personnel usually manage the servers as they are accessed by personnel throughout the company. These servers can store data locally, and can also upload this data to the cloud. Web-based thin clients are often used to access this information.
Web-based thin clients are very similar in appearance to secure viewer thin clients connected over a LAN, but information is viewed using a web browser instead of a dedicated application. This does require Internet Information Services (IIS) Server configuration (or similar) and knowledge of firewalls, routers, port configuration and port forwarding. Security depends on server configuration, and can range from fair to excellent. Because this remote access functionality runs within a browser, user options for access are vast, limited only to those devices capable of running a browser and connecting to the Internet.
SCADA applications can also run entirely in the cloud, and remotely connect to the control network to obtain process data. Access to this data is typically browser-based, again only limited to those devices capable of running a browser and connecting to the Internet.
These devices include PCs, tablet and smartphones. The same network configurations are required as with a web-based thin client. The SCADA system will typically use the HTML5 standard to provide cross-platform support among the wide variety of available tablets and smartphones, and access is typically restricted to alarm and trend screens due to limited screen real estate.
SCADA system software tools are readily available to provide remote access, but these connections come with some caveats related to security. Following the basis security steps listed in Table 2 and discussed below will help keep process data safe, and prevent unwanted interaction with operations.
Table 2: Remote Access Security Steps
- Limit connectivity
- Use VPNs and add encryption
- Make most, if not all, access one-way, from the SCADA to the remote user
- Limit access to only what’s required by each user
- Restrict access to specific devices
- Provide rigorous authentication for each remote device
- Require users to change passwords frequently
- For cloud implementations, vet the provider’s security procedures
The first step to security is limiting connectivity. It is important to not allow direct connectivity from the Internet to the plant’s control network, and to not allow phone lines to connect to the network as these could provide backdoor access.
Remote access also needs to be isolated from business networks. Typical tools to do this and control communication flows include intermediary networks such as Virtual Private Networks (VPNs), demilitarized zones and devices that limit communication to one-way, from the plant to the remote devices.
One-way communication protects critical process set points and control functions. Most users just need to monitor data and not control or change the process, so access should be limited to only what’s required by each person.
With a proper firewall configuration, only specific devices and ports can communicate through the firewall, blocking everything else. Rigorous authentication for each remote device can also block unwanted access. Users can employ built-in tools for authentication and authorization such as Microsoft IIS Server for web and mobile thin clients, which provides Secure Socket Layer (SSL) security certificates for encryption.
SCADA system administrators can enhance security by enforcing strong password standards including minimum length, the use of special characters, and requirements for both alpha and numeric characters. Password aging is another useful security feature as it limits longevity.
As SCADA systems move to the cloud, it’s often easier to enforce system security. Instead of plant IT personnel or often a lone person configuring and maintaining security, the cloud service provider will have a host of experts whose sole purpose is implementing, controlling and monitoring security.
Using the Connections
Remote access to process and manufacturing data via SCADA systems is one of the leading methods for getting connected to a process for control, monitoring and maintenance purposes. A well-developed SCADA application provides remote access to the data required to make quick decisions to increase production and uptime, and to reduce incidents and improve safety.
Modern PC-based SCADA applications maximize productivity, which is particularly critical in the current environment of hyper competitiveness. The ability to quickly develop and configure an object, and then easily connect this object to I/O and databases, can save a significant amount of time. Once the object is developed, it can be reused in similar applications, further increasing productivity.
In many process and manufacturing applications, remote wireless access provides the required mobility, and consequently saves time. Custom screens for monitoring and control provide a high degree of operator and technician interaction from virtually any location (Figure 2 in gallery above).
It’s essential to keep the machines and processes efficient and highly available. Modern SCADA systems can provide users, operators and engineers with continuous monitoring of vibration, temperature and other parameters to assist with equipment operations and maintenance.
Loss of production is often preceded by undue changes in pressure, flow, temperature or other variables. Remote access provides the ability to continuously monitor and quickly detect sudden changes in the process, and this information can be used to prevent costly downtime.
Remote access capabilities of the SCADA system can also be leveraged to provide real-time analysis of many different types of processes—increasing efficiency and reducing costs.