IT Dept vs Engineering

[MarkTTU]

As one who came from IT into control engineering I can tell you that under no circumstances do you want IT to take away control. There are times when you'll need to co-exist with IT, but when these times happen IT needs to be aware that the printer not working and the plant not working really do have very different priority levels.

We're a small company so I get the unique situation of being both controls engineer and the IT guy; problem solved.
When we've hired part timers, etc to help out with IT I always break down the expected up-time for the entire system (including all things IT, even the printers) into real time. I tell them that 99.9% uptime is easy to achieve and 99.99% uptime is the goal; somewhere in between is reality. At 99.9% uptime you are down 10 minutes every week; at 99.99% uptime you are down 1 minute every week; keep in mind a computer takes more than 1 minute to boot up. I then ask them if they still think a change that should take 10-15 minutes, but if it goes wrong could take 2-12 hours is no big deal. They usually answer no; they always answer no if I put a $/minute into their head for downtime.

 

[Contr_Conn]

I recenly had ControlNet discussion with one of our customers.
New HMIs added and CNB traffic significantly increased.
He was not sure if he needs to run another ControlNet cable or just add another CNB.
When I asked:
"what if you put all HMIs on the Ethernet?" - he smiled and said:
"I will run 3 controlNet cables if I have to, but I will keep my IT out of controls! As soon as I install Ethernet switch, IT will try to own it!"

 

[Steve Bailey]

I wonder if they speak as highly of us on the IT forums, assuming that there are such things.

 

[dale1627]

This thread makes me appreciate our plant IT people a whole lot more. Our maint shop used to have to make patch cords- IT convinced management that it makes alot more sense to purchase. We used to fix printers- IT hired a good tech. IT doesn't even want to know about the few PLC's that reside on the network for data acquisition. They just give me an IP address and ignore them. They don't understand them except for what I've shown them. Even asked if we wanted to set up our own network on some spare fiber. Said no because we don't need much. They gave me administrative rights on my account so I can install/remove software on our shop's pc's. Plus I help them at times troubleshooting and they help me at times. Would be miserable to be in most of your shoes.
One lesson I learned while in the Marines, have as many friends in as many departments as possible. Oh, and by the way. Steve (IT guy) if you're tracking my internet usage, have a nice day.
Dale

 

[tom_stalcup]

We currently have our own separate ad-hoc network for our plc's and hmi's.... But the new line we are putting in next month is all going on switches belonging to the plant IT department. Fortunately, with the exception of them owning the switches, everything else is being handed over to the company engineering dept, so the IT involvement is pretty limited... And the switches involved are going on the other side of a firewall from the IT dept switches.


And a nod to Ron from the older thread that was linked...... We have ordered two "Rockwell programming devices" over the last five years, in order to get what we needed without having to use the IT approved items(and their security requirements)

 

[harryting]

This thread or something like it should be made a STICKY!

Boy, everytime I hear about thing like this, memories of old and new wound rushes back.

I can't say too much due my current situation. But worse than IT, who just handle PCs are corporate programming department. Who think they can just write a little "Visual Basic" applet to do everything a PLC does. So what happens when S**T happens? "Oh, just call IT helpdesk". W T F

The best thing one can do is draw a line at the plant boundry. Run your OWN server if needed be to handle MES function. For really large place, have an IT that reports to control guys (.. I know.. in my dream)

 

[leitmotif]

Couple thoughts
1. On this site I see many "how come my PLC won't talk,,,,,,,," Maybe 30% ??
2. The more connections the more potential problems.
3. Nothing is foolproof. Nothing is hacker proof. On a utility page I see where the utilities are really concerned with hacker sabotage.
4. I am still not convinced that all this innterconnection stuff is really worth it - BUT I have a lot to learn about that.
5. I think you get better reliabiltiy with standalone

IF the PLC guys have the system running and running well
Too many chefs ruin the stew
Don't fix what is not broke
What do they need IT for??

Dan Bentler

 

[rytko]

More fun from the folks at IT ...

1. They shutdown a gateway computer between two networks (controls and office) over holiday break. Since a previous IT manager made the HMIs move onto the office network (and the former controls engineer didn't have the backbone to prevent it), all operators were looking at blank screens. Temporary solution: installed a gateway card in a hub owned by me (the controls engineer).

2-4. Old panel-mounted touchscreen HMIs running NT "had" to have antivirus software installed since they were connected to the office network, and anything on the office network must be protected against viruses. Okay, so I buy that one. Response went from at most two seconds from mouse click to display update to more than a minute. Operators were not happy. Also, IT kept changing the static IP address range they assigned to me. It's easy to change a PC on the fly without affecting production, but not so easy with some PLCs. Finally, IT kept wanting to take down portions of the network for maintenance. Solution to all: install a new fiber optic backbone and stand-alone controls network with industrial-grade switches. Oh, and moved all the HMIs from Problem 1 above onto my new network.

IT is now completely out of my sh**. Unfortunately, now some managers want to access data from their desktops on the office network so they don't have to leave their cushy chairs in their offices. IT wants to put in another gateway with bidirectional access. I will serve up any data they want to them from behind a firewall router, but I'll fight tooth and nail to keep them from getting the full access they want. After of all the previous fights, though, my manager sees things my way. I think he'll back me up more this round.

 

[BobB]

Here is a really good reason to never use Ethernet. I use Omron PLCs and the network I use is Omron Controller Link. They do not come near it let me tell you.


Whenever I have had to use Ethernet, I use IP 10.*.*.* addresses. You can hear the buggers yell from 2 miles away because they cannot get into it. My answer is always "good".

This thread running at the moment may also help http://www.plctalk.net/qanda/showthread.php?t=19204

 

[parky]

I know the feeling, when I started at a large food company, the IT dept was in control of all the PC's on site (approx 250 of them).

We also had two scada's controlling a piece of plant + a buildings management system using RSVeiw, however the IT guys being the way they are decided they knew best & upgraded the network cards (comms did not work after that), destroyed the licences on the RSVeiw & because of their tweaking stopped all active display clients working, after a good slanging match with them they came out with a statement that they would refuse to maintain any "SCADA" type machines, however insisted that their remote control software was installed, anti virus & only they had admin rights.
After some years of close liasion with them & trying to work with them I have now managed to coax them into working with me, At last if they wish to upgrade they ask me to get involved & I now have limited admin rights (usually they log me in so I can do changes).
I now have a good working relationship with them but it has been hard & very frustrating, what makes them think they are gods & only they know how a pc works?.

 

[jstolaruk]

......they came out with a statement that they would refuse to maintain any "SCADA" type machines, however insisted that their remote control software was installed, anti virus & only they had admin rights.......

So they want control but not willing to be responsible for it; that makes a lot of sense. I would have told them to pound sand. If I'm going to be responsible than I have to have the authority to make changes uncontested.

 

[Rich1955]

One thing I got to say is I'm glad that 95% of our equipment is stand alone and there is only 3 people that know how to hook into the PLC. I have all the programs on my personal laptop and just give copies to be put on the network. I do have to walk miles a day thow.