Plant wide networking... where to start

[macese]

I have recently been tasked at a new job to integrate all the automated cells at our plant to have remote access to the production data (viewing only - not online edits). Each cell uses Allen-Bradley PLCs controllogix or compactlogix, as well as panelview HMI displays.

I understand FactoryTalk SE can be useful for this goal but I'm not sure if it's overkill, given how costly it is yo get the licence. Ideally I'd like to network everything with EtherNet/IP but I'm not sure where to start in terms or software required or infrastructure. My previous exposure to PLCs/HMIs has always been single machine programming.

Any help is appreciated!

 

[Dravik]

Split into 2 projects - Network all the cells, Data visualization
Write a URS for each to define requirements

1) For example - Network: How many cells, how far apart, where would you put switches, is there existing infrastructure, what rules/regs have to be followed, does it need to route, how will you expose the information to the business side(if at all)... etc etc.

2) Data vis - RealTime/Not Realtime, Do you need/want historical data, standalone software or web delivered, mobile?

 

[JaxGTO]

Were are putting together a job for a customer to 'do it right'.
We are using the Panduit INZ and IDF junction boxes with AB Stratix 5700 switches in a fiber ring. Nice equipment and AB did a free network analysis for us.

 

[harryting]

"automated cell", sounds like an assembly plant.

FT View SE is ok since you can have a centralized server but also look at Ignaition products where the clients only consist of a browser with Java.

 

[James Mcquade]

this is my opinion, so here goes.

First and foremost - KEEP the plant network out of the hands of management and the IT Department !!!

Failing to do that is a big disaster!

Why?

the IT department will have all these special rules and requirements to keep anyone from accessing the network, even to trouble shoot problems and equipment. New IP addresses, firewall rules, and so on.

Managers will want to have plc programming capabilities so they change the logic , timers, parameters without having a clue what the machine or process involves.

the best thing to do is design the network, get a program to collect the data and store it in a database, and then display the data on a web server.

By doing this, you keep control over who has access to the network, separate the outside world from the plant machinery, and prevent management from wanting to change parameters and other items and making a mess in production.

this is hard to swallow and will take time, but it pays off and keeps you safe.
I strongly recommend that you also create a process parameter control booklet for each machine. this booklet documents all critical timers, counters, and process parameters listed in the specifications. this booklet also dictates a chain of command that must be followed in order to change any parameter. everyone must sign off on the document, the parameter to be changed, what it is and what the new parameter will be.

it saved my rear several times and got others in hot water when our process went sideways.

at our facility, we have 2 networks, plant machine level and management.
only certain management personnel can access the plant side.
Only certain people can access the plant from remote locations using a bridging software package.

regards,
james

 

[harryting]

First and foremost - KEEP the plant network out of the hands of management and the IT Department !!!

YES YES YES!

and if your IT knows anything about Industrial Control System, they will agree.

If you need backup, ICS-CERT have some real good intro video for IT people to understand why this needs to be.

 

[Paullys50]

this is my opinion, so here goes.
First and foremost - KEEP the plant network out of the hands of management and the IT Department !!!

and if your IT knows anything about Industrial Control System, they will agree.
.

I have to respectfully disagree, I understand the hassles of dealing with the IT guys at time, however given the OP clearly stated he has no idea where to start he needs to lean on resources if they are available.

Keep $$$$ in mind.

OP says to his boss, says: "I've done my homework, I have a good network design that includes managed switches, fiber ring, distributed IDF cabinets, it will make for an idea controls network! Looking at $100,000 for hardware and labor for the install."

Is the OP getting his money? Probably not, more like "What? You've to $10,000 and that's a stretch. Make it work."

IT proposing the project for said reasons, you'll probably get the $100,000, the right network with proper security features that a modern facility should have. Yes there will be political chess involved, but I'd rather have this outcome.

OP, bring in an outside consultant to review your needs and propose a solution. Worry about the SCADA part later (I 2nd going w/Ignition).

 

[macese]

Thanks for all the replies - this is helpful to get me started! I will begin looking into this and may seek help from an outside network consultant. I'm sure I'll have more questions as I go along the process but I appreciate the advice.

 

[sparkie]

Good luck. I'm so jealous and would LOVE to take on this project. It is right up my alley.

Anywho, the first thing you will do is conduct an audit of each and every machine.

What kind of networking capabilities does it currently have?
What is the local addressing inside the machine?

Put this into a spreadsheet organized by machine cell.

There are subsets to those questions, but those are the big two.

Next would be the question of if it will be a closed-circuit network containing only automation equipment (if you are pulling cables to each machine anyway, then YES by all means it should be).

Then you can start looking at budgeting questions. Stratix switches are nice, but depending on how many devices you have, you may be able to get away without managed switching capabilities. Also, depending on the production environment, you may be able to get away with using business grade switches rather than industrial switches. Those things are pretty expensive, and if laid out right you can save a buck there, and some of these business class switches are pretty darn tough (from my professional experience).

Anyway, I look forward to hearing more about this.

 

[cardosocea]

I have to respectfully disagree, I understand the hassles of dealing with the IT guys at time, however given the OP clearly stated he has no idea where to start he needs to lean on resources if they are available.

Keep $$$$ in mind.

OP says to his boss, says: "I've done my homework, I have a good network design that includes managed switches, fiber ring, distributed IDF cabinets, it will make for an idea controls network! Looking at $100,000 for hardware and labor for the install."

Is the OP getting his money? Probably not, more like "What? You've to $10,000 and that's a stretch. Make it work."

IT proposing the project for said reasons, you'll probably get the $100,000, the right network with proper security features that a modern facility should have. Yes there will be political chess involved, but I'd rather have this outcome.

OP, bring in an outside consultant to review your needs and propose a solution. Worry about the SCADA part later (I 2nd going w/Ignition).

I agree with you... I think IT can give far better support in getting a secure network implemented for controls. However, I would not dare propose this in most companies as IT has far more power than they should and my opinion about what is required of the network would soon be put on hold because of normal corporate policies.

 

[drforsythe]

As hard as it may seem, we need to use our knowledge and experience to help push topics like networking in the direction we need it to go. This only works when we move out of our comfort zones and communicate our wants and needs.

I design controls, but I have been working with our IT staff to understand their needs and help them understand mine. Has it been perfect? No, but we now have a better working relationship. I could have made the decision to be obstinate and not include them except when necessary, but I chose not to. I have seen improvement and have learned along the way. We now have a better understanding and work much better together. This benefits the company as a whole, not just our individual departments.

By the way, I second the thought of including IT for budgeting purposes. They seem to have a better chance of getting funding approved.

Good luck.

 

[James Mcquade]

it's ok to disagree, and I may have jumped the gun with my post.

at my last job before they moved and eliminated my position, they dictated
everything to the point that plc software fought against the plant network software for control. Boot time 3 minutes to 3 hours, no joke.

we had to order me a new system!
Special networks, firewall issues, user privlidges you name it.

Where I am now, corporate wants us to redo all the plant network.
new ip's, firewall on, restrict user access, new virus software, and NO downtime ! thank goodness that my boss won that battle. I am in the it department and we are the programmers, designers, network guys for the plant. They have no idea what is required for the plant systems in order to run.

james

 

[harryting]

I have to respectfully disagree, I understand the hassles of dealing with the IT guys at time, however given the OP clearly stated he has no idea where to start he needs to lean on resources if they are available.

I think we are making different assumptions.

What I am talking about is the day to day maintenance and control of the control-network and what's on it. OP will need technical help in scoping out and design of the network for sure and he will need to consult IT to incorporate their needs to interface with it. There needs to be clear line of demarcation. ISA, Rockwell, and Cisco all have put out whitepapers on how to best design such network. However, most IT people have no idea such information exists.

I have worked with great IT folks who can listen to us and make a great VM server to handle FTView SE to the IT guy who want to give me a 12" laptop for doing on-site commissioning and lock out admin-right. I got enough stories to fill a book.

It all depends but one thing stay true with all the IT folks I deal with is that good fence makes for good neighbors.

 

[sparkie]

You guys are absolutely right. It really depends on your IT guys and their skill levels, but for the most part IT guys with a background in manufacturing facilities KNOW there is a big difference between production and and business type networks. The hardware might be similar, and they both might be *mostly* over Ethernet wiring specifications, but there is a big difference in the requirements there.

On their side of the fence, though, there aren't a whole lot of maintenance personnel that are tech savvy when it comes to the computing side of things. They can be trained on the software and interfacing, but may have a hard time implementing it on the business side of things. Some of those guys don't know as much as they think they do either, which is another good reason IT keeps those rights to themselves.

The problem is that most of the IT guys don't quite understand the difference between a control network and a business network, so it is up to both sides to educate each other on the issue.

Yay for 500 posts.

 

[ASF]

The problem is that most of the IT guys don't quite understand the difference between a control network and a business network, so it is up to both sides to educate each other on the issue.

Absolutely.

I have a client who has a full time IT guy, and he knows both the business side and the control side inside and out. A very smart cookie. It's great, whenever I have a project there, I just send him a list of equipment, he sends me back a list of ethernet hardware (i.e. managed switches, etc) and IP settings. We build the panel, I set all the IP addresses up, and then he rocks up and configures everything. Everything works well!

I have another client who have IT guys who know the business side of things very well, and have no idea of the control side of things. They know that they don't have any idea of the control side of things, and so anything that's to be done on the control side of things, they leave me alone to do what I want. Where there needs to be a crossover between the networks, I sit down with them and explain what I need, and they do it. Everything works well!

But, as soon as you have a situation where you have an IT guy who's as involved in your control network as my first example, but as experienced in control networks as my second example, You're Gonna Have a Bad Time.