SCADA for the Masses?

Posted on August 30, 2012 by Bob McIlvride

In a recent Linkedin discussion among the SCADA Professionals group, Manny Romero, Manager of Madison Technologies Industrial IT&C Division in Sydney, Australia suggested that the cloud could provide “SCADA to the masses.” This idea sounds interesting, so I thought we might take a closer look.

The premise is that the relationship between traditional SCADA and cloud-enhanced services like M2M and others are not necessarily mutually exclusive. Perhaps it is a false dichotomy. Suppose you don’t have to choose? Maybe you can enjoy the benefits of both.

Romero suggests that we can compare the controversy of SCADA vs. the Cloud to the early 80s when the PC begain gaining popularity for business applications. While PC advocates were eagerly announcing the death of the mainframe, many in the traditional computing world sneered at the lightweight upstarts, saying that nothing as rinky-dink as a PC could possibly replace the mainframe.

As it turns out, the mainframe didn’t get replaced. Instead, PCs put tools like spreadsheets and relational databases within reach of individual managers and office staff. And they opened up new application spaces in areas like education, personal publishing, gaming, and home finances. Then, with the advent of the Internet, personal computing expanded into email, web surfing, online videos, and more. In this way, the PC opened the door to “computing for the masses”.

This is what cloud computing may do for SCADA, according to Romero. He believes that the SCADA systems currently in use will probably continue in their current form for many years to come, but at the same time, cloud-enabled systems may become more common. How so?

The first thing that comes to mind is industrial and commercial applications that can use some SCADA functionality, but do not need or cannot afford a full-blown SCADA implementation. Some may be getting by with a web portal and email/SMS messaging, and yet many would benefit from a more sophisticated system, as long as staffing and equipment costs were minimal. Cloud-enabled SCADA could be a way to meet that need.

What about beyond the world of industrial applications? Just as the PC revolution brought computing to the masses, could cloud computing bring SCADA to the masses of non-industrial users? What is SCADA, after all? Supervisory Control and Data Acquisition. There is nothing in that definition that limits SCADA to factories, pipelines, and wind turbines.

The rapidly-growing Internet of Things is all about data access, and often includes forms of supervisory control. As the number of connected devices continues to mushroom, there will be more demand for connectivity options from both the public and private sectors. Home appliances and HVAC systems, cars and trucks, vending machines, security cameras, and many other types of consumer goods will be increasingly sending data and receiving supervisory control from ordinary citizens. This could eventually be seen as “SCADA for the masses”.

Will these trends continue? We won’t have to wait too long to find out. Five or ten years from now people may take these ideas for granted. Perhaps in another ten years after that someone will need to research to find out where exactly the term “SCADA for the masses” was first used. As far as I’m concerned, it was from Manny Romero on Linkedin, in August 2012.

SCADA Professionals Weigh In

Posted on August 23, 2012 by Bob McIlvride

For the past few weeks there has been a lively discussion on the SCADA Professionals group of Linkedin. Salman Ijazi, an oil and gas professional in the Dallas/Fort Worth area posed the question: “When you think of a cloud based SCADA/monitoring system, what issues come to your mind?”

This topic elicited a wealth of comments from a wide spectrum of engineers, system integrators, managers, and other leaders of thought. Brian Chapman, SCADA Software Engineer at Schneider Electric was the first and most frequent responder. His comments ranged from comparisons of the human brain and SCADA systems to detailed analysis of the layered design in a water chlorination system. Overall, he doesn’t see many possibilities for SCADA on the cloud.

Several respondents agreed with Brian, and some were quite adamant. Zane Spencer, Automation & Controls Project Manager at MPE Engineering said, “The thought of a cloud-based SCADA system makes me shudder,” while Earl Vella, Senior Systems Developer at Water Services Corp. in Malta said simply, “SCADA and cloud must never meet.”

Jake Brodsky, Control Systems Engineer at WSSC emphasized the importance of not putting an entire SCADA system on the cloud, pointing to the primary concerns of security, potential latencies in data throughput, and reliability. He questions the notion of taking “the same old software you’ve been using,” putting it on a cloud platform, and then expecting that you will magically get better service.

In response, others point out that although we should not consider building a SCADA system on a cloud server, cloud computing may still offer significant value to traditional and future SCADA systems.

Jake Hawkes, a platform manager in Calgary suggested that the current practice of outsourcing SCADA systems might lead to SCADA in the cloud as a next logical step. Ruslan Fatkhullin, CEO of Tesla in Russia, mentioned the advantages of OPC UA for connecting sensors and field systems to cloud servers. J-D Bamford, CRM/SCADA Security Engineer at Cimation in Denver, pointed out that the cloud can be useful for rapid development of systems serving distributed facilities, while at the same time, traditional HMI developers are already offering web-based solutions for mobile phone and desktop dashboards.

An important distinction was touched on by John Kontolefa, Professional Engineer at NYPA, and seconded by others: not to confuse SCADA systems with DCS (Distributed Control Systems). There seems to be a consensus among most group members that DCS functionality like automatic, real-time, closed-loop control of critical processes does not belong on the cloud, whereas open-loop SCADA functionality such as simple monitoring and inputs of non-real-time data like adding recipes or fine tuning a process might do fine on a cloud-based system.

Summing up, Salman Iljazi, who posed the initial question, pointed out the value in the oil and gas industries of performing some SCADA functions in the cloud. The geographical and other constraints that they operate under bring out certain advantages of using the cloud: ease of deployment, maintenance, and expansion, coupled with low infrastructure requirements. He mentioned applications such as pipeline monitoring, alarm management, hydrocarbon reporting, and well pad monitoring, and proposed that even high security environments such as banking, e-commerce and health systems management may benefit from SCADA functionality in the cloud.

For me, personally, the most intriguing possibility was mentioned subsequently by Manny Romero, Manager of Madison Technologies Industrial IT&C Division in Sydney. He suggested that the cloud could provide “SCADA to the masses.” What does that mean? We’ll talk about it next week.

SCADA, DMZ, and the Cloud

Posted on May 31, 2012 by Bob McIlvride

When we talk about connecting any aspect of a SCADA system to the cloud, even in the context of cloud-enhanced SCADA, some people get a bit nervous. The engineers and IT professionals responsible for keeping the SCADA systems safe and secure within their company will tell you that it’s best to keep their plant and the Internet on two completely separate physical networks. And should it ever prove necessary or desirable to bring these two networks together (for example to use the cloud to extend a SCADA system), then the generally accepted best practice is to use a Data Management Zone, or DMZ.

The acronym DMZ calls up images of a demilitarized zone between warring nations, where no fighting is allowed. That’s pretty much how it works. The DMZ provides a layer of protection in which company services like email and web servers that are exposed to the Internet get placed in a sub-network which is isolated from the rest of the company.

Companies using a DMZ might thus conclude that it places the cloud completely off limits to them. If their DMZ won’t allow an inbound Internet connection from a cloud system to read the data, then there is no way they can connect to the cloud, right?

Not necessarily. Properly configured, a DMZ can allow data from a SCADA network to be sent to the cloud without exposing the plant network to the Internet. In fact, the DMZ in such a scenario would act as a second layer of protection. This additional protection might even prompt a company that doesn’t use a DMZ to implement one.

How does it work? The DMZ connection is made through a computer specially equipped with two network interfaces. One network interface is on the plant network, and the other interface can access the Internet. Data from the plant gets routed through the first interface to a real-time middleware layer, which maintains an outbound connection to the cloud through the second network interface. The DMZ computer itself does not route between the two interfaces, so there is no direct connection from inside the plant out to the Internet, nor from the Internet back into the plant.

If the real-time middleware is configured to reverse the client-server relationship, then the DMZ computer will have no incoming ports open in its firewall, so it will effectively be invisible to the Internet and never accept a connection of any kind. In addition, the computers on the plant network do not need to open any firewall ports to send data to the DMZ computer. This means the plant computers would remain inaccessible from the DMZ computer and give you a double firewall layer between the plant and the cloud. Another advantage to this approach is that it gives the network administrator a single point of contact if he needs to cut off all data flow to the cloud server. He just disables the connection from the DMZ to the cloud and the plant continues to operate with no interruptions.

In most scenarios where a DMZ is being used to isolate a SCADA system from the cloud, the flow of data is one-way, from the plant to the cloud. Should a user need some form of write-back capability from the cloud to their plant systems, it can also be done securely, through the DMZ if necessary. But this is another discussion for a future blog.

Ultimately, there are a number of factors that determine the value and feasibility of using the cloud for enhancing a SCADA system. Each of these needs to be weighed on its own merits. Working in a system with an established DMZ, or implementing one of your own, it is possible to completely isolate your SCADA network even as you make your real-time production data more widely available to colleagues, customers and remote systems.

SCADA and the Cloud – FUD and Facts

Posted on May 10, 2012 by Bob McIlvride

A lot of information and questions have been swirling through the industrial automation community over the past year or two regarding SCADA (Supervisory Control And Data Acquisition) and the cloud. The din of voices from seasoned users, visonary cloud proponents and industry gurus has made it difficult sometimes to distinguish between true benefits, realistic options, inflated hype, and ominous warnings. Some vendors, who are apparently more concerned about their slice of the SCADA market than helping the conversation, are adding a dash of FUD (fear, uncertaintly, and doubt) into the mix. Before holding any serious discussion, we’d like to address these issues.

FUD: Putting a SCADA system in the cloud is risky and unwise.
Fact: Agreed. Don’t do it. Instead, use the cloud to enhance a SCADA system.

Let’s start by eliminating the main FUD factor right from the get-go. Nobody expects to plop a SCADA system on the cloud and have it perform as well as running it in-house. The technology is still evolving. What is possible right now is to extend or enhance a SCADA system by connecting it to a real-time cloud system. Here is how the concept of SCADA enhanced by the cloud cuts through the typical FUD:

Performance

FUD: SCADA in the cloud will impact your system performance.
Fact: Cloud-enhanced SCADA keeps primary control in the plant with zero impact on system performance, while any connection to the cloud should meet the core requirements for real-time cloud for performance.

FUD: SCADA in the cloud will have speed and latency issues.
Fact: Cloud-enhanced SCADA systems can support high data rates and low latency.

FUD: SCADA in the cloud means long polling cycles.
Fact: Cloud-enhanced SCADA can be implemented on a publish/subscribe, event-driven basis, with no polling necessary.

FUD: SCADA in the cloud would require several layers of protocol conversion, resulting in poor performance.
Fact: Cloud-enhanced SCADA can be implemented using a data-centric infrastructure, eliminating the need for protocol conversion until the data arrives at its destination.

Security

FUD: SCADA in the cloud exposes your process to hackers and spies.
Fact: Cloud-enhanced SCADA keeps your process running safely in the plant, behind closed firewalls.

FUD: Cloud hosts are more vulnerable to being hacked than in-house systems.
Fact: Cloud hosts typically invest far more in security than most manufacturing companies.

FUD: SCADA in the cloud exposes sensitive data on a public network.
Fact: Cloud-enhanced SCADA should allow you to select which data points you send to the cloud and protect them with encryption and access control restrictions, if necessary.

Reliability

FUD: SCADA in the cloud means that a connection failure equals system failure and costly plant downtime.
Fact: Cloud-enhanced SCADA means that a connection failure causes momentary loss of non-essential remote HMI interfaces. The primary control system continues to run, because it is completely independent of the cloud system.

FUD: SCADA in the cloud is vulnerable to hosting service outages.
Fact: Many hosting services support 99.9% and better up-time. In addition, a properly designed cloud-enhanced SCADA system can provide fully redundant data paths from inside the plant firewall to inside the client firewall.

These are a few examples of how to clear up any fear or doubt, using the approach of enhancing SCADA with cloud computing. From this perspective we can now hold a more meaningful conversation. Next week we’ll consider some of the more practical questions: What does cloud-enhanced SCADA look like? What can it do for me? How can I use it to get the most out of my real-time data?

Will SCADA Evolve to the Cloud?

Posted on May 3, 2012 by Bob McIlvride

One of the most common applications for real-time data in manufacturing and process industries is SCADA, supervising remote processes over a network. With the growing popularity of cloud computing, many engineers and managers in the automation sector are looking at the possibility of using the cloud for SCADA. Are they being realistic, or just dreaming in technicolor? Is it possible that SCADA will somehow evolve to the cloud?

The acronym “SCADA” stands for Supervisory Control And Data Acquisition. SCADA systems connect sensors and devices in the field or factory floor to an HMI (human-machine interface), allowing plant operators and engineers to view the data in their industrial processes in real time. This interface often supports a supervisory level of coordination and control, such as uploading new recipes to a candy-making machine, changing global settings on a wind turbine, or acknowledging a high pressure alarm for a boiler.

SCADA systems have evolved over time. The first generation systems were “monolithic”, running on mainframe computers, connecting to field devices over proprietary wide-area networks (WANs). The second generation did “distributed” processing, using mini computers communicating with each other over a local-area network (LAN). Communication to the field was still by proprietary protocols on WANs. The current, “networked”, generation uses PCs and open standards such as TCP/IP and open protocols for wide-area networking. Thus it is now possible to access SCADA systems and data from the Internet.

Do you see where this is going? Since SCADA systems have followed the progress of computing in general, and as many view cloud computing as the next logical step in this evolution, enthusiastic visionaries foresee a fourth, “cloud” generation of SCADA, where an entire control system would be running in the cloud.

Back here on earth, most industry experts agree it would be foolish to put the primary control of a power plant, water treatment system, or railyard switching system on the cloud, as it is right now. These kinds of mission-critical control tasks require rugged, reliable data networks and extremely fast response times. Advocates of cloud computing may hope that Internet speed and reliability will eventually support this level of SCADA, but we have no guarantees of that today.

That said, there are other ways of using SCADA, and other uses of process data that lend themselves to real-time cloud applications. Designed properly, with the core requirements for real-time cloud systems in mind, it is possible to put live data from SCADA systems on the cloud in a secure, reliable way. Using specially-designed middleware that supports high data rates and low latency on a data-centric infrastructure, perfectly acceptable real-time performance can be achieved for many types of applications.

Cloud computing can be implemented in different ways. As we explained a few months ago, a private cloud option can be implemented on-site to maximize security, or off-site to reduce costs and gain other benefits associated with the cloud. Another possibility is a hybrid cloud, a combination private and public clouds. With the right kind of infrastructure in place, any of these options could support a system to meet the growing demand for providing access to data from a SCADA system to local or remote users, in real time.

Evolution is a gradual process. It takes time, and it goes step by step. A first step in the evolution towards cloud-based SCADA may well be some kind of cloud-enhanced SCADA. We will talk about that in an upcoming blog, but first we need to clear up some of the fear, uncertaintly and doubt surrounding the discussion about SCADA and the cloud.

Share this:

Share this:

Share this:

Share this:

Share this: