Tag Archives: Cloud Scada

SCADA for the Masses?

Posted on by
Reply

In a recent Linkedin discussion among the SCADA Professionals group, Manny Romero, Manager of Madison Technologies Industrial IT&C Division in Sydney, Australia suggested that the cloud could provide “SCADA to the masses.”  This idea sounds interesting, so I thought we might take a closer look.

The premise is that the relationship between traditional SCADA and cloud-enhanced services like M2M and others are not necessarily mutually exclusive.  Perhaps it is a false dichotomy.  Suppose you don’t have to choose?  Maybe you can enjoy the benefits of both.

Romero suggests that we can compare the controversy of SCADA vs. the Cloud to the early 80s when the PC begain gaining popularity for business applications.  While PC advocates were eagerly announcing the death of the mainframe, many in the traditional computing world sneered at the lightweight upstarts, saying that nothing as rinky-dink as a PC could possibly replace the mainframe.

As it turns out, the mainframe didn’t get replaced.  Instead, PCs put tools like spreadsheets and relational databases within reach of individual managers and office staff.  And they opened up new application spaces in areas like education, personal publishing, gaming, and home finances.  Then, with the advent of the Internet, personal computing expanded into email, web surfing, online videos, and more.  In this way, the PC opened the door to “computing for the masses”.

SCADA for the massesThis is what cloud computing may do for SCADA, according to Romero.  He believes that the SCADA systems currently in use will probably continue in their current form for many years to come, but at the same time, cloud-enabled systems may become more common.  How so?

The first thing that comes to mind is industrial and commercial applications that can use some SCADA functionality, but do not need or cannot afford a full-blown SCADA implementation.  Some may be getting by with a web portal and email/SMS messaging, and yet many would benefit from a more sophisticated system, as long as staffing and equipment costs were minimal.  Cloud-enabled SCADA could be a way to meet that need.

What about beyond the world of industrial applications?  Just as the PC revolution brought computing to the masses, could cloud computing bring SCADA to the masses of non-industrial users?  What is SCADA, after all?  Supervisory Control and Data Acquisition.  There is nothing in that definition that limits SCADA to factories, pipelines, and wind turbines.

The rapidly-growing Internet of Things is all about data access, and often includes forms of supervisory control.  As the number of connected devices continues to mushroom, there will be more demand for connectivity options from both the public and private sectors.  Home appliances and HVAC systems, cars and trucks, vending machines, security cameras, and many other types of consumer goods will be increasingly sending data and receiving supervisory control from ordinary citizens.  This could eventually be seen as “SCADA for the masses”.

Will these trends continue?  We won’t have to wait too long to find out.  Five or ten years from now people may take these ideas for granted.  Perhaps in another ten years after that someone will need to research to find out where exactly the term “SCADA for the masses” was first used.  As far as I’m concerned, it was from Manny Romero on Linkedin, in August 2012.

SCADA Professionals Weigh In

Posted on by
Reply

For the past few weeks there has been a lively discussion on the SCADA Professionals group of LinkedinSalman Ijazi, an oil and gas professional in the Dallas/Fort Worth area posed the question: “When you think of a cloud based SCADA/monitoring system, what issues come to your mind?”

This topic elicited a wealth of comments from a wide spectrum of engineers, system integrators, managers, and other leaders of thought.  Brian Chapman, SCADA Software Engineer at Schneider Electric was the first and most frequent responder.  His comments ranged from comparisons of the human brain and SCADA systems to detailed analysis of the layered design in a water chlorination system.  Overall, he doesn’t see many possibilities for SCADA on the cloud.

Several respondents agreed with Brian, and some were quite adamant.  Zane Spencer, Automation & Controls Project Manager at MPE Engineering said, “The thought of a cloud-based SCADA system makes me shudder,”  while Earl Vella, Senior Systems Developer at Water Services Corp. in Malta said simply, “SCADA and cloud must never meet.”

Jake Brodsky, Control Systems Engineer at WSSC emphasized the importance of not putting an entire SCADA system on the cloud, pointing to the primary concerns of security, potential latencies in data throughput, and reliability.  He questions the notion of taking “the same old software you’ve been using,” putting it on a cloud platform, and then expecting that you will magically get better service.

In response, others point out that although we should not consider building a SCADA system on a cloud server, cloud computing may still offer significant value to traditional and future SCADA systems.

Jake Hawkes, a platform manager in Calgary suggested that the current practice of outsourcing SCADA systems might lead to SCADA in the cloud as a next logical step.  Ruslan Fatkhullin, CEO of Tesla in Russia, mentioned the advantages of OPC UA for connecting sensors and field systems to cloud servers.  J-D Bamford, CRM/SCADA Security Engineer at Cimation in Denver, pointed out that the cloud can be useful for rapid development of systems serving distributed facilities, while at the same time, traditional HMI developers are already offering web-based solutions for mobile phone and desktop dashboards.

An important distinction was touched on by John Kontolefa, Professional Engineer at NYPA, and seconded by others: not to confuse SCADA systems with DCS (Distributed Control Systems).  There seems to be a consensus among most group members that DCS functionality like automatic, real-time, closed-loop control of critical processes does not belong on the cloud, whereas open-loop SCADA functionality such as simple monitoring and inputs of non-real-time data like adding recipes or fine tuning a process might do fine on a cloud-based system.

Summing up, Salman Iljazi, who posed the initial question, pointed out the value in the oil and gas industries of performing some SCADA functions in the cloud.  The geographical and other constraints that they operate under bring out certain advantages of using the cloud: ease of deployment, maintenance, and expansion, coupled with low infrastructure requirements.  He mentioned applications such as pipeline monitoring, alarm management, hydrocarbon reporting, and well pad monitoring, and proposed that even high security environments such as banking, e-commerce and health systems management may benefit from SCADA functionality in the cloud.

For me, personally, the most intriguing possibility was mentioned subsequently by Manny Romero, Manager of Madison Technologies Industrial IT&C Division in Sydney.  He suggested that the cloud could provide SCADA to the masses.”  What does that mean?  We’ll talk about it next week.

SCADA, DMZ, and the Cloud

Posted on by
Reply

When we talk about connecting any aspect of a SCADA system to the cloud, even in the context of cloud-enhanced SCADA, some people get a bit nervous.  The engineers and IT professionals responsible for keeping the SCADA systems safe and secure within their company will tell you that it’s best to keep their plant and the Internet on two completely separate physical networks.  And should it ever prove necessary or desirable to bring these two networks together (for example to use the cloud to extend a SCADA system), then the generally accepted best practice is to use a Data Management Zone, or DMZ.

The acronym DMZ calls up images of a demilitarized zone between warring nations, where no fighting is allowed.  That’s pretty much how it works.  The DMZ provides a layer of protection in which company services like email and web servers that are exposed to the Internet get placed in a sub-network which is isolated from the rest of the company.

Companies using a DMZ might thus conclude that it places the cloud completely off limits to them.  If their DMZ won’t allow an inbound Internet connection from a cloud system to read the data, then there is no way they can connect to the cloud, right?

Not necessarily.  Properly configured, a DMZ can allow data from a SCADA network to be sent to the cloud without exposing the plant network to the Internet.  In fact, the DMZ in such a scenario would act as a second layer of protection.  This additional protection might even prompt a company that doesn’t use a DMZ to implement one.

How does it work?  The DMZ connection is made through a computer specially equipped with two network interfaces.  One network interface is on the plant network, and the other interface can access the Internet.  Data from the plant gets routed through the first interface to a real-time middleware layer, which maintains an outbound connection to the cloud through the second network interface.  The DMZ computer itself does not route between the two interfaces, so there is no direct connection from inside the plant out to the Internet, nor from the Internet back into the plant.

If the real-time middleware is configured to reverse the client-server relationship, then the DMZ computer will have no incoming ports open in its firewall, so it will effectively be invisible to the Internet and never accept a connection of any kind.  In addition, the computers on the plant network do not need to open any firewall ports to send data to the DMZ computer.  This means the plant computers would remain inaccessible from the DMZ computer and give you a double firewall layer between the plant and the cloud.  Another advantage to this approach is that it gives the network administrator a single point of contact if he needs to cut off all data flow to the cloud server.  He just disables the connection from the DMZ to the cloud and the plant continues to operate with no interruptions.

In most scenarios where a DMZ is being used to isolate a SCADA system from the cloud, the flow of data is one-way, from the plant to the cloud.  Should a user need some form of write-back capability from the cloud to their plant systems, it can also be done securely, through the DMZ if necessary.  But this is another discussion for a future blog.

Ultimately, there are a number of factors that determine the value and feasibility of using the cloud for enhancing a SCADA system.  Each of these needs to be weighed on its own merits.  Working in a system with an established DMZ, or implementing one of your own, it is possible to completely isolate your SCADA network even as you make your real-time production data more widely available to colleagues, customers and remote systems.

Cloud-Enhanced SCADA

Posted on by
1

It seems that industrial SCADA systems used to monitor and control processes in real time may someday evolve towards the cloud. Despite the doubts of skeptics and a little FUD being passed around, opportunities are beginning to arise even now. Although no one really expects to see full-blown SCADA systems in the cloud just yet, we can think of several ways to enhance a SCADA system by extending it to the cloud. Here are few ideas:

1. Web-based HMI. Already a number of SCADA vendors are offering web-based HMI (human machine interface) connections to their systems. These provide a way for operators, engineers, and managers to view live process data in a standard web browser. Following the core requirements for real-time cloud systems and extending this kind of application to the cloud would provide people with broader access to the data at significantly less cost than traditional SCADA expansion options.

2. Management dashboards. Using a hybrid cloud system, a plant could make a partial, read-only data set available to management levels within a company. The data would be sent to the cloud through closed firewalls and displayed in a web HMI to show real-time performance and historical trends.

3. Data aggregation. A real-time cloud system could be used to connect to remote locations, aggregate the data in a single, unified data set, and then stream the data to any number of client or server systems. This type of application would benefit greatly from a data-centric infrastructure.

4. Connections to off-site facilities. With low-latency data transmission it becomes increasingly practical to connect to remote sensors in off-site locations, and relay field data directly to in-plant servers. A real-time cloud system could thus effectively support machine-to-machine data exchange over the Internet in a secure and reliable way.

5. Collaboration with suppliers and customers. Through LAN-to-LAN bridging and synchronization of a real-time cloud system, companies could more easily collaborate with suppliers and customers. Exchanging real-time production data would better streamline manufacturing processes, allowing managers to plan production based on immediate sales demand and availability of raw materials.

6. Home and building monitoring. Appliances, thermostats, machinery, or any embedded device in a home or office building with Internet connectivity could stream data to the cloud. Home owners or building managers could then access this information through web HMI or other data streams.

7. Remote system monitoring and diagnostics. Key engineers and service technicians would be able to receive the information they need to effectively resolve issues and investigate problems, using a complete up-to-date picture of the remote operation.

Cloud-enhanced SCADA can probably be used in other ways, in addition to these examples. As the cloud becomes more widely used for real-time applications, no doubt this list will be expanded. The take-home point is that although SCADA may be in the early stages of evolving towards the cloud, even now there are some real possibilities for enhancing current SCADA systems through cloud-based solutions.

SCADA and the Cloud – FUD and Facts

Posted on by
Reply

A lot of information and questions have been swirling through the industrial automation community over the past year or two regarding SCADA (Supervisory Control And Data Acquisition) and the cloud.  The din of voices from seasoned users, visonary cloud proponents and industry gurus has made it difficult sometimes to distinguish between true benefits, realistic options, inflated hype, and ominous warnings.  Some vendors, who are apparently more concerned about their slice of the SCADA market than helping the conversation, are adding a dash of FUD (fear, uncertaintly, and doubt) into the mix.  Before holding any serious discussion, we’d like to address these issues.

FUD: Putting a SCADA system in the cloud is risky and unwise.
Fact: Agreed.  Don’t do it.  Instead, use the cloud to enhance a SCADA system.

Answers and Questions signpostLet’s start by eliminating the main FUD factor right from the get-go.  Nobody expects to plop a SCADA system on the cloud and have it perform as well as running it in-house.  The technology is still evolving.  What is possible right now is to extend or enhance a SCADA system by connecting it to a real-time cloud system.  Here is how the concept of SCADA enhanced by the cloud cuts through the typical FUD:

Performance

FUD: SCADA in the cloud will impact your system performance.
Fact: Cloud-enhanced SCADA keeps primary control in the plant with zero impact on system performance, while any connection to the cloud should meet the core requirements for real-time cloud for performance.

FUD: SCADA in the cloud will have speed and latency issues.
Fact: Cloud-enhanced SCADA systems can support high data rates and low latency.

FUD: SCADA in the cloud means long polling cycles.
Fact: Cloud-enhanced SCADA can be implemented on a publish/subscribe, event-driven basis, with no polling necessary.

FUD: SCADA in the cloud would require several layers of protocol conversion, resulting in poor performance.
Fact: Cloud-enhanced SCADA can be implemented using a data-centric infrastructure, eliminating the need for protocol conversion until the data arrives at its destination.

Security

FUD: SCADA in the cloud exposes your process to hackers and spies.
Fact: Cloud-enhanced SCADA keeps your process running safely in the plant, behind closed firewalls.

FUD: Cloud hosts are more vulnerable to being hacked than in-house systems.
Fact: Cloud hosts typically invest far more in security than most manufacturing companies.

FUD: SCADA in the cloud exposes sensitive data on a public network.
Fact: Cloud-enhanced SCADA should allow you to select which data points you send to the cloud and protect them with encryption and access control restrictions, if necessary.

Reliability

FUD: SCADA in the cloud means that a connection failure equals system failure and costly plant downtime.
Fact: Cloud-enhanced SCADA means that a connection failure causes momentary loss of non-essential remote HMI interfaces.  The primary control system continues to run, because it is completely independent of the cloud system.

FUD: SCADA in the cloud is vulnerable to hosting service outages.
Fact: Many hosting services support 99.9% and better up-time.  In addition, a properly designed cloud-enhanced SCADA system can provide fully redundant data paths from inside the plant firewall to inside the client firewall.

These are a few examples of how to clear up any fear or doubt, using the approach of enhancing SCADA with cloud computing.  From this perspective we can now hold a more meaningful conversation.  Next week we’ll consider some of the more practical questions: What does cloud-enhanced SCADA look like?  What can it do for me?  How can I use it to get the most out of my real-time data?