Armando Astarloa, Co-Founder & CEO, System-on-Chip engineering SL
Industrial IoT is the idea that all systems should be interconnected globally in order to share information. This concept is rapidly becoming a reality. Today, more and more companies, especially those in the field of industrial equipment, are building complex systems that integrate sensors, processing, and communications to create smart factories, smart grids, and even smart cities to further promote the industrial Internet of Things ( IIoT) Development. These technological developments not only increase productivity and profitability, but also enrich people's lives.
New technologies implemented with the Xilinx Zynq®-7000 All Programmable SoC are bringing intelligent systems to the IIoT manufacturing industry. Intelligent gateways designed by System-on-Chip engineering SL (SoC-e) not only increase productivity, but also help companies such as Microdeco to achieve more reliable interconnections and ensure security. In order to maximize profitability, the factory wants to make the layout more flexible, obtain more information about the process and manufacturing products, implement smarter data processing, and integrate human experience/interaction efficiently. However, when introducing new technologies into the factory, the people who develop the technology need to follow some rules. The first and most important rule is that production cannot stop. New technologies must be compatible with older systems and facilitate interoperability between products from different vendors. In addition, the solution should allow automation to go further and achieve more autonomous or decentralized analysis.
In order to realize what many people call the "fourth industrial revolution," factories need corresponding infrastructure and systems to use IT and electronic equipment for automated production. Although many factories achieved automation in the third wave of industrialization, in many cases it was necessary to implement two steps at the same time: the third and fourth automation evolutions. This is a great time to integrate IT infrastructure so that IT can meet the new requirements of smart factories and is compatible with third-generation production scheduling and automation systems. Figure 1 is a typical production system widely used in the industry, which helps to adjust and optimize production as required. Enterprise Resource Planning (ERP) software contains a variety of tools that support commercial databases. It defines what to manufacture. Manufacturing Enterprise Systems (MES) focuses on production scheduling. The MES uses the ERP output to communicate with the production plant equipment and tells the equipment what to do.
Figure 1 - Scheduling Production Scheduling via ERP/MES
Networking, Processing, and Sensing in a Smart Factory
Since many companies provide different types of factory equipment, and often several generations of equipment are used at the same time, it may be very difficult to connect different manufacturers and devices that meet different standards at different times. There is also a factor that complicates matters. That is, the plant equipment must be combined with the company's IT network (enterprise network and/or Internet), various PC systems, and gateways, black boxes and industrial switches based on multiple protocols. Conduct communication. In this way, the factory may soon fall into the isomerization nightmare, lacking the simplicity and flexibility required by the "plug and play" operating model. Intelligent gateways such as SoC-e's CPPS-Gate 40 (Figure 2) will play a key role in enabling secure and transparent operations between machines and IT.
Figure 2 — SoC-e's CPPS-Gate 40 Smart Gateway
Microdeco is a company that manufactures small metal parts for the automotive industry. The company is always looking for ways to increase productivity and is at the forefront of smart system usage. At Microdeco's pilot plant in Ermua, Spain, Microdeco built a network infrastructure for the plant around the concept of an intelligent gateway that integrates the same system network, processing and sensing technologies.
One of the biggest challenges in creating a smart factory is connecting different systems. The plant contains high-speed optical links that can be used to interconnect different information physical production system (CPPS) areas—that is, each machine, sensor, and actuator production group. Smart gateways are in charge of all communication infrastructure. These include: high-speed switched fiber links and flexible three-speed Ethernet ports (implementation of conventional Ethernet or Industrial Ethernet protocols in each cell), as well as a variety of serial ports that enable widespread use of industrial protocols such as Modbus and Profibus).
Figure 3 shows how each smart gateway installed in each machine (CPPS zone) connects to the next gateway through a single fiber link. In this communication infrastructure, all devices are also connected into a single loop to implement the High-availability Seamless Redundancy (HSR) protocol. This non-proprietary (IEC 62439-3 Clause 5) Ethernet "Zero Delay Recovery Time" solution allows the operator to disconnect any device from the loop without adversely affecting other nodes or equipment in the plant . This true plug-and-play operation facilitates factory layout changes. In addition, HSR also supports the redundant IEEE 1588v2 sub-microsecond synchronization protocol, which simplifies the synchronization of the system and allows the accurate reconstruction of the sampled sensor data or the implementation of control tasks.
Figure 3 - Lathe part of the Microdeco factory
In order to achieve seamless redundancy, each HSR node sends Ethernet signal frames in both directions of the loop. This method can achieve "hot" plugging of cables or devices. Each node is responsible for forwarding signal frames in both directions. At the same time, IEEE 1588v2 is responsible for correcting the dwell time and link delay time to ensure the timing accuracy of the entire network. Therefore, the hardware processing of the frames must be implemented to ensure that the delay time in each node is short and constant. Specifically, the IEC standard recommends the use of a "pass-through" scheme to forward signal frames in the loop.
In order to avoid the appearance of cyclic frames, in unicast communication, the node receiving the frame is responsible for deleting the frame from the loop. For multicast and broadcast traffic, the frame is deleted when the sender sees the sent frame again in the redundant port. More rules regarding cyclic frames (such as corrupted frames) have also been applied to ensure network stability.
HSR, in many cases combined with the Parallel Redundancy Protocol (PRP), is the high-availability Ethernet protocol recommended by automation standards for substations (that is, one of the most important areas in the world).
In addition, these L2 solutions are also used in other fields such as military and aerospace.
Smart gateways provide hardware switching capabilities from Ethernet and serial ports to HSR infrastructure loops. There are two intelligent gateways (located on the left and right of Figure 3, respectively) that are responsible for connecting the HSR loop and the Ethernet-based enterprise network as RedBox. Functionally, the right access point is optional because it can be used to avoid a single point of failure that can occur if the network uses only one RedBox. We recommend implementing a dual-box setup where high availability is needed, or if it is necessary to manage PRP frames (IEC 62439-3 Clause 5) in key nodes of the enterprise network.
In addition, the gateway has an internal network port that leads to the SoC device processing unit. In most cases, "silent" switching schemes are not useful when connecting factories and IT equipment. The heterogeneous nature of data and network formats makes it difficult to implement straightforward connections. What is needed here is a powerful integrated processing system that can talk to local, enterprise or cloud databases. In addition, the system will also be responsible for translation protocols, managing HMI systems, supporting MES systems, and even running soft PLCs for real-time control. But this is not enough. Customers also hope that such systems can perform pre-processing and filtering of complex sensor data in the device, as well as advanced network security work.
The network security requirements in such advanced manufacturing facilities have changed greatly. Advanced security must be provided to protect the state of production itself, in order to avoid malicious interruptions or accidental disruptions caused by network infrastructure (devices, networks, software, or hardware). In addition, users and devices that are accessing information or important operations must also be authenticated. In addition, information and control protocols need to be protected in terms of authentication and privacy because the factory network is connected to larger IT networks inside and outside the enterprise.
Only adopting a layered network security solution that takes into account the implementation content of each plant can meet these challenges. The common element in all projects is the need to support secure boot and storage with encryption and authentication measures. This feature makes the implementation of security software and secure networks more credible.
The protection of trusted embedded systems has become increasingly difficult because of the heterogeneity of devices and the increasing number of devices.
For authentication and network security, these systems can use many of the solutions in today's IT world. Combining the well-known authentication mechanism IEEE 802.1X with RADIUS is a good example. Many embedded systems with advanced operating systems can support all L3 security protocols and applications that help protect data exchange by running a cryptographic library such as OpenSSL. However, there is a great challenge when it comes to protecting L2 industrial protocols with strict real-time requirements. The analysis of these scenarios shows that using software solutions to protect these frames is the application of cryptographic algorithms. Even using crypto accelerators is not simple and intuitive. In many cases, custom hardware processing is also required.
In the given topology, from the perspective of the network and the user, it is necessary to use an authentication mechanism to protect three network links: redundant HSR/PRP, 10/100/1G switching ports, and service ports. In addition, all plant traffic passes through the intelligent gateway, so these three links will play a very important role in monitoring traffic and preventing potential threats.
The last concept is the integration of the sensor interface kit. As mentioned earlier, technological advancement should help us simplify equipment, rather than make them more complex. To meet this requirement, we integrated all standard digital and analog interfaces in the gateway. In addition, we also include high-end interfaces for advanced vibration sensors as well as high-speed data acquisition interfaces with direct access to Zynq SoC devices.
How SOC Programmable Platforms Create Opportunities
This "magic" that combines high-end networks, powerful processing, and sensing capabilities has been realized thanks to the SoC programmable platform. Our product, called CPPS Gate 40, embeds a Xilinx Zynq-7000 All Programmable SoC device implemented on the SoC-e SMARTzynq OEM module. The dual-core ARM® CortexTM-A9 MPCoreTM on the device supports multiple high-speed network links with different memory resources (DDR3, flash, and large memory units, etc.) and hardware. This infrastructure can provide a great deal of freedom in partitioning hardware and software processing to meet the challenges presented by these applications.
From a hardware perspective, the Zynq SoC's programmable logic combined with the IEEE 1588v2 hardware support unit is the best choice for low latency network tasks. Figure 4 is a block diagram of the SoC implementation of CPPS-Gate 40 in the Microdeco implementation. The network's switching infrastructure is coordinated through the SoC-e HSR/PRP/Ethernet Switch (HPS) IP core, which not only ensures a constant 550ns forwarding time at each node of the loop, but also integrates internal and external three-speed Ethernet. port.
Figure 4 - Block Diagram of a Zynq SoC Implementation
The internal port is snooped and time stamped by the Precision Time Basic (PTB) IP core to provide support for the PTP protocol stack. The IEEE 1588v2 infrastructure allows smart gateways to operate as masters, slaves, transparent clocks, and redundant clocks. Thus, in each device, synchronous 64-bit timers can be used to provide time stamping, synchronization and control, and can be used as a common time reference to implement time-sensitive network technology (TSN) networks.
In addition, these network cores implemented on Zynq SoC FPGAs can also support network security features such as IEEE 802.1X authentication at any time. This mechanism, combined with an external authentication server, protects unauthorized connections to network ports. The Zynq SoC's programmable logic can also play a vital role in securing L2 control frames in real time, which is similar to the fact that IEEE 1588v2 transparent clock operations require authentication.
Network security can be further enhanced through the Zynq SoC's secure boot feature. All external software and device-external bitstreams, even the boot loader and operating system, are stored, AES-256 encrypted, and HMAC authenticated. This feature, combined with other hardware security features included in the device, ensures that the data in the entire network infrastructure comes from trusted sources.
In addition, the SIEM agent installed in each CPPS-Gate 40 also runs (in other devices) the following security-related tasks: monitoring new connections, authentication attempts, SSH connections, and access to analysis tools; virus/malware detection Network attack identification; and ARP traffic analysis.
The sensor interface is also implemented in some of the standard communication channels provided by the Zynq SoC processing system (UART, I2C, SPI) in the programmable logic section (high-speed data acquisition, digital filtering, and FFT).
The software infrastructure implemented on this device benefits from the seamless integration of Linux OS Ubuntu on the device. Linux supports a wide range of functions. Figure 5 summarizes the most relevant software services based on the Linux OS for Microdeco's specific implementation.
Figure 5 - Software Infrastructure for Smart Factory Network
Python-based PLC simulators have been developed that can be used as key components for mapping sensor interfaces in the well-known Modbus TCP scheme. The method can be simplified at the same time as the third-party MES. The SQL client can send the original sensor data packet and the pre-processed sensor data packet to the remote SQL server. Specific alerts and selected data can be published directly in the cloud-based couchDB database. Data analysis can be performed remotely in an enterprise or cloud server and can even be performed locally through an intelligent gateway. For the final goal, the product contains a time database that not only predicts failures in production or other defined actions, but also acts on the spot. The big data analysis software provided by Juxt.io is responsible for performing predictive analysis tasks related to machine behavior.
With SoC-e's portable tools API, we can provide network management support via SNMP. The foundation of the network security infrastructure is the SoC-e IP hardware support and the integrated SIEM agent for network and user activity monitoring.
Increase profits through technology
The Fraunhofer Institute of Industrial Engineering and Automation in Germany predicts that by 2025, Industry 4.0 may promote a 20%-30% leap in productivity. However, the industrial market needs gradual changes and friendly technologies and solutions. For example, the Microdeco plant benefits from advanced technologies to integrate agile and computationally powerful network and processing infrastructure into its production lines.
The driving forces behind this solution include: adoption of open standards for networks and data formats; use of scalable, re-partitionable SoC reconfigurable devices; and selection of highly productive software frameworks (eg Python on embedded Linux) . In addition, by using off-the-shelf value-added hardware IP, manufacturers can significantly reduce time-to-market and meet the needs of new markets. Of course, the system must also achieve the highest level of network security at the device, software, and network levels.
Enershare's commitment to future-ready energy solutions for smart home innovations, Enershare`s Energy Storage Systems create a flexible energy maintenance system for homeowners who want to take more control of their home energy use, it is intended to be used for home battery energy storage and stores electricity for solar self-consumption, load shifting, backup power, and off-the-grid use. you can use it anytime you want-at night or during an outage.
Home Battery,Home Battery Backup,Home Energy Storage System,Battery Backup Power Supply For Home,High Capacity Electrical Backup,Power Bank For Home
Shenzhen Enershare Technology Co.,Ltd , https://www.enersharepower.com