Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building Scalable Ignition Enterprise Architectures

Published byBrooke Johnson Modified over 5 years ago

Similar presentations

Presentation on theme: "Building Scalable Ignition Enterprise Architectures"— Presentation transcript:

1

2 Building Scalable Ignition Enterprise Architectures
Travis Cox Co-Director of Sales Engineering Kent Melville Sales Engineer

3 Agenda Enterprise challenges Building an enterprise architecture
Special considerations Data flow Bandwidth & latency Organization & configuration Remote tags & history Load Balancer Security considerations Connections, configuration, and projects

4 Enterprise Challenges
Lots of devices and data Network communication issues Local control and visibility Local history Visibility of real-time data centrally Centralizing historical data Firewall considerations Bandwidth considerations Multi-site analysis Scalability Security Lots of projects & templates (central configuration)

5 Enterprise Challenges
Locking down templates and windows Health checks for each Ignition server Managing licenses Backups & disaster recovery Upgrading Ignition servers Cost considerations

6 Building an Enterprise Architecture
Understand customers requirements at all locations OT (Machine, Building, Site) IT (Corporate, Cloud) Understand Ignition’s modules and products Understand connections and data flow Understand all challenges Think about redundancy and backups Lots of questions to ask

7 Standalone HMI

8 Which Ignition HMI product do I use?
Question Which Ignition HMI product do I use?

9 Standalone HMI Choice Ignition Edge Panel 1 Client Vision Benefits
1 local / 1 remote client 1 week of historical data 1 way notification Includes drivers (AB, Siemens, Modbus) Restrictions 500 tags No database access No server side scripting Benefits 1 local / 1 remote client Unlimited tags Database access Server side scripting Restrictions Communication drivers separate No history without module No alarm notification without module

10 Ignition Edge Solutions
Ignition Edge Panel Create local HMIs for field devices Ignition Edge Enterprise Synchronize data to a central enterprise server Ignition Edge MQTT Publish field-device data through MQTT

11 Standard Architecture - Site

12 Question Do we need redundancy?

13 Standard Architecture – Site w/ Redundancy

14 Question What happens at a critical machine when there is communication loss to the central Ignition server at the site?

15 No Visibility or Control
Local HMI

16 Local History Store & Forward
Loss of Data Local History Store & Forward

17 Store & Forward Choice Ignition Edge Enterprise Tag Historian Module
Benefits Cost effective Includes drivers (AB, Siemens, Modbus) Restrictions 500 tags 1-week of cache Benefits Unlimited tags Cache until disk is full Restrictions Communication drivers separate

18 Question The local Ignition server is now a critical part of the architecture, do I need to redundancy? Do I need to poll the PLC twice?

19 Loss of Data

20 Local / Plant Remote / Central
Hub & Spoke Local / Plant Remote / Central

21 Gateway Network The Gateway Network allows you to connect multiple Gateways together over a wide area network, and opens up many distributed features between gateways. The Gateway Network provides the following features: Web sockets provide fast, firewall-friendly 2-way communication over a single configured connection. Setup proxy node Security and SSL Remote tags, history, alarming, and EAM

22 Hub & Spoke – Many Possibilities

23 Question What happens when the size of the project gets large? # of tags and/or # of clients

24 Scale-Out

25 How do we manage all of these Ignition servers?
Question How do we manage all of these Ignition servers?

26 Enterprise Administration Module

27 Enterprise Administration Module
Manage multiple Gateways from one Gateway. Use the Controller Gateway to coordinate and automate many administrative tasks for Agent Gateways, including: Monitor Agent health and performance Automate Gateway backup and recovery Synchronization projects and resources Deploy modules Central licensing Remote upgrades

28 Who else needs the data? Realtime? Historical? Corporate? Cloud?
Question Who else needs the data? Realtime? Historical? Corporate? Cloud?

29 MQTT - Pub/Sub Protocol

30 MQTT

31 MQTT vs. Gateway Network
Pub/sub Get data to more applications Leverage cloud IoT platforms Use with IT/cloud Just for Ignition Maintains single project Alarm acknowledgement at the source Use with OT (Ignition locally and centrally) Both have Single source of tags RBE (report by exception) Store & forward Security and SSL Outbound traffic

32 Use of Cloud Customers who want to migrate to the cloud
Hosting (SaaS model) Leverage cloud IoT platforms for machine learning and business intelligence Unlimited storage Easy to maintain (no physical machines)

33 Key Factors Requirements Configuration & design Data flow Bandwidth
Network latency Security Administration

34 Data Flow – PLC to Ignition
Where is the PLC in relation to Ignition Ports must be open in firewall Polling is heavy on bandwidth Latency factors into speed RBE is better faster but requires more hardware

35 Data Flow – Gateway Network & MQTT
Outbound only No inbound ports need to be opened in the firewall

36 Data Flow – Client Communication
Realtime data Historical data Acknowledging alarms

37 Bandwidth & Network Latency - Clients
Latency impacts speed Best to have local clients (if possible) Reduce number of Gateway calls Decrease client poll rate

38 Bandwidth & Network Latency – Historical Data
Avoid querying data over WAN Have a local database near the Vision server Use tag history splitter (mirror data)

39 Tag History Splitter Mirrors tag historian data to 2 databases at the same time Both connections go through store & forward Local database should be specified first Ability to query local database first for specific amount of time Keep local database small

40 Bandwidth & Network Latency – Store & Forward
If latency is high increase write size and write time Don’t send data faster than latency time

41 Tag Paths Organize tag databases
Use fully qualified tag paths for real-time and history Use indirection for templates and popups Realtime Tag Binding: [default]Realistic/Realistic0 History Tag Path: [Splitter/ignition-system-name:default]realistic/realistic0

42 Remote Tag Providers

43 Remote Tag Providers - Alarms
Queried Queried when necessary Heavier on bandwidth (WAN) Lighter on memory Subscribed (recommended) Alarms held in memory Better performance Heavier on memory Lighter on bandwidth (WAN)

44 Remote Tag Providers – History Querying
Gateway Network Queries through Gateway Network Heavier on bandwidth (WAN) No need to mirror data Database (recommended) Queries from local database No bandwidth (WAN) Requires mirroring or replication Specify remote driver and provider

45 Remote History Storage

46 Remote History Providers – DB vs. Gateway Network
Direct to Database Data is not compressed Latency impacts performance Database must be opened in firewall Through Gateway Network (recommended) Data is compressed Send more data No need to open database in firewall

47 Remote History Providers – Tag History Splitter
Tag History Splitter can send data to: Direct database connection Remote history provider (Gateway Network) Tag history splitter (splitter of splitter)

48 Non-Gateway Network Services
Alarm history (journal) Audit logs Transaction groups Requires direct database access from remote site (highly requested feature)

49 Frontend Gateways & Load Balancer
Hardware or software (F5 Load Balancer) Turn on sticky sessions No state (memory tags, alarms, SFC engines, timer scripts, etc.). Requires dedicated server for that. Get data from I/O servers through Gateway Network and SQL databases Handle authentication through Active Directory or database since it is shared across all frontend Gateways

50 Security Considerations
Attend Steps for Protecting Your Ignition System today at 2:30-3:30 pm by Carl Gould Security Hardening Guide

51 Security Considerations - Connections
Use HTTPS and force SSL (get a trusted certificate) for Gateway webpage, designers, and clients Gateway Network (use SSL, ApprovedOnly connection policy) Security Zones (lock down access by IP or hostname) Security Policies (tag access, alarm acknowledgement, tag history)

52 Security Considerations - Configuration
Lock down access, by role, to: Gateway status Gateway configuration Designer Creating new projects Editing global protected resources Editing tags

53 Security Considerations – Project Security
Designer Roles to view, save, publish, edit protected resources, delete Protect resources (windows, templates, scripts, etc..) Client Access to client Don't use shared passwords or auto-login Allowed messages (7.9.4 lock downs) Role based security on windows and components

54

55

56

Download ppt "Building Scalable Ignition Enterprise Architectures"

Similar presentations

Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
XProtect® Expert 2013 Product presentation

XProtect® Expert 2013 Product presentation
Network+ Guide to Networks, Fourth Edition

Network+ Guide to Networks, Fourth Edition
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
VTS INNOVATOR SERIES Real Problems, Real solutions.

VTS INNOVATOR SERIES Real Problems, Real solutions.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
DataHub ® OPC Tunneller Overview and Demo.  Cogent Real-Time Systems  Established in 1994  Wholly owned subsidiary of Skkynet Cloud Systems  Key stats.

DataHub ® OPC Tunneller Overview and Demo.  Cogent Real-Time Systems  Established in 1994  Wholly owned subsidiary of Skkynet Cloud Systems  Key stats.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Module 1 Introduction to Managing Microsoft® Windows Server® 2008 Environment.

Module 1 Introduction to Managing Microsoft® Windows Server® 2008 Environment.
Barracuda Load Balancer Server Availability and Scalability.

Barracuda Load Balancer Server Availability and Scalability.
Chapter 10 : Designing a SQL Server 2005 Solution for High Availability MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design.

Chapter 10 : Designing a SQL Server 2005 Solution for High Availability MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design.
Network+ Guide to Networks, Fourth Edition Chapter 1 An Introduction to Networking.

Network+ Guide to Networks, Fourth Edition Chapter 1 An Introduction to Networking.
Module 9 Planning a Disaster Recovery Solution. Module Overview Planning for Disaster Mitigation Planning Exchange Server Backup Planning Exchange Server.

Module 9 Planning a Disaster Recovery Solution. Module Overview Planning for Disaster Mitigation Planning Exchange Server Backup Planning Exchange Server.
Module 11: Implementing ISA Server 2004 Enterprise Edition.

Module 11: Implementing ISA Server 2004 Enterprise Edition.
Computer Emergency Notification System (CENS)

Computer Emergency Notification System (CENS)
Introduction to the Adapter Server Rob Mace June, 2008.

Introduction to the Adapter Server Rob Mace June, 2008.
Module 13 Implementing Business Continuity. Module Overview Protecting and Recovering Content Working with Backup and Restore for Disaster Recovery Implementing.

Module 13 Implementing Business Continuity. Module Overview Protecting and Recovering Content Working with Backup and Restore for Disaster Recovery Implementing.
Selling Strategies Microsoft Internet Security and Acceleration (ISA) Server 2004 Powerful Protection for Microsoft Applications.

Selling Strategies Microsoft Internet Security and Acceleration (ISA) Server 2004 Powerful Protection for Microsoft Applications.

Similar presentations

Ads by Google