SAN JOSE, Calif. — Plugging utilities and factories into Web services and third-party apps is no easy feat. Just ask Rich Carpenter, the executive behind the Industrial Internet Control System that GE claims is the first to make such connections.
The portfolio of new systems represent a milestone of blending PC and industrial-control technologies in a secure product, said Carpenter, general manager of control platforms in GE’s automation and controls group. He gave EE Times a virtual look under the hood of the designs geared for an industrial Internet of Things.
The controllers are “no longer limited to looking down to the physical sensors,” said Carpenter. “They are now able to ‘look up’ in a secure and authenticated way to information beyond the reach of typical control systems” to access to Web data and apps other control systems lack, he said.
The “looking up” involves capturing Web data on anything from weather forecasts to stock market swings. The systems can suggest changes to factory controls based on the data and predictions from homegrown and third-party apps such as GE’s Predix software which runs in the systems on Linux or Windows.
The connected control systems can save time and money by raising productivity and lowering maintenance, GE claims. Under the hood, they use virtualization to create separate OS and network images. Some virtual machines are dedicated to running traditional factory control processes, others handle Web searches and guest apps.
“One of the hardest things was getting a reliable mix of criticality with half the system deterministic — it always looks the same way — and another half running a guest OS,” said Carpenter. “In the early days we had some interesting occurrences when we would boot one side and it would have impacts on other,” kinks which engineers have now worked out, he added.
GE built the systems using a range of dual- and quad core x86 processors from AMD and Intel. They are mounted on standard ComExpress boards sourced from its own division that sells merchant single-board computers. Previously the GE automation group built its own proprietary x86 boards.
“Where it may have been 5-7 years between processor changes in the past, we can now release a new controller with new processor every 18-24 months” using ComExpress boards, he said.
The systems are also GE’s first to use time-synchronized networks, using the IEEE 1588v2 protocol implemented in an FPGA. The approach lets the systems create and run separate virtual network connections.
“We take one high-performance LAN and make it look like two or three LANs with separate guaranteed service levels — this eliminate kilometers of wiring by combining multiple functions on one set of virtually separated networks,” Carpenter said.
Prior control systems simply walled control systems off from any outside connections. GE had to rethink security given the new systems’ links to the Internet and third-party apps. The new systems use a hardware root of trust to enable a secure boot and authentication of all connections, techniques well established in general-purpose computing.
“We’ve changed from airgap to defense-in-depth,” said Carpenter. “In the past most controllers were on isolated networks with access controlled through routers, but our assumption is that’s not good enough to protect attack from within,” he added.
GE’s so-called IICS RX3i CPE400 and IICS Mark VIe UCSC systems continue to support traditional industrial interfaces including Profinet, IONet, Foundation Field Bus, Modbus, and others. Some systems use a cellular option to exchange data using OPC Unified Architecture, a secure protocol that evolved from the prior OPC DA/HAD.
— Rick Merritt, Silicon Valley Bureau Chief, EE Times
Related posts: