Digital Transformation:
A Pragmatic Approach, p2
An IIoT-enabled Vision
for Process Automation, p4
A Secure
Foundation for
Digital Transformation
Deliver on the Industrial IoTs Promise With Honeywell Technology Today
SPONSORED BY
INTERVIEW
A pragmatic approach
to digital transformation
Honeywells vision for the Industrial Internet of Things builds enterprise
optimization, ecosystem analytics and domain expertise on a secure
foundation of seamless data access and information transparency
Honeywell Process Solutions is no stranger to tems where you can leverage the advanced analytics
helping its process industry clients harness digital and expertise that exists across the organization.
innovation for business benefit. Indeed, the com- The third essential aspect of the IIoT is the ability
panys digital firsts include both the distributed to securely tap the domain expertise of a whole
control system (DCS) and the smart, digitally ecosystem of partners in the cloud, where other
communicating transmitter. Today, the Industrial organizations such as process licensors and original
Internet of Things (IIoT) represents only the lat- equipment manufacturers [OEMs] can help solve
est advance in the evolution of digital technology additional problems. Its not just about monitoring,
through which Honeywell has continuously sup- its about taking that diagnostic knowledge of the
ported its customers since the 1970s, according to OEM and embedding it in an application that can
Andrew Hird, vice president and general manager predict and prevent failure.
of the companys newly minted Digital Transfor-
mation organization.
Honeywells approach to the IIoT is a pragmatic Q What business benefits can processors expect
to realize by investing in the IIoT?
one, Hird says. Its still all about finding out our
customers challenges and problems, then applying
technology to solve them, he says. And while the
IIoT can help solve important, previously unsolv-
A The IIoT can help solve a range of histori-
cally difficult problems. The first has to do
with reducing plant downtime. Most customers I
able problems, our fundamental approach hasnt know are happy with 88% plant availability. They
changed. CONTROL recently caught up with plan to lose 5% on planned shutdowns, and the
Hird to discuss the IIoT by Honeywell and why other 7% just happens. So, theres a big payback
the company is uniquely positioned to help the if you can go after this 7%. The second problem
process industries to realize the IIoTs transforma- where the IIoT can help involves staying on spec.
tive potential. Product that doesnt meet specificationsor an in-
process batch that has to be thrown awaymight
Without rock-solid
cyber security, customers
are reticent to put data
up into their own
enterprise systems
let alone into the cloud.
Andrew Hird, Vice President and General
Manager, Digital Transformation, Honeywell
Process Solutions
An IIoT-enabled
vision for
process
automation
As functionality is securely redistributed across cloud and edge environments, process
automation systems will perform better and be easier to manage and maintain, too
T
he Industrial Internet of Things (IIoT), has Integration with legacy systems a given
the promise and potential to be the most Another distinction of the IIoT is that a factory
influential and disruptive influence on or processing plant is a very long-lived, capital-
automation since the advent of the microproces- intensive asset requiring long-term support in the
sor-based distributed control system (DCS). Early face of rapid technological advances. This reality
architectural styles are emerging for the broader requires support for existing, ageing equipment
IoT in which ubiquitous sensing is coupled to and infrastructure and a means of protecting
cloud-borne data analytics and storage systems. investments in intellectual property. As a result,
While these approaches are certainly viable for a many devices that will form part of the IIoT will
broad-class of IoT solutionssuch as for smart continue to communicate via existing, often older
grid and consumer-grade appliancesindustrial protocols and will need special mechanisms to
automation systems require a more considered integrate them into the wider IIoT environment.
approach. Bringing IoT ideas to the industrial enterprise
A fundamental difference is that the IIoT aims means reconciling and integrating them with
to enhance the operation and management of existing automation systems. Indeed, the IIoT is,
industrial production processes, many of which in spirit, an extension of concepts that Honeywell
involve exothermic reactions for which safety is a pioneered in the 1970s with the introduction of
primary concern. Security of IIoT-based systems the Totally Distributed Control system (the TDC
is also of paramount importance not just from a 2000 distributed control system, or DCS), a pre-
safety perspective, but also in cases of the produc- cursor to the IoT concept of edge computing. The
tion of essential and strategically important goods lower layers of a DCS tend to be autonomous,
and services. This concern results in more strin- with responsibility for the real-time control of the
gent security, reliability and availability require- process, while the layers above provide various su-
ments as well as the ability to continue operation pervisory capabilities including advanced control
with intermittent access to Internet resources. and human-machine interface (HMI) plus data
When failures do occur, the system must continue historian and planning and scheduling activities.
operation where possible or degrade gracefully, It is tempting to draw a direct comparison
deterministically and safely. between the DCS of today and the IIoT-based
automation system of the future and claim that tectural qualities provided by the Purdue model
we are already doing IIoT, but to do so ignores the (safety, security, reliability, efficiency) are main-
significant changes to the DCS, as we understand tained and enhanced within an IIoT-based struc-
it, that will occur with the introduction of the ture. Level 1 of the Purdue model, basic control,
IIoT. The IIoT arises from the combination of core moves to the edge in the IoT model, while Level
DCS concepts such as local, high availability real- 4, business planning and logistics, moves to the
time control of industrial processes together with cloud. There is also a strong argument for mov-
the technologies and architectures that enable the ing much of Level 2, area control, to the edge for
IoT (Figure 1). performance, security and reliability reasons. The
Some of the key differences between an IIoT functionality represented by Level 3, site manufac-
architecture and a conventional DCS architecture turing operations, will be split between cloud and
can be illustrated by comparing the architectures edge depending on the balance of key system qual-
at their highest levels (Figure 2). The structure of a ity attributes. History, advanced process control,
DCS and associated applications typically con- batch and alarm management are all examples of
forms to the well understood Purdue Enterprise functions that can be deployed either in the cloud,
Reference Architecture developed in the 1990s. on premise in embedded devices, or both.
This abstract model typically has a correspond- Moving functionality to either the cloud or the
ing realization in the topology of the system in edge represents a tradeoff amongst a number of
which boundaries between levels are often ex- system qualities. For example, moving function-
pressed as network boundaries across which secu- ality to the edge can improve performance and
rity can be enforced. The IIoT architecture illus- reliability at the expense of having to provision
trated in Figure 1 is, at the highest level, separated and manage functionality distributed across a
into two major subdivisionsthe edge and the large number of devices. On the other hand, mov-
cloud. This structure can be further broken down ing functionality to the cloud makes it easier to
into the seven-level model shown in Figure 2. install, scale up, upgrade and retire at the expense
Applying an IIoT architecture to an industrial of the functionality being remote from the devices
enterprise requires reconciling these two different and controllers on which the functionality may
organizational structures so that the key archi- depend. In general, the move to an IIoT-based
The Edge
Real Time
Edge Edge Control
Gateway Gateway
HMI
HMI HMI
Figure 1. The Industrial IoT arises from the combination of core DCS concepts such as local, high availability real-time
control of industrial processes together with the technologies and architectures that enable the IoT.
Figure 2. The traditional Purdue Enterprise Reference Architecture model (left) compared with Ciscos Internet of Things
Reference Model (right).
architecture will result in a system unconstrained Such legacy components do not disappear in an
by the hierarchical structure of a DCS. IIoT-based system but are confined to the edge
computing environment to which access is strictly
Improved support for key operational objectives controlled. Access to legacy DCS components, via
The overriding concern in any industrial enterprise edge gateway devices, involves both access control
is safety, for which there are well-developed sets of and secure communications.
practices and standards. For example, the safety Another vulnerability in current automation
integrity level (SIL) model provides a quantitative systems stems from the use of open systems plat-
measure of the risk reduction provided by safety forms, particularly in Levels 2 and higher in the
instrumented systems (SIS) that are responsible for Purdue model. These platforms pose risks due to
the basic safety of a process and formalized in IEC their widespread use across many domains, mak-
61511. There will continue to be a key role for SIS ing their vulnerabilities and associated exploits
at the edge in any IIoT-based automation system. well understood. The IIoT helps address these
A concern closely related to safety is that of issues by pushing automation system functional-
securityboth physical and cyber. Unless an ity either down into the hardened edge computing
automation system is secure from unauthorized environment or up into the cloud. The cloud com-
access and activity its safety cannot be guaranteed. puting environment has rich access control and
Cyber secure operations require a combination of communications security mechanisms built-in, and
protective measures, inherently secure communica- the centralized nature of the infrastructure makes
tions and active monitoring systems to detect and it much easier to maintain in order to address
mitigate any unauthorized activity across the net- vulnerabilities that are discovered.
work. Aside from preventing compromises to the Overall reliability of the automation system
safety of the plant, security also serves to protect can be enhanced both by pushing functions out
the intellectual property inherent in an industrial to the edge and into the cloud. As with safety,
process itself and the procedures for planning, pushing functions, especially control functions,
scheduling, executing, maintaining and optimizing out to the edge allows those functions to act more
production on the process. autonomously, reducing potential causes of failure.
Many existing DCS components have no Moving functions into the cloud allows them to be
inherent security built in. For example, they may more easily managed, maintained and upgraded.
lack any explicit access control mechanism and Further, the decoupling of edge and cloud-based
may transmit data on the network in plain text. functions allows them to be managed more inde-
pendently, again allowing the system to remain existing equipment to be integrated into and IIoT
operational through a range of life-cycle events. architecture in a secure way.
With a production process that is running safely, Maintaining safety: Established SIL qualifica-
securely and reliably, attention can turn to mak- tions of equipment and systems in an automation
ing production as efficient as possible in order to system are central to it maintaining safe opera-
maximize profitability of the enterprise. The IIoT tions. Any move to new deployment patterns and
approach can help improve decision-making by new devices needs to maintain existing SIL levels.
delivering timely information in the right format Of course, the same applies to maintaining secure
to the right people (and systems)wherever they operations. In both cases, the evolution of the
may be located. system should be seen as an opportunity to not
The ability to collect more data from uncorrelat- only maintain levels of safety and security, but to
ed sources also provides opportunities for apply- enhance them beyond their current levels.
ing data analytics, modeling, and machine learning On-process updates: As changes to a system are
techniques to gain better insight into the current introduced, they need to be done in a way that
and future state of the enterprise. does not interrupt or compromise plant produc-
tion. Hardware and software updates as well as
Getting from here to there enhancements should be done on process.
The benefits that flow from new and highly scal- Ongoing performance of existing systems: The
able deployment patterns, smarter devices, more IIoT encourages the collection of more data from
comprehensive data collection and analytics, and more sources. While more data can be fodder for
broader reach through mobile applications are sig- improved analytics, the impact of this increased
nificant. However, achieving these benefits requires demand for data on the existing components of
an orderly transition from the automation system an automation system needs to be managed. There
of today to the automation system of the future. is little point in enabling new applications if their
As industry proceeds, we will need to consider the needs compromise the core mission of the automa-
following key aspects: tion system.
Preservation of core intellectual property: The good news is that Honeywell Process Solu-
Customers typically have very large engineer- tions has a long history of exactly this sort of
ing and intellectual property investments in their system evolution. The evolution of TDC 2000 to
automation systems. Control strategies, supervi- TDC 3000 and on to Experion Process Knowledge
sory applications, and operator graphics need to System demonstrates Honeywells ability to insti-
be preserved as the automation system evolves. tute significant architectural change in automation
Re-engineering these is expensive and adds little systems while honoring the key principles outlined
value. It is far better to preserve this investment ei- above. This evolution continues as Experion PKS
ther by providing ongoing support for these items evolves toward the IIoT.
in their current form or by providing high fidelity In many ways, the IIoT represents an undiscov-
translation to new forms. ered country, full of promise, but waiting to be
Preservation of in-place equipment: In addi- explored and mapped.
tion to the engineering content of an automa- The IIoT by Honeywell vision is of a new form
tion system there exists a tremendous amount of of automation system architecture that balances
associated equipment. Ripping and replacing is the computational and life-cycle benefits of cloud
seldom feasible or cost effective, so it is imperative computing with the requisite on-premise, appli-
that evolution to the IIoT accommodate existing ance-hosted capabilities necessary to provide safe,
systems. A key strategy here is to provide support secure and long-lasting automation for complex
for existing communications protocols that allows manufacturing systems and processes.
1 01:00 AM
OPERATOR:
"Oh, there's a product quality alarm on the New Overhead Q
fractionator. The feed and controls look
normal. What is causing this problem?
Better contact the Process Engineer."
Feed Comp Prev
Overhead Quality
Uniformance A
creates Operato
2 08:00 AM
PROCESS ENGINEER:
"It is easy to search and explore visual data
to confirm the off-spec problem has hap-
pened before. I will contact our
Corporate Expert.
Overhead Quality
Flooding
Feed Comp
Flexible visual da
Uniformance Insight on all fractionato
visualization tools allow navigation is enabled with th
to the fractionator data without asset model.
knowing cryptic tag names.
S-8 Advertising supplement to CONTROL
roduct quality and reliability in a process plant impacts company
rofit. Honeywell's cloud-enabled Uniformance Suite, with advanced
nalytics, enables rapid discovery of the root cause and deployment of
n online, predictive monitoring solution.
4 PROCESS ENGINEER:
04:00 PM
Asset Sentinel
or alerts.
3 02:00 PM
CORPORATE EXPERT:
I have isolated similar off-spec issues in
other plants with new visual pattern
searches and discovered relationships
in the data we didn't see before. We can
solve this problem.
CLOUD
HISTORIAN
Downtime
Quality Data
Uniformance PHD
ata exploration
ors across sites A B C
he common
T
he list of technologies that make possible for a variety of task such as data acquisition
the Industrial Internet of Things (IIoT) is (OPC DA) and alarms & events (OPC A&E). But
lengthy and includes technologies such as DCOM technology proved limited, for example,
cloud computing, big data analytics, embedded in its ability to facilitate cyber secure communi-
systems, wireless sensor networks and security cations. To address these and other issues, OPC
protocols. But communication standards form the Unified Architecture (OPC UA, also IEC 62541)
backbone of the IIoT in that they enable the se- was created to enable secure and reliable data
cure integration and interoperability of the many acquisition, information modeling and communi-
devices and software applications that participate cation among plant-floor devices, applications and
in the system of systems that is the IIoT. the enterprise.
OPC Unified Architecture (UA) offers a compel- A key OPC UA design objective was to prevent
ling solution for connecting applications within technology lock in, ensuring that OPC UA could
the IIoT.It provides for a layered model that embrace future technologies. To that end, OPC UA
separates the configuration, format and packaging defines services and related concepts in an abstract
of the information from the underlying security manner, then further defines mappings between
and communication protocols.Further, OPC UA the abstract specifications and the technologies
is broadly supported by both device manufactur- that can be used to implement them.
ers and software developers across the industrial Central to the design of OPC UA is scalabil-
automation space. Importantly, the specification ity.The specification defines the many complex
continues to evolve, with the addition of publish- feature sets available with OPC UA client and
subscribe connectivity common to cloud-side server applications.However, OPC UA is designed
participants in the Industrial IoT. in such a manner that individual implementations
need not support all possible feature sets in order
Scalable and future-proofed to be compliant with the specification.For ex-
The need for application interoperability and ample, implementation within a small, embedded
standardization in the control realm drove a device may support a profile that mandates only
consortium of automation suppliers to develop data-read capabilities together with a small set of
the original OPC specification in the early 1990s. address-space constructs. PC-based OPC UA serv-
Based on Microsoft DCOM technology, OPC ers, however, can support a profile that includes
Classic was extended to a suite of specifications many more features such as alarms and history.
OPC UA technology mappings are organized into their relationships are grouped together to form
three groups: data encodings, security protocols information models.
and transport protocols (Figure 1).Different map-
pings are combined together to create a profile.Cli- Companion specs for particular domains
ent and server applications can support one or Standardization committees associated with many
more profiles; however, a client and server must areas within automation and process control
each provide an implementation for at least one technologies have created or are creating OPC
profile in common in order to communicate. UA companion specifications.These companion
The OPC UA security model is a three-layer specifications extend the base OPC UA informa-
approach where each layer has specific security- tion model to describe objects and relationships
related responsibilities (Figure 2).The application of relevance to a particular domain.Examples
layer is responsible for transmitting plant informa- include OPC UA for FDI (Field Device Integra-
tion and real-time data from devices and between
a client and a server within a session. A session Binary Hybrid Web Services
Profile Profile Profiles
provides for user and authentication and autho-
rization and runs atop a secure channel that both
UA XML Data
signs and encrypts the data.The secure channel UA Binary
Encodings
also is responsible for mutual authentication and WS Secure
UA Secure Security
authorization between client and server applica- conversation conservation Protocols
tions.The transport layer is responsible for trans-
UA TCP
mitting and receiving the secured data, including SOAP
Transport
mechanisms for error recovery. HTTPS HTTP
Protocols
The OPC UA object model describes how
clients access information on the server.The TCP/IP
model defines a set of standardized node types
which can be used to represent objects within the
address space, object properties, methods, events Figure 1. OPC UA technology mappings are organized into
and relationships between objects.By building three groups: data encodings, security protocols and transport
on these elementary concepts, OPC UA enables protocols.Different mappings are combined together to cre-
the modelling of any object. Related objects and ate profiles based on an applications particular requirements.
Figure 2. The OPC UA security model reinforces security at all levels of the communication standard.
tion), PLCOpen (PLC programming), and BACNet To address this need, work is underway within
(building automation). the OPC Foundation to create a publish-subscribe
In addition to the generic information models model that complements the specifications origi-
specified by OPC UA and in companion standards, nal client-server model. With the OPC UA server
individual vendors are free to define new informa- acting as publisher, data is published to a global
tion models or extend existing information models space governed by existing middleware such as
tailored to their systems. Microsoft Azure. In contrast to the client-server
The OPC UA specification was created with the model where the UA client decides what to sub-
goal of enabling interoperability among products scribe to, the published datasets are configured
from different vendors. In order to ensure that a on the OPC UA server. Subscribers are recipients
product is actually compliant to the specification, of published dataset data and may or may not be
it must undergo a series of tests that certify com- OPC UA client applications. Subscribers must sim-
pliance to the specification. The OPC Foundation ply understand the message-oriented middleware
maintains an independent certification test labo- and the rules for decoding messages. Evaluation of
ratory that validates compliance to the specifica- candidate protocols currently is underway, includ-
tion, including fault and stress scenarios, as well ing Advanced Message Queuing Protocol (AMQP)
as verifying interoperability against a number of and UDP Multicast as well as Data-Distribution
reference clients and servers. Service Real-Time Publish-Subscribe Protocol
For developers, tools such as Honeywells (DDS-RTPS).
MatrikonOPC UA software development kit When this pub-sub functionality is incorporated
(SDK) can facilitate a fast track to specification- within OPC UA, one can conceive of domain-spe-
compliant OPC UA connectivity. The SDK allows cific usage scenarios includingpeer-to-peer control-
developers to quickly add pre-engineered OPC ler/device communication and delivery of process
UA connectivity to all their productsfrom small messages to advanced application clients connected
embedded devices to powerful PC-based servers via an enterprise service bus (where clients likely
without having to become OPC UA experts. reside outside of the local area network).
OPC Unified Architecture is an information-
Pub-sub extends client-server model centric layered architecture that is at once secure,
While these features form a solid foundation platform-independent, scalable, interoperable
as IIoT enablers, an additional key enabler is and object-oriented. The OPC Foundations agile
requireda data exchange model that is efficient, ability to enhance the base information model to
performant, robust as well as scalable for use with include publish-subscribe is further evidence of
one-to-many, many-to-one, or many-to-many its commitment to be a leading technology for
configurations. enabling the IIoT for years to come.