White Paper

SmartGlance Mobile Reporting Architecture and Data Security

Authors: Saadi Kermani, Manager Industry Applications & Solutions, Invensys Operations Management Bimal Mehta, Director, Industry Applications Management, Invensys Operations Management Steven L. Weygandt, Portfolio Consultant Partner Products, Invensys Operations Management Snehal Shah, CEO & Founder, Sarla Analytics

Whats Inside:
1. Introducing SmartGlance Mobile Reports 2. Architecture 3. Wonderware Mobile Reporting Connector: Collecting and Preparing the Reporting Content for Mobile Reporting 4. The SmartGlance Business Report Generator 5. The SmartGlance Mobile Application 6. Security 7. Conclusion

SmartGlance Mobile Reporting Architecture and Data Security

1. Introducing SmartGlance Mobile Reports

SmartGlance Mobile Reports offers managers and information workers within the manufacturing and process industries secure access to critical process data from anywhere using their existing smart phone or other mobile device. Integrated within the InFusion Enterprise Control System (ECS) platform, SmartGlance brings together data and information from a wide range of sources, providing familiar key metrics and graphical trends. Using an existing smart phone such as a Blackberry or iPhone, production management and information workers can view real-time production metrics either in tabular or even in high resolution graphical form, complete with support for international languages and date and time formats.

2. Architecture
SmartGlance Mobile Reports are a perfect complement to an existing ArchestrA-based plant automation solution. The provided .NET Wonderware Mobile Reporting Connector can retrieve data from the Wonderware Historian, Corporate Energy Management (CEM) Application or InTouch via Wonderware HMI Reports. SmartGlance can also aggregate data from any standard Microsoft SQL- or Oracle-based server database allowing a broader range of data to be accessible by plant workers. The SmartGlance offering also has an available API to allow further extensibility by third-party developer teams who desire maximum customization and control. The SmartGlance Mobile Reporting Solution Architecture consists of three major elements: A Wonderware Mobile Reporting Connector to aggregate tag data and reporting content from available plant intelligence The SmartGlance Business Report Generator to create and serve pre-defined or custom mobile reports The SmartGlance Mobile Application for iPhone, Blackberry and other supported mobile devices

Page 1

SmartGlance Mobile Reporting Architecture and Data Security

3. Wonderware Mobile Reporting Connector: Collecting and Preparing the Reporting Content for Mobile Reporting
Once a pre-defined mobile report has been selected or a custom report defined, the Wonderware Mobile Reporting Connector performs secure database queries against one or more data sets to aggregate the reporting content. The Wonderware Mobile Reporting Connector relies on the Microsoft Active Directory Security Model to define the users or groups that will have the appropriate permissions to view the controlled and managed content made available from the connector. The frequency of collecting reporting data content is configurable and can be set to user-defined periodic intervals or can be initiated on-demand All the data aggregation done by the connector is firewall friendly since it occurs behind the firewall and inside the organization Once the specified and controlled data aggregation has occurred, the resulting data set is then securely pushed to the SmartGlance Business Report Generator.

4. The SmartGlance Business Report Generator

The SmartGlance Business Report Generator parses, formats, prepares and localizes reporting content for tailor made or pre-defined reports for mobile devices. The SmartGlance Business Report Generator can be accessed as either a trusted hosted solution or implemented directly on customer premises. SmartGlance provides a hosted solution also known as Software as a Service (SaaS) to alleviate many of the common burdens of hosting a solution in-house. With a hosted solution, there are no up front capital expenditures for hardware and customers benefit from a maintenance-free and scalable mobile reporting solution for a low annual subscription rate.

5. The SmartGlance Mobile Application

Individual users can download the free SmartGlance App from the appropriate online application store. The native SmartGlance provides authorized users with reports specific to the users information needs. To ensure bandwidth is kept to a minimum, the SmartGlance application only downloads the reports needed while at the same time keeping users aware that specific reports have updated content.

Page 2

SmartGlance Mobile Reporting Architecture and Data Security

The diagram to the left illustrates the SmartGlance Mobile Reports Architecture. Data from PLCs and Field Devices connected through the ArchestrA System Platform, in addition to custom databases or application stores, provide the reporting content for the SmartGlance Reports Generator through Data Providers. Data Providers provide the mechanism to query the various data sources and collect the reporting content. The SmartGlance Configurator is used to configure reports and to associate the appropriate users to each report. The hosted Business Report Generator then manages the secure delivery of the prepared reports to authorized mobile devices for real-time review and analysis.

SmartGlance Mobile Reports Architecture

The diagram on the right illustrates the flow of information used in the SmartGlance Mobile Reports architecture. Valuable plant intelligence is queried against one or more data sources and the results are passed to the Wonderware Mobile Reporting Connector. The Connector, once configured using the Configurator, pushes the XML reporting content using Secure HTTP to the hosted SmartGlance Business Report Generator. The SmartGlance Business Report Generator then uses a specific mobile device APIs to securely deliver the final reports and report updates. Separately, a designated Administrative user can log into the SmartGlance Business Report Generator website to manage user and group privileges and report properties.

SmartGlance Mobile Reports Architecture - Protocols

Page 3

SmartGlance Mobile Reporting Architecture and Data Security

6. Security
The SmartGlance Mobile Reporting Solution has security measures built in throughout each element of its architecture. SmartGlance uses Microsoft and standard internet technologies for its data services platform, including Microsoft SQL Server, Web Services, HTTPS and ASP.NET. Data aggregation for the reporting content is all done within the customers network and behind the firewall so it is firewall friendly. Reports leverage the Microsoft Active Directory Security Model for complete control over which reports are made available to selected users and groups. Report Data is pushed in a controlled manner from the facility to a fixed and highly secure hosted location via HTTPS using 128-bit Encryption, independently verified by Thawte of Verisign, a thirdparty Security Certificate Authority. Only authorized mobile users and devices are allowed to download reports based on the three pillars of secure connectivity authentication, authorization and encryption (see explanation graphic on the right).

Secured Service

The architecture of the service is twofold. The data is transmitted from your companys database to Sarlas cloud hosting service and from Sarlas cloud hosting service to your cell phone or mobile device. The service is fully secured and embraces the three pillars of secure connectivity Authentication, Authorization and Encryption. The three foundations of Secured Service: AUTHENTICATION SmartGlance achieves authentication by registering the phone hardware with your login in the service. This registration ensures that only a Registered and Authenticated phone can access the SmartGlance service. Also, only Registered and Authorized users can send data to the SmartGlance service. So, the service is protected from all sides in terms of where data comes in and where data goes out. Each communication message has builtin authentication. AUTHORIZATION Mobile-Level authorization: In addition to hardware and device authentication mentioned above, the user must be authorized to use the service. Unless a user has a password, he will not be allowed to use the service and access data. So, the user must log in from his own phone and also must have his password to access the service. This level of authorization comes in handy if the user loses his phone hardware. Whoever finds the users phone will not be able to access this service without the users own password. Report-Level Authorization: When the company administrator sends the corporate data to SmartGlances hosted service, he is required to enter the email addresses of authorized viewers. So, each report that comes to the host system will have a list of email addresses that are authorized to view that report. So, if a user is not authorized to view a particular report, his email address will not be in the report. This is the ultimate level of security. ENCRYPTION All data communication from your companys database tot he Sarla hosting service and from the Sarla hosting service to your cell phone is controlled under full encryption (HTTPS) secured site verfied by a third party, Verisign Thawte security certificate. All data is encrypted prior to transmission to ensure security from any internet programs.

If a non-hosted approach is required, a secured plant-wide Wi-Fi network can be used as an alternative to cellular networks to still enable mobile reporting within the confines of the facility. This solution, although requiring a higher investment in resources and capital, would still allow the benefits of a SmartGlance Mobile Reports implementation, while keeping all data exchange and mobile reporting in a restricted space. SmartGlances data center is state-of-the-art, with protective measures to secure the facility, including temperature control, power, fire suppression and network bandwidth. Safeguards include: 24-inch raised floor Steel Seismic Bracing 256+/- fixed positioned, security cameras Level 5 bullet-resistant walls / glass (Kevlar-lined walls) in the front entry, lobby, guard station, and shipping and receiving areas 24 x 7 x 365 on-site security guards Data Center temperature maintained at 72 degrees F +/- 2 degrees 10 Caterpillar 2000KW (2.0MW) generators VESDA Very Early Smoke Detection and Alarm system; small white air sampling tubes draw air into chambers, where lasers analyze the air for smoke content Redundant OC48s

Page 4

SmartGlance Mobile Reporting Architecture and Data Security

7. Conclusion
The SmartGlance Mobile Reporting Solution is a convenient and simple way to bring meaningful real-time plant intelligence to both production workers and executives in your organization who already use smart phones and mobile devices. The hosted solution keeps your data safe and protected and is easily scaled and modified without the need for additional infrastructure investment to support your ongoing or future information needs.

Already have an iPhone or iPad? Start using SmartGlance right away! Log into the Apple App Store and search for SmartGlance or navigate to: http://itunes.apple.com/us/app/smartglance/id382617306?mt=8. Download the app and log in as a registered user with the following credentials: Username: demo@invensys.com Password: password For more information on how the SmartGlance Reporting Solution can help you, visit http://www.smartglance.com/.

Invensys Operations Management 5601 Granite Parkway III, #1000, Plano, TX 75024 Tel: (469) 365-6400 Fax: (469) 365-6401 iom.invensys.com Invensys, the Invensys logo, ArchestrA, Avantis, Eurotherm, Foxboro, IMServ, InFusion, SimSci-Esscor, Skelta, Triconex, and Wonderware are trademarks of Invensys plc, its subsidiaries or affiliates. All other brands and product names may be the trademarks or service marks of their representative owners. 2011 Invensys Systems, Inc. All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying, recording, broadcasting, or by any information storage and retrieval system, without permission in writing from Invensys Systems, Inc.

Rev. 04/11

PN WW-4077

Page 5