Loading data

Production Network: Transparent and Safe

Scalable Network Technology for access-protected Production of Aluminium Profiles

Production Network: Transparent and Safe

Machine Building

SAPA, Deutschland

Rackwitz,

Germany

With industrially certified, scalable network technology from a single source, a manufacturer of aluminum profiles has realized a high-performance, horizontally and vertically integrated data flow – and thus a high degree of transparency in its production.

Sapa relied on technology from Siemens from the beginning: The Scalance Industrial Wireless LAN (IWLAN) devices ensure that the previously error-prone optical communication in the plant along the profile extrusion routes in the aluminum processing are now highly available and failsafe. New requirements concerning real-time communication and Profinet connection in the production environment – to further increase productivity – necessitated the renewal of the network infrastructure. Within the framework of the CE certification of its products, Sapa reviewed certain production conditions in the plant. In the process, a so-called security quick check was performed together with consultants from Siemens, Sapa’s long-time supplier for electrical and automation technology. In general, the availability of the entire network was to be examined to assess the risks of system failures, e.g., caused by cyber-attacks, and their impact on production systems. The security analysis then revealed that the industrial suitability of individual network components as well as the access protection to switches, PCs, controllers, and communication processors in the field could be optimized. The same applies to the failsafe communication during the operation of the three trolleys for the transport of press tools and scrap. As a result, specific measures were derived and practical solutions developed together with the supplier – some of which are already implemented.

Systematic Network Management   One of the first measures was the use of the network management and diagnostics system Sinema Server from Siemens. With this software, the operator could quickly and conveniently get an overview of the “evolved” production network and continuously monitor it. The system – easily usable via a web browser – automatically recognizes conventional and industrial network components and automatically visualizes doubly assigned IP addresses in the network (in the latest V13 edition). It thus reliably prevents conflicts. The system clearly depicts the current states of network devices that can be sorted according to different criteria and allows for individual reports and analyses. The results can be visualized on HMI systems via web mechanisms, reports be automatically sent by e-mail to selected recipients, and malfunctions be reported by SMS. Once the infrastructure has been captured, the program monitors it and reports any change. With these means, the network could be appropriately redesigned to meet the needs of both the production and IT specialists in the company.

Reliable Production Backbone with Scalance X-300   As a result of the network monitoring with Sinema Server, an industrial-grade – i.e., a high-performance, rugged, and reliable – production backbone based on the fully modular, managed Industrial Ethernet switches Scalance XR324-12M was set up. Expanded IT functions are provided by the rugged Industrial Ethernet switches Scalance XR-300 from Siemens. Following a brief test operation with one of these switches, the existing devices by other manufacturers not explicitly designed for industrial use were replaced: Nine XR-300 switches now make up a stable, easily expandable production backbone. At present, this backbone is not closed to form a redundant ring, which however can be done later at any time. With it, the availability can be further increased. The connection to higher-level systems on the enterprise level is also possible. “We chose the rack switches because they fit into the existing 19” cabinets and because devices can be easily integrated into the network using a wide range of optical and electrical media types,” says Andreas Steinberg, who is responsible for the maintenance and automation technology of the production environment at Sapa. The devices are equipped with twelve ports (at the front in this case) for plug-in media modules with two ports each. Future expansions can thus be easily carried out, since the existing infrastructure can simply be supplemented. Some of the currently approximately 200 relevant participants in the field are connected to the backbone directly and some via subordinated managed Industrial Ethernet switches Scalance X-200 in decentralized control cabinets. As a result, a horizontally and vertically integrated, rugged, and reliable communication can be ensured production-wide. In addition, the switches from Siemens utilized feature a slot for a so-called C-Plug, a storage medium on which the current device configuration is saved. This device configuration can be quickly transferred to a replacement device through simple re-plugging. According to the persons in charge of the press plant, Siemens could be ensure that spare parts for all components would be available even after many years.

Access Protection from inside and outside   At the interfaces to the office world, special security modules from the product family Scalance S with integrated firewall provide a separation of the production systems, in particular from the World Wide Web. Thus only authorized internal and external users have access to the network components in the production. This ensures secure, but also convenient business operations. The remote maintenance of systems by external suppliers is also possible, which can be decisive for the availability. Standard as well is a protected remote access for the maintenance personnel via VPN (Virtual Private Network) tunnel – enabling them to quickly intervene in the case of malfunctions. Without this separation of the corporate and production networks, it is entirely conceivable that the failure of one participant in the corporate network causes the RST (Rapid Spanning Tree) protocol to automatically route through the production network, which under unfavorable conditions can increase the production network load to such a degree that its functionality can no longer be guaranteed. The risk of misuse is higher without this separation, too. “That’s why only certain communication protocols and participants are allowed. The access rights are reduced to a necessary, safe level, which could be implemented with the Siemens network technology,” explains Karsten Konschak, the head of IT at the Sapa site. In addition, the real-time capability of the network, among other things, provides for a failsafe communication.

RCoax as simple Solution Also easy to integrate into the whole ensemble are previously or in parallel modernized partial solutions to the mechanical backbone of the production – the overhead monorail system for transporting press tools (from the centralized high-bay warehouse to the preheating furnaces and presses) as well as scrap. The original optical communication system became more and more error-prone and also no longer met the requirements concerning functional safety when moving three trolleys in specific, worker-accessible zones. The solution – realized with Siemens assistance and Scalance IWLAN components – enables an interference-free failsafe, prioritized communication via Profinet/Profisafe and thus a safe operation under all circumstances. To this end, up to 130 m long, so-called RCoax cables (radiating cables) from Siemens are installed along the railway. These RCoax cables are IWLAN antennas, which were routed along the travel path – thus ensuring a homogenous WLAN field over the entire railway. They transmit the signals of the IWLAN clients in the network of the trolley-installed Simatic controllers to the associated IWLAN access points and vice versa – failsafe via an exactly defined radio field.

Powerful Network Technology is indispensable   Compared to the office world, network technology for the production demands considerably more with regard to performance, reliability, and availability. “The reliability of the communication is now more important than ever, since the strictly order-oriented production in smaller lot sizes results in more frequent production changeovers and thus a far greater exchange of data. This also applies to the following shopping cart transport system and the higher-level host computer,” states Steinberg. The progressing replacement of Profibus components with Profinet components will inevitable increase the number of network devices in the plant even more. A powerful network management thus becomes indispensable to keep track with reasonable effort. With the steps implemented so far and the components from Siemens, the persons in charge at Sapa in Rackwitz consider themselves on the right path. The added value of this total package – consisting of network technology ranging from IWLAN devices to switches to the monitoring system Sinema Server, and the new network infrastructure based on the results of the security check – stands out: The production network has become high-performing, highly available, and transparent. Additional modernization and integration projects have already been initiated.

Security becomes transparent – Security Quick Check reveals Vulnerabilities The result of the security quick check from Siemens includes an appraisal of the essential availability and security requirements, which provides a quick overview of how things stand in various security-relevant areas and points out potential risks. These can be evaluated and specific solution possibilities be developed.

Completion 2024

AWS Schäfer: Foundations for offshore wind power are built with IWLAN and control systems

Completion 2013

Wireless safety along the flight path

Completion 2022

WLAN-communication for the Augustusburg Cable Railway

ID: 21109