The worlds of operational technology (OT) and information technology (IT) are more tightly knit than ever before, owing to the explosion of the Internet of Things. As the number of OT/IT applications increases, however, so too does network complexity. Having an abstraction interface — that is, a layer that simplifies management between the OT and IT domains based on the OPC UA standard — can go a long way toward reducing this complexity.
For example, let’s say operators want to view process efficiency. If necessary, they might look at specific process values, such as temperature and pressure, to understand why machine efficiency may be drifting. The operators are unaware that the human machine interface (HMI) client is pulling and displaying data from sources as diverse as field devices on the plant floor, as well as IT servers on the business network. In this scenario, we have one HMI client talking to three different data sources.
Now, what happens if a change occurs? For example, maybe the temperature sensor is replaced or the server feeding the efficiency data is updated. How do you monitor or maintain this connection, and is this connection monitored and maintained from three or more client server interfaces?
One solution to these challenges is to deploy an architecture with a central OPC UA data integration layer. Our Secure Integration Server (SIS) from the dataFEED® product family is one such example that provides the abstraction interface necessary to handle changes or extensions within one domain (OT or IT) without any modifications required in the other. This OPC UA aggregator combines various OPC UA servers with the associated address spaces at the automation level. It then makes data available to IT applications via a stable OPC UA interface. And, SIS covers the entire range of OPC UA security functions, all while offering users a high degree of flexibility and lower integration and configuration costs.
To note, an address space is a representation of all the variables and tags that are made available via the OPC UA Server. Via address space filtering, specific controllers and information items are exposed to different OPC-UA clients. Instead of providing information and items for all the controllers, different subsets of information are provided to different clients, improving communication efficiency and and streamlining the architecture of the OPC-UA layers. Otherwise, each client would have to establish multiple connections to different plant controllers while dismissing the data that isn’t relevant for the application. Another advantage of address space filtering is that filters and configurations can be easily modified and reset as required, facilitating the integration of new applications and the adaptation to any northbound changes.
SIS supports all safety functions associated with the OPC UA standard. It also provides data for different users and applications, as well as support for multiple OPC UA endpoints (client or server) — each with its own certificates. In addition, SIS offers filtered access depending on the IP address and can detect Denial of Service attacks on OPC UA authentication.
SIS aggregates data from multiple sources in a server. It also provides extensive OPC UA service-based address space filtering — down to the OPC UA item level — and reduces configuration efforts. In terms of an abstraction interface, SIS provides a common, stable OT interface for various IT applications, as well as support for standardized address spaces. It also decouples investment decisions in IT and OT environments.
As an edge solution, SIS has benefits that are identical to those that result from using central cloud platforms. It also enables users to run local clients — for edge analytics, for example — in parallel with cloud-based applications.
To learn more about SIS, please visit our product page.