Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
11
CHAPTER 2
LITERATURE REVIEW
2.1 INTRODUCTION
This chapter deals with the general information on web-based
automation classification and reviews the existing web-based automation
solutions and problems related to Internet-based system. Subsequently, it
discusses the theoretical concepts of Internet–based supervisory control and
data acquisition. Important results reported by various authors are critically
reviewed in the following sections.
2.2 CLASSIFICATION OF EXISTING WORK IN WEB-BASED
AUTOMATION
Figure 2.1 Web-based industrial automation research approach
The Web-based automation research and development approach is
shown in Figure 2.1. Basically researchers approach in the three different
Web-Based
Automation
Research
Remote Monitoring
Remote Monitoring
and
Control
Reporting
and
Fault Diagnosis
12
categories as mentioned earlier: i) Web-based remote monitoring, ii) Web-
based remote monitoring and control and iii) Web-based reporting and fault
diagnosis. The further sections review the existing Web-based automation
solutions and problems related to Web-based system. Subsequently, it
discusses the theoretical concepts of Internet–based supervisory control and
information system.
2.3 WEB-BASED REMOTE MONITORING
2.3.1 Based on Client - Server Architecture
Bertocco et al (1998) described client–server architecture for
remote monitoring of instrumentation over the Internet network. The
proposed solution allows multi-user, multi-instrument sessions by means of a
queuing and instrument locking capability. A queue mechanism has been
added to the remote environment along with the possibility for each client to
query the actual server load. The communication between server and clients
can be obtained either at instrument level or by means of encoded requests in
order to reduce the network-imposed overhead.
Tso et al (2000) presented a study that indicates that a while a
number of frameworks related to global systems have been described in
contemporary publications, the detailed structure and formulation of the
central-monitoring mechanism of such a partnership system has not received
as much attention as it deserves. The proposed framework of a service
network is characterised by its coordinating as well as monitoring capabilities.
The main feature of the presented system is its rule-based reasoning capability
to convert a job request from clients into basic tasks which are to be carried
out by a group of virtual agents equipped with various defined capabilities.
Tso et al also presented a prototype program that has been developed and
13
tested in an emulated factory environment, thereby validating the application
of agent-based systems in enterprise networks.
Tommila et al (2001) discussed new ways of implementing existing
functions and defined that new functionality, e.g. management of hierarchical
structures and exception handling should be included in the basic control
platform and engineering tools. The current ‘flat’ collection of application
modules like loops and sequences had to be organised in a more hierarchical
fashion based on process structure. Each process system is seen as an
intelligent resource capable of performing different processing tasks. The
interaction mechanisms between different automation activities are defined on
the basis of object-oriented analysis and design and emerging international
standards. A standardised distribution middleware takes care of the needs
specific to the control domain. Above that, a higher level working
environment for the other system components of the control platform is
needed.
The client-server architecture devoted to the management of
measurement instruments over the Internet has been described by
Pianegiani et al (2003). The proposed architecture exploits the flexibility,
portability and network-oriented features of the Java language, thus avoiding
the use of proprietary, license-bound software tools. The central feature of the
proposed distributed measurement system is its easy extensibility. This
attribute results from the high level of abstraction of client-server application.
In order to verify the correct operation of the system, a specific application
has been developed to run a remote calibration procedure.
Kalaitzakis et al (2003) developed a Supervisory Control Data
Acquisition (SCADA) based remote monitoring system for renewable energy
systems. It is based on client / server architecture and it does not require a
physical connection, e.g. through network, serial communication port or
14
standard interface such as the IEEE-488 of the monitored system with data
collection server.
2.3.2 Design Phase requirements for Network Control System
Yang (2004) et al formulated the design phase requirements of
Internet-based control systems shown in Figure 2.2 which include
requirement specification, architecture design, control algorithm design,
interface design, and security and safety analysis. These links result in a range
of response time, resolution, reliability, and reparability depending upon the
level at which the connection is made. For example, if a fast response time is
required a link to the control loop level should be made. If only management
information is needed, the Internet should be linked with a higher level in the
information architecture such as the management level or the optimization
level.
Figure 2.2 Typical information architecture (Yang et al 2004)
Yang et al (2005) reported a study on Networked Control System
(NCS) historical review, recent revolution and research issues on NCS. Fast
15
development and major use of the Internet, a global information platform has
been created for control engineers allowing them to do the following:
Monitoring the condition of machinery via the Internet
Remotely control machine
Collaborate with skilled operators situated in geographically
diverse location
Integrate client needs in production lines
Manufacture on demand through the Internet
Provide students in distance learning locations with
experimental environments through real and virtual laboratories
Yang (2005) addressed many new challenges to control system
designers.
These challenges are summarized as follows:
System architecture design, i.e. how to structure this new type
of control system and where to place Internet in the control
system
Overcoming Web-related traffic delay, i.e. dealing with Internet
latency and data loss
Web-based interface design, i.e. how to provide an operator an
efficient operating environment
Concurrent user access, i.e. dealing with multiple users
operating the system simultaneously
Web-related safety and security, i.e. ensuring the safety and
security of remote control and stopping any malicious attacks
and mis-operation.
16
2.3.3 Applications of Web-Based Remote Monitoring
Crowley et al (2005) experimentally explored the implementation
of wireless sensor network with Global system for Mobile (GSM) based
communication for real-time temperature logging of seafood produce.
Subsequently the network developed and applied to the monitoring of whelk
catches from harvest to delivery at the processing plant. The GSM
communication has performed very well, especially in circumstances where
problems with poor network coverage were expected to be encountered.
Kimura and Kanda (2005) reported remote monitoring system as
one component of manufacturing support system. The proposed remote
monitoring system can support single-night unmanned night time operations
for diversified manufacturing from the operator’s home as the remote site.
According to the results, the remote monitoring system performed quite well
for providing backup of manufacturing systems during unmanned nighttime
operation.
De la rosa et al (2010) addressed the challenges and trends in the
development of web-based distributed Power Quality (PQ) measurement and
analysis using smart sensors. Registered users can configure the sensors,
adjust sensitivity levels and specify deployment location and email
notification addresses. The developed website also provides a number of ways
to view data from single or aggregated monitors. The authors addressed low
cost Internet power monitor, which is cost-effective at the single user level. In
addition, the reliance on standard web browsers eliminates the need for
significant investment in software and hardware infrastructure that is typically
required for other measurement systems.
Ong et al (2001) demonstrated existing SCADA with Java-based
application in power systems. The authors also addressed the design issue in
Graphical User interface (GUI). The proposed Web-based access tool can not
17
only be used for SCADA Systems via Intranet, Extranet or Internet, but also
can be readily used for information exchange among market operators via
Internet.
The development of a server database system for monitoring and
operational evaluation of remote Renewable Energy Sources (RES) plants is
presented by Papadakis et al (2005). Meteorological and operational
measurements recorded at multiple, remote RES plants are collected by a
centralized Data Base Management Systems (DBMS) in real-time. Remote
clients access the Data Base (DB) server using a properly developed interface
in order to create charts, calculate statistical and operational parameters
regarding each RES plant and perform DB administration actions. Also,
special knowledge of any programming language is required for the system
operator since all program functions are based on mouse driven GUIs.
The future wireless communication beyond third generation and the
challenges that modern industrial processes have to face are multimedia
information gathering and system integration through large investments and
adopting new methodology. Driven by a notable commercial interest, wireless
networks like GSM / IEEE 802.11 are now the focus of industrial attention,
because they provide numerous benefits, such as low cost, fast deployment
and the ability to develop new applications. However, wireless nets must
satisfy industrial requisites: scalability, flexibility, high availability, immunity
to interference, security and many others that are crucial in hazardous and
noisy environments. Wireless sensor network is a novel concept to which a
great research effort is devoted by Aretz et al (2001) and Egea-Lopez et al
(2005).
A formal methodology is proposed by Hussak and Yang (2007) to
reduce the amount of information displayed to remote human operators at
interfaces to large-scale process control plants of a certain type. The reduction
18
proceeds in reduced subsets of components, which give full information about
the state of the whole system, are generated by determining functional
dependencies between components.
The emerging field of web-based simulation is examined by
Page et al (2000) in terms of its relationship to the fundamental aspects of
simulation research and practice. Modeling is central to technological
advancement. But advancing technology impacts the modeling process as
well. As simulation becomes a desktop commodity, it will be available to
masses. This ubiquity is a mixed blessing. Having access to such a powerful
problem-solving technique is potentially quite valuable. On the other hand, to
the untrained user - a user with a what-you-see-is-what-you-get perspective
the potential to misapply the technique is great.
In subsequent research, Yucesan et al (2001), Kulijis and Paul
(2001) and Byrne et al (2010) have summarized the recent research on Web-
Based Simulation (WBS) and supporting tools, exploring the advantages and
disadvantages of WBS over classical simulation systems.
Sung et al (2001) designed a testbed for an Internet-based
Computer Aided Design (CAD) and Computer Aided Manufacturing (CAM)
system. It was specifically designed to be a networked, automated system
with a seamless communication flow from a client-side designer to a server-
side machining service. This includes a Web-based design tool in which
Design-for-Manufacturing information and machining rules constrain the
designer to manufacturable parts, a geometric representation called SIF-DSG
for unambiguous communication between client-side designer and server-side
process planner in an automated process planning system with several sub-
modules that convert an incoming design to a set of tool-paths for execution
on a 3-axis Computer Numeric Control (CNC) milling machine.
19
2.4 WEB-BASED REMOTE MONITORING AND CONTROL
Altun et al (2001) presented the study on Internet based process
control via Internet. The study is to show that any process can be managed
remotely with ease. Need for remote managing could appear in health-critical
or dangerous conditions, being far away from job, etc. It could be extremely
useful for managers to check or administer or just for taking information as if
using visual phone.
The scope of Internet based process control has been clearly
specified by Yang et al (2003). Internet-based control is only an extra control
level added to the existing process control hierarchy. The objective is to
enhance rather than replace computer-based process control systems. Six
essential design issues have been fully investigated which form the method
for design of such Internet-based process control systems. The design issues
include requirement specification, architecture selection, web-based user
interface design and control over the Internet with time delay, concurrent user
access and safety checking.
Su et al (2000) presented a two WAN model on distribution
management system. An integrated DMS consists of networked hardware and
software capable of monitoring and controlling the operations of substations
and feeders. Building a communication model allows one to determine if
leased line capacity or system hardware speeds will cause a bottleneck in the
system. The model contains sufficient details about the traffic load and their
performance characteristics. WAN modeling is aimed to verify whether
hardware design could accommodate the communications load and to avoid
overpaying for network equipments. Simulation results indicate that, to cover
feeder automation functions, a WAN with distributed processing capability
would provide better SCADA performance than an extension of the old
centralized system.
20
2.4.1 Web-based Virtual Laboratory
Ko et al (2001) presented the implementation of a web-based
laboratory experiment on a coupled tank apparatus, a Multi input – Multi
output (MIMO) system. The authors described the structure of virtual
laboratory, including its hardware and software structures. Discussion is given
on the use of Transmission Control protocol (TCP) as opposed to Common
Gateway Interface (CGI) for client–server communication as well as other
distinctive features of the implementation from the point of providing audio–
visual feedback. Also, structures of different controllers that can be used and
corresponding user interfaces were presented.
In his consequent work, Ko et al (2001) presented a general
methodology to create a web-based remote virtual laboratory for frequency
modulation experiment. Based on the existing methodology, a frequency
modulation experiment for students taking a course on communication
principles has been developed. It enables students to have a natural hands-on
experience of using an expensive spectrum analyzer on a one-to-one basis,
and provides a solution for distant engineering education. The system uses a
Double Client–Server Structure (DCSS), where access to the experiment is
via two rounds of client–server processing.
2.4.2 Web-Based Control Applications
Yang et al (2004) presented the challenges in design of Internet-based control system for an Internet-enabled arm robot. The issues likeInternet latency, user interface issues and concurrent user access have beenaddressed. The open control structure and a dual- rate control structure arepresented to overcome the Internet time delay problem. A multimedia basedsimulator was implemented as a web client for a flexible, direct and easy-userinterface.
21
Alkar and Buhur (2005) developed a low cost, flexible, wirelesssolution to home automation. The system is secured for access from outsidethrough an SSL algorithm protected server. The users are expected to acquirelogin and password to access the site. This adds protection from unauthorizedaccesses.
Yuksekkaya et al (2006) presented the design and implementationof an interactive home automation system with GSM, Internet accessibilityand speech features. Internet provides access to full features of the systemthrough an interactive Web interface. As mobility in the world increases, theneed to control home from remote locations also increases. The GSM is anexcellent choice for this due to its extensive coverage. The whole system issecured through a login password based authentication. The design iscompletely wireless and integrated with the software to form a low-cost,robust and easily operable system.
Ozdemir and Karacor (2006) published work on mobile phonebased SCADA. Study results showed that the conditions in a process plant ofan automation system are harsh and the site is remote. Resources for datacommunication are difficult to obtain under these conditions, thus a wirelesschannel communication through a mobile phone is practical and efficient in aprocess control environment. Also, monitoring and control of the plantprocess is performed with the use of present GSM base stations, where nocost of network setting is required. Exchange of data with SCADA system isaccomplished through General Packet Radio Service (GPRS) or WirelessApplication Protocol (WAP), so the expenditure of connection is considerablylow.
Chang et al (2006) presented web-based remote electric load
supervision and control system with automatic meter reading and demand
control via Programmable Logic Controller (PLC). The authors also
addressed the architecture integration requirements and software integration
22
requirements like Visual Basic (VB) programs, ActiveX controls, Hypertext
Markup Language (HTML), ActiveX Data Objects (ADO), Remote Data
Service (RDS) and Active Server Page (ASP) to provide graphical control
interfaces to client with the ability to monitor/control electric loads remotely
through the Internet.
Villani et al (2006) presented a systematic approach for the
specification of remote monitoring and control systems. Each step approaches
the system under a different perspective and increases the level of detail of the
system specification. The steps are organized in questions in order to guide
and facilitate its applicability. In each step, a set of questions like role of
remote monitoring and control, advantages and limitation, kind of decision
that can be taken based on the available data in the remote destination,
software, hardware requirements and analyzing a different view of the remote
system are to be developed.
Sachin and Bolat (2009) developed remote monitoring and control
of OLE for Process Control (OPC) based systems realized at N different local
control points on the Internet by using the proposed Distributed OLE for
Process Control (DOPC) architecture. Thus, OPC - based local control
systems located in different places can communicate with each other on the
Internet without using bus architecture. In this system, which is independent
of devices and software, local control and monitoring centers can be
established and these centers can communicate with each other via the
Internet. Another unique characteristic of the system is that the data obtained
from the devices are transferred to the internet environment in the 1/0 format.
Thus, the data become globally accessible and can be readily used by every
kind of system. Data exchange between the local control point and the remote
control center is realized parametrically.
23
Aydogmus and Aydogmus (2009) implemented the Web-based
remote access laboratory using SCADA. For this purpose, a PLC-based
structure was developed to control the system. For monitoring and
supervising the system, a SCADA was installed in the experimental setup. An
induction motor was used for validation of the system. The Web-based
control system presented here consists of a client user, a Web server and an
Internet connection. The client users can access the real-time laboratory via a
Web server. The access to the lab is not restricted in time. Any student can
access the lab on or off the university campus at any time. But the issue
related internet security, latency not addressed.
Salihbegovic et al (2009) illustrated a standard SCADA and Human
Machine Interface (HMI) system, which has been significantly customized
and extended through its open hardware and software architecture. Network-
centered, distributed PLC system with SCADA functions and several levels of
field buses interconnected with HMI part of the system is described.
Configuration and PLC controllers programming, data server configuration,
operator panels design and way of managing the control system using a
standard Web browser, e.g. Internet Explorer issues are addressed.
Qiu et al (2000) described the Web-based SCADA display system
designed for World Wide Web (WWW) environment. The object-oriented
design approach and client/server module allow the user great flexibility to
dynamically interact with SCADA system. The user can view the real-time
data superimposed on one-line diagrams generated automatically using Very
Large Scale Integration (VLSI) placement and routing techniques. In addition,
the user can also control the operation of substation at the server site. The
choice of Java language offers unique and powerful features such as zero
client installation, on-demand access and platform independence to the design
of SCADA display system.
24
In his subsequent work, Qiu et al (2002) demonstrated a unique
Internet-based application in a substation automation system that is
implemented based on the existing SCADA system and VLSI Information
Technologies (IT). The user can view the real-time data superimposed on one-
line diagrams generated automatically using VLSI placement and routing
techniques. In addition, the user can also control the operation of substation at
server site. The choice of Java technologies, such as Java Native Interface
(JNI), Java Remote Method Invocation (RMI), and Enterprise Java Bean
(EJB), offers unique and powerful features, such as zero client installation,
on-demand access, platform independence, and transaction management for
the design of online SCADA display system.
Ferrero et al (2003) and Chirico et al (2005) discussed the
interactive on-line laboratory for remote education purpose which utilizes
Internet and World Wide Web. This allows efficient use of laboratory
equipment in both regular and laboratory courses, especially in a distance
learning environment. The implementation is based on client – server
architecture with Java for the client and Visual C for the server platform used
for the user interface environment.
The Java and Matlab based remote monitoring and control of
laboratory experiment demonstrated by Sanchez et al (2004) shows that users
can practice through the network and transparently to the actual locations of
devices under test in a multiuser concurrent way. The Web-based laboratory
exercises remove the traditional limitations on space, time and staff costs,
while offering the individual student more flexibility.
Da'na et.al (2008) presented the design and implementation of a
monitoring and control system for PLC-controlled processes. The proposed
architecture and results demonstrate the feasibility of using Transmission
Control Protocol/Internet Protocol (TCP/IP) and GSM protocols to
25
communicate effectively with PLCs with respect to both functions, of
monitoring and control. The system was tested using an industrial sorting
machine in a laboratory set up and had a very satisfactory performance. Also,
the proposed architecture was tested in a wireless environment and it
performed to the level of satisfaction.
Bayindir and Cetinceviz (2011) implemented water pumping
process control using PLC with Industrial Wireless Local Area Network
(IWLAN) technology. The design concepts and implementation of proposed
architecture and results demonstrate the feasibility of using IWLAN protocols
to communicate effectively with PLCs. The conventional, wired control
systems require trenching to lay new wire; repairing old wire or replacing
stolen copper wire can be extremely expensive. Wireless communication for
the water pump control solved these problems and provided a clear advantage
over wired control systems.
Lakshmi Sangeetha (2012) presented the cascade control system
through number of architectures, such as SCADA, PLC, OPC and internet.
The performance and effectiveness of individual architecture is evaluated on
the basis of data rate, rise time, peak time and settling time. It is observed that
the system performance has been improved when it has PLC interconnection
along with SCADA. This interface creates possibilities for accurate tracking
of set point modifications. Overall performance of the system is significantly
improved and eventually it becomes more stable.
26
Dzung et al (2005) presented an overview of the state-of-the-art
security technologies and best practices for industrial communication system
security, and a look into standardization in this area. The objectives of
communication security fundamentals such as confidentiality, integrity,
availability, authentication, authorization, auditability, nonrepudiability, third-
party protection are discussed. Table 2.1 contains a selection of the most
common security protocols and services they provide. The emphasis of these
security protocols is to protect against network-based attacks on the
communication links.
Thomas et al (2004) reported a work on design, commissioning,
and functioning of the SCADA and Energy Management System (EMS)
laboratory facility, based on distributed-processing technology. They
presented the design phase of laboratory requirements with system
architecture requirements like software as well as hardware, field design
details and commissioning phase challenges.
Muto (2003) described the development of XML system, which is
not only able to display the required information, but is also able to remotely
control equipment such as the Numeric Control (NC) machining tool, by
using the web browser through Internet technology. The XML system,
collection and display of information required for on-site management of a
factory can be performed using machine surveillance feature, the monitoring
feature using video camera, schedule management feature of a machine and
data analysis feature for a machine.
27
Table 2.1 Network layer and common security protocols
Layer Protocol SecurityProtocol
Confiden-tiality
Integrity Authentication
To besecured
Applica-tions
SOAP WS -Security
yes yes data origin Documentparts
SMTP PGP/ GnuPG yes yes message mailcontentS/MIME yes yes message
HTTP HTTP DigestAuthenti-cation
No Noa Userb User-to-server
Transportlayer
TCP SSHTransportlayerprotocol
yes yes Serverc Client(user)-to-server
SSl/TLS yes yes Serverd Client-to-server
Internetlayer
IP IPSec yese yes Hostf Host-to-host
Link layer PPP CHAP/PAP No No Client End-pointof link
Bluetooth Bluetoothsecurity
yes yes device Airinterface
WLANIEEE802.11
WEP/WPA/802.1X
yes yes device
a optional, but usually not implementedbserver(or mutual) authentication optionalcuser authentication provided by SSH User Authentication Protocoldclient authentication optionaleoptional, only in Encapsulated Security Payload(ESP)-modefdata origin authentication optional ,only in Authentication Header (AH) - mode
28
Kleines et al (2004) carried out the deterministic analysis response
from PLCs. The usage of PLCs in physics experiments offers numerous
advantages. They operate in a synchronous cyclic way with high
predictability. With regard to their real-time properties, they are adequate for
application scenarios that require a deterministic response time in the order of
a few milliseconds. Response times of 1 ms or even less require a very careful
selection of hardware components. When deterministic response times of less
than 0.5 ms are required, PLCs don’t seem to be appropriate.
Hurley and Lee (2005) presented the Web-based laboratory
exercise with remote access features. The author verifies that the design and
control realization of the physical system performs in a correct and robust
manner and can thus be used as an educational tool to highlight the various
concepts of switch mode power supplies and their control. The paper
demonstrates that Web-based laboratory exercises remove the traditional
limitations on space, time and staff costs, while offering the individual student
more flexibility.
Ugur et al (2010) described a web based remote automatic control
lab- Remote Automatic Control Laboratory (RACL) system. This is a system
that enables students to do real time control experiments from a remote
location (e.g. their homes) using internet and an ordinary web browser. By
using this system one can select an experiment, launch that experiment and
examine real time experiment outputs by looking at charts. The authors tried
to use free software tools when possible. Use of Java was an element that
reduced cost and development time. RACL also took positive views of both
students and educators. Students running experiments in a more relaxed and
comfortable environment made a quiet well learning progress.
29
Remote-access control system which allows users to perform
control lab experiments through Internet was presented by Ko et al (2000) and
Yeung and Huang (2003). Remote-access control system allows users to
perform control experiments through Internet. A DC motor control module
and virtual oscilloscope is used as an example to illustrate the design. The
system is composed of an internal distributed system and an application
system linked by a Data Acquisition (DAQ) interface card. Web server, video
server and Laboratory Virtual Instrument Engineering Workbench
(LabVIEW) controller server are designed based on a client–server structure.
Yu et al (2004) developed a Web-based interactive Control Design
and Analysis System (WCDAS) based on Ch (which is a C/C++ interpreter)
and Ch control systems tool kit was developed. Most functions in the system
support both continuous-time and discrete-time linear time-invariant systems
modeled in state space, transfer functions or zero-pole-gain representation.
Users can select a design and analysis method and specify system model type,
system type and system parameters in the web browser. These data are
transferred to the server for numerical computation and simulation results are
sent back to the client through the Common Gateway Interface (CGI). This
Web-based system is ideal for teaching as well as for solving practical
problems in control systems design and analysis.
Yang and Cao et al (2008) presented the research work that has
been carried out in networked control and wireless sensor networks, including
both theoretical developments, experimental and/or application research.
Internet-Based Control Systems (ICS) create a new window of opportunity for
control engineers, allowing them to monitor the condition of machinery
through internet, remotely control machines, collaborate with skilled
operators situated in geographically diverse location, integrate client needs in
production lines, manufacture on demand through the internet, provide
30
students in distance learning with experimental environments through real and
virtual laboratories. In addition, customers from every point in the Internet
can directly monitor the conditions of manufacturing, for making orders and
building their confidence on the enterprise.
Internet-based process control is to enable the operator to
appreciate more rapidly what is happening in process plants and to provide a
more stimulating problem-solving environment outside the central control
room Yang (2011). He also addressed the features of user interface in the
central control room as well Internet-based user interface limitations and steps
involved in Web-based user interface design, particularly selecting the most
suitable media to display the information.
2.4.3 Web-based Distance Learning Applications
Shen et al (1999) presented an interactive on-line laboratory for
remote education called Automated Internet Measurement Laboratory (AIM-
Lab), which utilizes the Internet and the World Wide Web (WWW). AIM-Lab
allows efficient use of laboratory equipment in both regular and laboratory
courses, especially in a distance learning environment. The approach uses
Java language for the client and Visual C for the server. This gives both
flexibility and system simplicity. Hence, engineering education can also
become attractive and available to groups of people that otherwise would be
precluded by distance and lack of resources.
Yang and Atly (2002) presented the characteristics of web-based
distance learning and design issues of web-based distributed simulator for
control experiments through the Internet, including architecture selection,
communication protocol, interface design and process modeling.
31
Web-based simulators designed for distance learning provide manyadvantages in terms of characteristics of the web and the strength ofsimulation-based learning. One of the most important advantages fordeveloping web-based dynamic simulators is availability of the system on theweb. The features of the web-based distance learning are explored. Based onthese features, the design issues of a web-based distributed simulator such asdistributed architecture, communication protocol, interface design and processmodeling have been addressed.
2.5 WEB-BASED REPORTING AND FAULT DIAGNOSIS
Abdel-Malek et al (1998) proposed a structure called telemanufacturing and developed a model to aid a company in selecting amongthe available technological and functional alternatives to maximize itsflexibility. The tele manufacturing structure requires the existence of twobasic components. The first is the availability of service providers, possiblyvia the Internet, in areas such as product development and design, processplanning, scheduling, etc. Second component is the existence of in-housecontrol system to orchestrate the activities and functions, acting like the brainof the system and final central authority prior to task execution. Severalcontrol systems currently exist and could be expanded to fit the context of telemanufacturing structure.
Architectural choices can profoundly impact how well we manageand control industrial processes. Indeed the scale and complexity of thetypical plant elevates the importance of architecture presented by Samad et al(2007). They also addressed the evolution of system architecture for processautomation starting from first Distributed Control System (DCS) to recentarchitecture development and emerging technologies for process automationsuch as wireless, intelligent networks devices, service oriented architecture.Finally, they emphasized the security challenge towards implementation ofInformation technologies and process automation.
32
Montreuil et al (2000) presented a strategic framework for
designing and operating agile manufacturing networks, enabling to
collaboratively plan, control and manage day-to-day contingencies in a
dynamic environment. It is based on a distributed collaborative vision of
manufacturing systems. Network-oriented organizational strategy is
implemented according to which a manufacturing business dynamically
organizes its operations through the configuration and activation of a
distributed network of interdependent responsible manufacturing centers.
Web-based engineering approach is proposed by Cheng et al (2001)
for implementing web-based design and manufacturing support systems. The
distributed architectures for these systems are presented with respect to their
implementation with Internet and Java programming in particular. The
approach is described in detail with a web-based bearing de sign support
system developed by the authors. Furthermore, the implementation issues of
web-based system are investigated, which are of significance for developing
web-based engineering systems.
Lan et al (2004) presented a work on web-based application for
networked manufacturing service system which helps the small and medium
enterprises by taking full advantage of the quickly evolving computer network
and information technologies. Architecture of the networked manufacturing
service system is proposed. A Java solution is used for constructing the
networked manufacturing service system based on the three-tier
Browser/Server mode.
Li (2005) reported a work on Web-based process planning service
that has been developed to support distributed product design and
development. A Web based system based on the service provides a
convenient platform for users to view and evaluate a design model effectively
through dynamically invoking remote process planning optimization service.
33
A distributed feature-based design system can generate design models in an
XML style feature representation to allow a web-based system to perform
feature-based viewing and manipulation. The Web-based service has been
integrated with a distributed feature-based design system and the later can
generate design models and re-represent them in an XML representation
based on Virtual Reality Modeling Language (VRML) and attributes of
features.
Wong and Siu (1995) and Liang (2010) proposed the Web-based
troubleshooting system for automotive refrigeration system using knowledge
engineering approach over the Internet. The importance of knowledge based
troubleshooting compared with the conventional trouble shooting method is
addressed. The proposed knowledge engineer techniques and experience
needed in the troubleshooting process of machining process selection
sequence and automotive refrigeration system by feasible knowledge
acquisition and representation method, shows the possibility to realize the
web-based diagnosis and optimization of automotive troubleshooting process.
The virtual presentation is a very useful mode for novices and helps students
to learn troubleshooting in automotive refrigeration system.
Zhang et al (2004) reviewed the current research challenges and
opportunities on state of the art emerging technologies for visualizing and
sharing product information among designers, production engineers and
managers, purchasing and marketing staff, suppliers and customers. They
emphasized that the Internet/Web-enabled advanced solutions are desirable to
adapt geographically distributed multidisciplinary product development teams
and heterogeneous software and hardware environments.
According to Lee (2003), e-manufacturing is a recent concept
developed to answer the needs of e-business strategies and meet the
requirements for the complete integration of all business elements including
34
all suppliers, customer service networks and manufacturing units through the
effective use of web-enabled computational tools and tether-free technologies.
E-manufacturing includes remote facilities with the ability to monitor the
plant floor assets, predict variation in performance, dynamically reschedule
production and maintenance operations, and synchronize related and
consequent actions in order to achieve a complete integration between
manufacturing systems and upper-level enterprise applications.
Zhan et al (2003) proposed a web-based collaborative product
design platform, which enables authorized users in geographically different
locations to have access to the company’s product data such as product
drawing files stored at designated servers and carry out product design work
simultaneously and collaboratively on any operating system. There is no need
for the users to install any utility software at their ends since the access is
based on a remote screen sharing technique built upon a Browser/Server and
thin client technology. This results in substantial saving in the cost and
product development time in a network environment.
Wu et al (2006) proposed a web-based multilayer distributed
software architecture solution for remote monitoring and fault diagnosis. In
order to tightly integrate legacy monitor systems, a component framework
model based on Component Object Model (COM) has been proposed, which
is very suitable for remote monitoring and fault diagnosis applications. This
system has the potential for exchanging a data acquisition system by using
wrapper service components. Mixed thick web client architecture is proposed
to implement real-time remote monitoring. A web-based remote monitoring
and fault diagnosis system is developed by using modeling technology, Web
application technology, component technology and VME extension for
instrumentation (VXI) bus technology, which publishes a fault diagnosis
algorithm package, a basic monitoring package and an advanced analysis
package on the Internet.
35
Jung et al (2001), Yao (2005) and Shin et al (2006) conducted an
experimental implementation for e-manufacturing and machining process
monitoring, since, global competition, manufacturing overseas has become
essential. However, the cost and induced problems of management traveling
overseas is undesirable. From his experimental analysis, an e-factory solution
is presented. Using the techniques of a client-server and web-based image
delivery, this study developed a remote platform that is able to successfully
monitor and control the factory plant through the Internet. More than
automation, e-factory solution is able to provide information about current
status and quality of production, including production trends, machine
availability, failure reports, critical events, and remote control and diagnosis
on manufacturing system.
Wang et al (2007) presented the conceptual design of a distributed
information system of condition monitoring and fault diagnosis for a gas
turbine-based power generation system. The importance and unique business
requirements are addressed for condition monitoring and fault diagnosis of a
gas turbine system. The required collaborative efforts from both the
manufacturer and the user issue were discussed.
Raghavendra Nagesh et al (2008) presented the real-time decision
support for energy relevant information to key individuals and departments
that enable them to improve energy performance. The system was developed
with help of real time data from different source systems such as SCADA,
AMR, Databases and Internet which is pushed into an On Line Transaction
Process (OLTP) and its immediate acquisition into On Line Analytical
Process (OLAP). The real time data can be compared with forecasted data and
with historical data for effective online energy management information
reporting system. This real time data can be acquired every minute to analyse
the end-to-end energy information for better decision making.
36
A new systematic approach by Park et al (2009) to detect the
process control network faults is presented. Although there have been
numerous studies on detecting network anomalies by investigating traffic
from the Internet data plane, monitoring and analyzing process control
networks has not been studied much thus far. However, existing IP network
diagnosis tools do not yet have the capability to understand the failures in
process control networks. Our fault detection system supports a very accurate
but flexible process that continuously trains itself to learn detection rules from
network metrics and user interpretation about already-known actual fault
cases.
Veera Ragavan et al (2012) implemented the service orientated
framework for industrial automation system with help of SCADA and
Extensible Messaging and Presence Protocol (XMPP). The proposed system
was built using Service bundles that were made to be flexible and modular.
Proposed system provides data acquisition and control which are done in real-
time and it provides near real time alarm event handling. GUI that facilitates
the ease of use was demonstrated. As Open Services Gateway initiative
(OSGi) Applications run on Java, the application prototype is platform and
hardware independent. Services were deployed on two popular platforms
namely Windows OS and Ubuntu OS. Prototype is scalable as it can be
integrated with Interactive Graphical SCADA System, which is an industry
standard SCADA software used world-wide. This will save the cost of
obtaining legacy Industrial Controllers for an Industrial Automation System.
Gligor and Turc (2012) proposed the improved SCADA system
architecture based on service oriented technology approach. The proposed
solutions enable migrations of existing SCADA systems progressively,
without decommissioning of the existing system. This can be seamless
solution for critical system that do not permit to be turned off. The Service-
37
Oriented Architecture (SOA) based solution enables integration of
heterogeneous solutions by using the XML standard in operation of the
system software components. Service-oriented approach offers the advantages
of a flexible and open solution adaptable to the needs for entire lifecycle of
the system. Service-oriented architecture allows developing more advanced
SCADA system by using new technology such as agent based and multi agent
systems.
Houyou and Huth (2011) report that the Internet of Things (IoT)
technologies have recently gained a lot of interest from numerous industries,
where devices, machines, sensors or simply things are talking to each other
over standard Internet technologies. The need for standardized technologies
and architectures to make networking these new applications is a challenge
that is addressed. The IoT has analysed a number of automation related
scenarios which clearly show the need for evolutionary steps towards more
flexible automation networks and the need to cut down costs by means of less
outage times and less management efforts. There is also an increasing need
for clear security strategies and scalable and automatic configuration
management for both SW/Firmware and devices.
2.6 REQUIREMENT SPECIFICATION FOR WEB-BASED
MONITORING AND CONTROL
To attain the main objectives of the present investigation and
experimental work it is necessary to understand the basic concepts behind
Web-based monitoring, control, reporting and fault diagnosis and other
related functional issues.
The advance in industrial control with technology transfer in thecontrol engineering domain created much attention in the Industrial sector aswell as academic research laboratories due to the recent revolution in Internet
38
and World Wide Web (WWW) that have created a new way of sharing theinformation for further processing. The impact of Internet with its greatpotential made possible the implementation of Internet - enabled controlsystem design for industrial application and academic laboratory purpose.
Internet-based monitoring and control are basically networkedcontrol system which uses Internet as the shared communication networkwhere direct/indirect control, monitoring and maintaining the plant fromgeographically different locations are made possible, which avoids expertsflying to diverse locations and allowing direct adjustment based on the plantconditions and market demands as stated by Yang (2005) et al.
Every system requires specification to achieve the targetfunctionality because requirement specification criteria may need differentsolutions. So, the fundamental requirement specification for Web-basedmonitoring and control systems includes architecture design, controlalgorithm, user interface design, multiple-user access and safety and securityaspects.
The traditional control system structure is shown in Figure 2.3.When the desired input is given by the operator to the controller, thecontroller will generate the control signal based on the feedback from sensor,which is the measured output from process.
Desired input Actual Output
+
_
Measured output
Figure 2.3 Traditional control system
CONTROLLER ACTUATOR PLANT
SENSOR
39
The typical Internet-based control functional diagram shown in
Figure 2.4 consists of plant and remote locations connected through Internet
enabled platform. Remote location system provides monitoring and adjusting
process parameters from any geographical location via Internet using standard
web browser and PC.
The obvious advantages of the approach are access to plant
parameters regardless the geographical locations using cost free standard web
browsers on the client side location. There is an extensive collaboration
between plant engineer, service provider and vendor.
Figure 2.4 Internet-based control system
2.6.1 Relationship between PC based control system and Web-based
control system
Computer based control system is most widely adopted in
industries to control the process. The typical Computer process control
networked architecture is shown in Figure 2.5 with the possible
implementation of Internet-based connectivity for remote monitoring.
Internet
Remote Location
LOCALCONTROLLER PLANT
40
The field bus protocol is used in computer control process to make
connectivity across the control panel and operator console and database,
supervisory maintenance tool and sensor and actuators level. Objectives of
establishing Internet-based remote monitoring are to enhance the computer
control process by adding extra Internet level in the automation hierarchy.
The additional Internet connectivity at different process levels are made
possible based on the requirement specification at remote monitoring side and
further details are discussed in the subsequent topics.
2.6.2 Information Hierarchy for Web-based system
The information hierarchies over an Internet based system shown in
Figure 2.5 are distinguished from each other by the principle criteria proposed
by Yang (2011). Response time may vary based on the level at which it is
being impacted. For example, at the regulatory level, i.e. control loop data
appears very quickly but information used at management scheduling can take
several days.
Resonance time at each data level may vary among the levels in
architecture. The reliability depends on response time and it must decrease as
one descends through the level of information hierarchy. Repair ability is
considered to be ease with which control and computing devices can be
maintained
41
Control Unit Control Unit
……..
Control Panel Operator Console / Supervisor maintenance
Data Base Server Tool
Computer Control – plant side (Networked)
…………… Sensors and Controllers
----------------------------------------------------------------------------------
Remote Monitoring – side
Figure 2.5 Computer based control with possible implementation of
Internet – based remote monitoring
42
Figure 2.6 Implementation of web-based automation hierarchy
The possible implementation of web-based automation hierarchy is
shown in Figure 2.6 Requirements specification for Internet connection at
each level in the automation hierarchy is taken into consideration.
However, the Internet enabled platform implementation is possible
from Individual Control level, Group control level, Supervisory level and
Management level. Table 2.2 shows simple possible links between the web-
based supervisory control level and existing control level. This table will help
to choose the Internet level with the existing level as stated by Yang et al
(2005).
43
Table 2.2 Features and limitation of possible links between the
Web-based supervisory control levels and existing control
levels
ExistingInformation
level
Informationexchange
Advantages Limitations
Managementlevel
Commercialdata systems
Transmitscommercial data tocustomers andmanagers effectively
Not suitablefor real-timemonitoring andcontrol tasks
Supervisorylevel
ProcessDatabase
Easy access to real-time status of processplants, suitable forimplementingadvanced control
Missingmanagementinformation
Regulatorylevel
PLC, controlunit
Allows controllers todirectly talk to theinternet
Introduces ahigh risk ofbeing attackedby malicioushackers
Sensor/actuatorlevel
Smartdevices
Monitors andcontrols the smartdevices directly fromthe internet
Introduces ahigh risk ofbeing attackedby malicioushackers
2.7 WEB-BASED USER INTERFACE ISSUES
The web-based user interface should be designed appropriately
with the conventional computer control of process. The web-based user
interface in Internet-based process control is to enable the plant engineer and
44
operator to update current status of the plant and to provide more information
on status and the problem solving environment, when staying away from the
plant.
The various design streams are available in Table 2.3 to create
Web-based user interface such as video interface, animation and graphics.
Each interface has its own advantage and limitation over Web- based data
transfer environment. The main Web-based design functions are process
operation functions and process monitoring functions. Process visualization
function, process flow chart and process trend functions of the plant need to
be transferred in the Web-based user interface.
Table 2.3 Web-based user interface types
S.No Design Mode of Information Interface
1. Graphics & Animation Quantitative, animated
2. Video Real
3. Trend and Charts Quantitative, Graphical userinterface
In the following way design of web-based user interface may be
carried out for effective and efficient remote monitoring. Text-graphics,
still-animated and numbers are more precise, qualitative and quantitative than
video based user interface. SCADA is a better platform for the above
mentioned design and development environment. It is flexible to the plant
operator as well remote user interface standards.
SCADA platform obeys design principles stated by Kawai (1997)
for better plant operation as well remote end-user interface operation.
45
Judgment – A System designer should consider the principle that the
computer should not replace the judgment functions of operators by providing
information on transparency of dynamic process and supporting information
of automatic output functions.
Dialogue – A System designer should take into consideration the dialogue
function in the interface design by ensuring the consistency of interaction and
providing flexible interactive functions.
Monitoring – A System designer should consider the principle that the
monitoring function is the basic one in the interface design and should
provide global information access functions to the users.
Operation – A System designer should provide a promising environment for
the users to make fast responses in interaction and directly manipulate the
process.
2.8 WEB-BASED REAL-TIME DATA PROCESSING
The basic requirement in any successful application of a web based
system is efficient real-time processing and data transfer over the Internet. In
a significant number of real-world environments, real- time web-based
systems involve transfer and exchange of large amounts of numerical data
over the Internet as mentioned by Yang (2011).
The heterogeneity and limited traffic resources of the Internet
considerably complicate the transfer of such bulky data for example, if a
number of clients simultaneously try to connect with the same server or
multiple data sources are accessed over the Internet via different platforms.
Such situations require a data transfer format that has to be acceptable to
heterogeneous platforms. Additionally, large amount of data, such as
46
graphics, desktop videos and images uploaded to the Internet are
increasingly being accessed, while, at the same time, the bandwidth available
for communication is limited because of the increasing popularity of the
Internet.
Widener et al (2001) used a number of wrapped message formats,
using the eXtensible Mark-up Language (XML) to provide flexible run-time
metadata definitions that facilitated an efficient binary communication
mechanism. Clarke et al. (2001) set up a distributed interactive computing
environment, using the eXtensible Data Model and Format (XDMF), which
incorporated network distributed global memory, Hierarchical Data Format
(HDF) and XML for high performance computing applications. XDMF is an
active, common data hub used to pass values and metadata in a standard
fashion between application modules and to provide computational engines in
a modern computing environment.
Nam and Sussman (2003) implemented the HDF format to
store National Aeronautics and Space Administration (NASA) remote
sensing data within a specific schema. The Web-based SCADA targeted a
new standard together with a generic architecture for handling numerical data,
in addition to enabling process control, monitoring, and optimization via the
web.
2.8.1 Features of Real-Time Data Transfer
In Web-based systems, real-time data often need to be exchanged
between plant system components, such as sensors, actuator and controllers,
via the Internet. Such real-time data normally have the following features as
stated by Yang et al (2004) as follows:
47
Timeliness - Real-time data are time sensitive and have strict
time restrictions. The correctness of a system depends not only on the logical
correctness of any computations performed, but also on time factors; late data
in a stream will result in a media information interruption, while very early
data can cause buffer overflow.
Heterogeneity and complexity - Scientific data measure
physical phenomena and extends to a large range of data types. Sampling
scientific data can be a single binary number, a series of numbers
describing physical phenomena, or text and image descriptions of physical
devices. A data record may have blocks of many thousands entries, with data
corresponding to different times, positions, measuring points, and variables.
Server Push - Real-time applications can be categorized into
interactive and streamed applications. Interactive applications are
characterized by a two-way exchange of data, examples of which are
Internet telephony and distributed simulations. Streamed applications, on the
other hand, are essentially one-way flow of information, such as remote
monitoring systems. Data exchange in both types of application is pushed by
a server, which is responsible for setting up a communication channel,
initiating the transmission of data and providing various data access services
to remote clients.
2.8.2 Requirements for Web-based Automation: Ideal Network
Infrastructure
Internet is a public transmission media, which could be used by
many end users for different purposes. In order to achieve Web-based
automation solutions, Yang et al (2004) proposed the following ideal network
infrastructure mechanism requirements.
48
(i) Real-time transmission should provide the appearance
boundary of transmission time, which can be programmed
from API.
(ii) Reasonably reliable transmission should provide
connection-oriented and retransmission mechanism. During
certain transmission time, it maximizes the effort to
guarantee information delivery.
(iii) As far as timeout notification mechanism, when a certain
time has passed by, it should terminate sending and/or
receiving actions and inform the application. This is vital
information for the application to efficiently deal with time
delay and data loss condition.
(iv) The control system communication could involve several
catalogues of control signal. Depending on the crucial level
for the control system execution, priority levels are assigned
to different catalogue signals. According to the priority, the
most crucial control signal should have the highest priority to
be transmitted, while those with less priority are transmitted
afterwards.
(v) In time synchronization, since the control systems are not
only logically but also physically distributed around the
world, it is essential to synchronize the clock of the different
part of system, so that the control action can be coordinated.
Any local network will be protected by one or more firewalls.
Internet-based control systems need to penetrate these firewalls and establish a
connection between any two nodes on the Internet. The ideal network
infrastructure involves the consideration of Internet transmission behaviors
from the control system perspective and requires a new control structure and
time delay compensation elements for Internet-based control systems.
49
2.9 SAFETY AND SECURITY ISSUES
Web-based automation uses Internet as a medium rather than any
other medium of communication and Internet automation solutions has both
safety and security risks due to its communication nature. By implementing
firewall, user access authentication, communication encryption and access log
helps the plant and remote end user better safety and security access, but would
never be able to prevent attacks by malicious hackers.
Table 2.4 Safety and Security aspects
S.No Safety aspects Security aspects
1. Safety is concerned withreducing risk of danger tohealth of person,equipment, and propertywith respect to accidentalerrors.
Security mainly concernsconfidentiality, integrity andauthentication with respect tointentional misuse.
2. Safety can in most of thecases be based onstatistical observations.
In security, the risk has to be basedon losses in comparison to theefforts of deploying countermeasures.
3. Safety requirements canbe quantified with anerror probability per hour.
Security is a trade-off between thecost of potential damage and thecost of security counter measures.
The safety and security aspects are having closer aspects between
each other. In the safety analysis, weakness and dangers are called failure
mechanisms and hazards, but they can be considered to be the same. In the
security domains, the counter measures that need to be put in place to
counter any risks are access controls, firewalls, etc., The below mentioned
Table 2.4 gives the important aspects between safety and security.
50
2.9.1 Security Checking
This section presents a framework proposed by Yang and Yang
(2007) for security checking aspects. The proposed approach for safety
checking has been used for security checking due to the similarity of
security and safety checking. Figure 2.7 shows a comprehensive intruding
path from breaking the Firewall (node A1) to cause a fatal accident (node E5)
through intruding into the Intranet (node A2), intruding into the local control
system (node B2), altering control parameters (node C3) and causing
abnormal process conditions (node D4). Time goes from left to right and the
degree of risk increases from bottom to top. Cutting off the path that starts at
the node A1 and ends at the node E5, at any point, will prevent the fatal
accident from happening. Figure 2.7 gives four possible points at which the
path from A1 to E5 might be cut off:
(i) Cutting the path between the nodes A2 and B2 by detecting
and shutting out the intrusion from the Intranet (nodes A3 and
A4). This solution has minimum risk to the process and purely
relies on the measures of the available network security and
physical security.
(ii) Cutting the path between the nodes B2 and C3 by detecting
the intrusion into the local control system (node B3), cutting
off the link with the external network (node B4) and allowing
the control system to run in isolation from the network.
(iii) Cutting the path between the nodes C3 and D4 by using a
safeguard to protect the process from an unexpected change
in control parameters. The safeguard might be based on a
simple threshold for a key process parameter or a complex
control performance index.
51
E5
D4 D5
C3 C4 C5
B5B2 B4
B3
A1 A2 A3 A4 A5
----------------------------------------------------------------------------------------
Internet
Figure 2.7 Framework of stopping a possible malicious attack
(Yang and Yang 2007)
Keepingin the safe
status
Breakingthe securityGateway
Intrudinginto
InternetDetectingIntrusion
Blockingout
Intrusion
NormalOperation
AlteringControl
Parameters
DetectingIntrusion
Disconnecting
Externalnetwork
NormalOperationwithIsolatedcontrolNetwork
Intrudinginto
controlSystem
Protectingby a
safeguard
CausingAbnormalProcess
Conditions
NormalShutdownTrigged byInter-lock
CausingFatal
Accident
InternetAttack
52
(iv) Cutting the path between the nodes D4 and E5 by activating
a Safety Interlock System (SIS) to trigger the normal
shutdown procedure. This is the last possible point of
preventing a possible fatal accident and causes maximal loss
to the process. The SIS has been widely used and
independently implemented with Safety-critical control
systems Yang et al (2001).
2.10 VIRTUAL PRIVATE NETWORK
Virtual Private Network (VPN) is a full-featured Secure Sockets
Layer (SSL) VPN solution which can accommodate a wide range of
configurations, including remote access, site-to-site VPNs, Wi-Fi
security and enterprise-scale remote access solutions with load balancing,
failover, and fine-grained access-controls.
OpenVPN implements OSI layer 2 or 3 secure network extension
using the industry standard SSL and Transport Layer Security(TLS) protocol,
supports flexible client authentication methods based on certificates, smart
cards, and/or 2-factor authentication, and allows a user or group- specific
access control policies using firewall rules applied to the VPN virtual
interface. OpenVPN is not a web application proxy and does not operate
through a web browser. Linux, Windows 2000/XP and higher, Open
Berkeley Software Distribution (OBSD), FreeBSD, NetBSD, Mac OS X,
and Solaris and an OpenVPN Pocket PC port is under development.
2.10.1 Functions of OpenVPN
An open VPN tunnels any IP sub-network or virtual Ethernet
adapter over a single UDP or TCP port, configures a scalable, load-
balanced VPN server farm using one or more machines which can
handle thousands of dynamic connections from incoming VPN clients.
53
• Uses all of the encryption, authentication, and
certification features of the Open SSL library to protect your
private network traffic as it transits the internet
• Uses any cipher, key size, or Hash Message Authentication
Code (HMAC) digest (for datagram integrity checking)
supported by the OpenSSL library
• Chooses between static-key based conventional encryption or
certificate-based public key encryption
• Uses static, pre-shared keys or TLS-based dynamic key
exchange.
• Uses real-time adaptive link compression and traffic-
shaping to manage link bandwidth utilization.
• Tunnels networks whose public endpoints are dynamic such
as DHCP or dial-in clients.
2.10.2 OpenVPN Vs Other VPN Packages
Tunnels networks through connection-oriented state full firewalls
without having to use explicit firewall rules,
• Tunnels networks over Network Address Translation (NAT)
• Creates secure Ethernet bridges using virtual tap devices and
controls OpenVPN using a GUI on Windows or Mac OS.
OpenVPN principal strengths include cross-platform portability
across most of the known computing universe, excellent stability, scalability
to hundreds or thousands of clients, relatively easy installation and support
for dynamic IP addresses and NAT.
54
OpenVPN provides an extensible VPN framework which has
been designed to ease site-specific customization, such as providing the
capability to distribute a customized installation package to clients, or
supporting alternative authentication methods via OpenVPN plug-in
module interface.
OpenVPN offers a management interface which can be used to
remotely control or centrally manage an OpenVPN daemon. The management
interface can also be used to develop a GUI or web-based front-end
application for OpenVPN. On Windows, OpenVPN can read certificates and
private keys from smart cards which support the Windows Crypto API.
OpenVPN uses an industrial-strength security model designed to
protect against both passive and active attacks. OpenVPN security model is
based on using SSL/TLS for session authentication and the IPSec
Encapsulating Security Payload (ESP) protocol for secure tunnel transport
over User Datagram Protocol (UDP).
OpenVPN supports the X509 Public Key Infrastructure
(PKI) for session authentication, TLS protocol for key exchange, OpenSSL
cipher- independent EVP interface for encrypting tunnel data, and
HMAC-SHA1 algorithm for authenticating tunnel data. OpenVPN is built
for portability. A s o f n o w a t the time of this writing, OpenVPN runs
on Linux, Solaris, OpenBSD, FreeBSD, NetBSD, Mac OS X, and Windows
2000/XP. Because OpenVPN is written as a user-space daemon rather
than a kernel module or a complex modification to the IP layer, porting
efforts are dramatically simplified.
OpenVPN is easy to use. In general, a tunnel can be created and
configured with a single command (and without any required configuration
files). OpenVPN has been rigorously designed and tested to operate
robustly on unreliable networks.
55
A major design goal of OpenVPN is that it should be as responsive,
in terms of both normal operations and error recovery, as the underlying IP
layer that it is tunneling over. It means that if the IP layer goes down for 5
minutes, when it comes back, tunnel traffic will immediately resume
even if the outage is interfered with a dynamic key exchange which was
scheduled during that time.
OpenVPN has been built with a strongly modular design. All
of the crypto is handled by the OpenSSL library, and all of the IP
tunneling functionality is provided through the TUN/TAP virtual network
driver.
2.10.3 Authentication Modes
OpenVPN has two authentication modes explained by
Whitman et al (2011):
i) Static Key - Use a pre-shared static key
ii) TLS - Use SSL/TLS + certificates for authentication and key
exchange
In static key mode, a pre-shared key is generated and shared
between both OpenVPN peers before the tunnel is started. This static key
contains 4 independent keys: HMAC send, HMAC receive, encrypt and
decrypt. By default in static key mode, both hosts will use the same HMAC
key and the same encrypt/decrypt key. However, using the direction
parameter, it is possible to use all the four keys independently.
In SSL/TLS mode, an SSL session is established with
bidirectional authentication (i.e. Each side of the connection must present
its own certificate). If the SSL/TLS authentication succeeds,
56
encryption/decryption and HMAC key source material is then randomly
generated by OpenSSL's RAND bytes function and exchanged over the
SSL/TLS connection. Both sides of the connection contribute random source
material.
This mode never uses any key bidirectional, so each peer has a
distinct send HMAC, receive HMAC, packet encrypt, and packet decrypt key.
If key-method 2 is used, the actual keys are generated from the random
source material using the TLS PRF function. If -key-method 1 is used, the
keys are generated directly from the OpenSSL RAND bytes function. Key-
method 2 was introduced with OpenVPN 1.5.0 and is made default in
OpenVPN 2.0.
During SSL/TLS rekeying, there is a transition-window
parameter that permits overlap between old and new key usage, so there is
no time pressure or latency bottleneck during SSL/TLS renegotiations,
because SSL/TLS is designed to operate over a reliable transport.
OpenVPN provides a reliable transport layer on top of UDP. Once each
peer has its set of keys, the tunnel forwarding operation commences. The
encrypted packet is formatted as follows:
• HMAC (explicit IV, encrypted envelope)
• Explicit IV
• Encrypted Envelope
The plaintext of the encrypted envelope is formatted as follows:
• 64 bit sequence number
• Payload data, i.e. IP packet or Ethernet frame
57
The HMAC and explicit IV are outside the encrypted envelope.
The per-packet IV is randomized using a nonce-based PRNG that is initially
seeded from the OpenSSL Generate Pseudo-Random Bytes (RAND) function.
Media Access Control (MAC), encryption, and decryption functions are
provided by the OpenSSL EVP interface and allow the user to select an
arbitrary cipher, key size and message digest for HMAC. Blowfish is the
default cipher and SHA1 is the default message digest. The OpenSSL EVP
interface handles padding to an even multiple of block size using PKCS#5
padding. CBC-mode cipher usage is encouraged but not required.
One notable security improvement that OpenVPN provides over
vanilla TLS is that it gives user the opportunity to use a pre-shared
passphrase or static key in conjunction with a HMAC key to authenticate the
packets that are themselves part of the TLS handshake sequence.
This protects against buffer overflows in the OpenSSL TLS
implementation, because an attacker cannot even initiate a TLS handshake
without being able to generate packets with the current HMAC signature.
OpenVPN multiplexes the SSL/TLS session used for
authentication and key exchange with the actual encrypted tunnel data
stream. OpenVPN provides the SSL/TLS connection with a reliable transport
layer (as it is designed to operate over).
The actual IP packets, after being encrypted and signed with an
HMAC, are tunneled over UDP without any reliability layer. So if –protocol
UDP is used, no IP packets are tunneled over a reliable transport, eliminating
the problem of reliability-layer collisions. Of course, a TCP session is
tunneled over OpenVPN running in UDP mode; the TCP protocol itself will
provide the reliability layer.
58
This model has the benefit that SSL/TLS sees a reliable transportlayer while the IP packet forwarder sees an unreliable transport layer exactlywhat both components want to see. The reliability and authentication layersare completely independent of one another, i.e. the sequence number isembedded inside the HMAC-signed envelope and is not used forauthentication purposes.
2.11 MOBILE NETWORK AND GPRS
This section briefly discusses the mobile network role inWeb-based automation implementation. Over the recent past, a considerableamount of growth has been witnessed in the wireless industry, both in termsof mobile technology and subscribers because mobile networks play a vitalrole in our day to day affairs between man and machine to support demand formodern data and multimedia services along with voice communications.
During the initial stage research started up with the available 2Gmobile environment for design and implementation analysis and after theintroduction of 3G mobile network environment all the test and analysis isbeing carried in both the environments. This further section discusses thesalient features of mobile network and its important roles in theimplementation of industrial automation.
2.11.1 Second Generation (2G) Wireless Network
In the early 1990s, the second generation (2G) mobile networkbegan to evolve with a number of significant advancements over 1G wirelesssystem. Second generation (2G) systems use digital multiple accesstechnology, such as Time Division Multiple Access (TDMA) and CodeDivision Multiple Access (CDMA). The Global System for Mobile (GSM)uses TDMA technology to support multiple users. Widely used secondgeneration systems are GSM, which is the European standard.
59
The general components of 2G network is shown in Figure 2.8. In
general, a wide-area wireless network typically consists of a Radio Access
Network (RAN) to which the Mobile Terminal (MT) is wirelessly connected
in order to access the Core Network (CN).
RAN consists of wireless Base Stations (BS), and the BS provides
radio coverage over a geographical area called a cell. These radio cells are
typically arranged in an array using frequency-reusing technique for increased
spectrum efficiency. So, wide-area wireless systems are usually known as
cellular systems.
Mobile terminal Base Station Base Mobile Station Switching
Controller Center
Figure 2.8 General 2G - Network components
The other part of the system is the CN. CN is a wire-line network
used to interconnect RAN, and RAN to other networks, such as PSTN. In this
way, MT gets wider coverage. Mobile Switching Center (MSC) is the main
entity for CN.
There are several potential advantages of 2G systems over 1G as
follows:
2G is based on digital technology and it increases radio system
capacity and spectrum utilization efficiency. It also enhances
60
voices quality due to the improved method of error correction
mechanism
2G eliminates the major drawbacks of 1G system by supporting
roaming between network operators and between different
countries. To do this, standards for core networks are
introduced.
It supports not only circuit-switched voice communication, but
also mobile data and Internet services.
2.11.2 2.5G Wireless Network
The demand increases with the growth of number of mobile users,
and data services. 2G circuit –switched based data service with low rate 9.6
kbps will not be sufficient. At this time 2G has been enhanced with 2.5G that
supports packet data service.
GSM network derives the following two wireless networks shown
in Figure 2.9.
(i) General Packet Radio Services (GPRS) provides packet-
switched core network as an extension to the existing GSM core
network in order to support packet service over GSM radio
services.
(ii) Enhanced Data rates for Global GSM Evaluation (EDGE) uses
advanced modulation and channel coding techniques for
increased data rate 384 kpbs over GSM.
61
Figure 2.9 Major wireless 2.5G system
2.11.3 3G Wireless Network
Standardization work for 3G wireless networks began in the late
1990s. The main perspective of 3G networks is to deliver high-rate voice and
data service. The data rate for moving users is upto 144 kbps, 384 kbps for
pedestrian speeds and upto 2 Mbps to stationary users. The aim of 3G is to
support IP-based data, voice and multimedia services with integration to
Internet to provide useful Internet applications to mobile users. The improved
interoperability to handle mobility across different radio technologies among
different network providers is an important goal for 3G services.
It is to be mentioned that as 3G services aim to give real-time
voice, streaming and non-real time video, enhanced Quality of Service (QoS)
is a prime factor for 3G networks. The 3G systems aim to provide multi-
megabit Internet access with an ‘always on’ feature. The International
Telecommunication Union (ITU) formulated a plan (known as International
Mobile Telephone, IMT 2000) to implement a global frequency band in the
range of 2000 MHz to support single ubiquitous wireless communication all
over the world. Table 2.5 lists the data rate of 3G network in the different user
access conditions.
2.5G
GPRS EDGE CDMA One, IS-95B
62
Table 2.5 Data rate of 3G - Network
User access condition Data Rate
Indoor access 2 Mbps
Mobile user 384 Kbps
Moving vehicles 144 Kbps
In order to carry out the experimental work, the above discussed
different sections will act as a theoretical foundation for framing up the
experimental work and further analysis in the implementation. In the further
chapters, the thesis tries to address various solutions for web-based user
interface, multiple-user access level, latency in 2G and 3G network, safety
and security communication over Internet enabled platform between plant and
remote user access. The detailed experimental procedures involved in each
stage of the experimental work are briefed in the further chapters.
2.12 SUMMARY
This chapter presents a review on the existing web-based remote
monitoring, control and reporting with fault diagnosis methods. The literature
review covers different topics, techniques, methods and approaches that are
attempted in the academic research as well industrial practices. The literature
review is basically categorized into three major research themes as follows:
practical use of Web-based remote monitoring, control and report with fault
diagnosis.
From the literature review, it is understood that the web-based
remote monitoring, control, reporting and fault diagnosis offers many
advantages over conventional methods. However, most of the reported
63
research papers focus on monitoring and control for experimental as well
manufacturing service system. Very few papers are found related to controller
monitoring and support with fault diagnosis applications.
Though this review shows more promise over conventional
approaches to monitoring, control and reporting with fault diagnosis, the
usefulness of this DCS based system monitoring, reporting and fault diagnosis
approach is not yet explored by the researchers. Hence, the present
investigation is carried out to make a systematic study to understand the
implementation of Web-based remote monitoring, reporting and fault
diagnosis system for different applications.