Q3 • 2009

Q1 • 2010

Q2 • 2009

p11 OTS Devices Don’t

Always Measure Up

p21 Think About

Network Topology

p26 Machine,

Help Thy Self

As dangers grow, better tools and standards make network security easier and safer

How Much Access?

IN10Q1_01_Cover.indd 10 1/25/10 5:41 PM

* Software and firmware are downloadable for authorizedcustomers from www.automationdirect.com

For complete information or to order our freecatalog, visit: www.automationdirect.com/c-more

1-800-633-0405

www.automationdirect.comREMOTE ACCESS AND CONTROL BUILT-INNo Additional Hardware requiredThe C-more Remote Access feature resides in all panels withEthernet support, and requires no option modules. Accessreal-time data or initiate an action on a control systemfrom anywhere, any time. (Requires software and firmwareversion 2.4 or later*, and an Ethernet C-more panel)

With these new C-more 6-inch TFT touch panels, we’veimproved features and lowered the cost. Check out thepowerful yet easy-to-use configuration software bydownloading a demo version at:http://support.automationdirect.com/demos.html

ALL C-MORE PANELS INCLUDE:• Analog resistive touch screen with unlimited touch areas• One USB A-type and one USB B-type port• Serial communications interface

FULL-FEATURED MODELS ADD:• 10/100Base-T Ethernet communications• CompactFlash slot for data logging

C-moretouch panelline-up:

6-inch STNgrayscale

6-inch TFT65,538 colors

8-inch TFT10-inch TFT

12-inch TFT15-inch TFT

Starting at:$395

Starting at:$495

$995 $1,595 $1,895 $2,295

CONNECT TO CONTROLLERS WITH DRIVERS FOR:• All AutomationDirect PLCs/PACs• Allen-Bradley

ControlLogix®CompactLogix®MicroLogix™ 1100/1400 Ethernet ENI Adapter for SLC Series FlexLogix SLC® 5/05 Ethernet™ MicroLogix™

• Modbus RTU and TCP/IP Ethernet • GE 90/30 SNPX (90/30, 90/70. Micro90, VersaMax Micro)• Omron Host Link Adapter (C200/C500), FINS Serial

and Ethernet • Selected Mitsubishi FX Series, Q Series • Siemens S7-200 PPI and S7-200/300 Ethernet

(ISO over TCP/IP)

Two new C-more 6-inch operator touch panels offer:

• Clear TFT 65K color display• LED backlight• Lower price!

1002-IndustrialNetworking-Cmore6-MAG:cmore6 1/11/2010 9:03 AM Page 1

Where Do I Go for Wireless Products?omega.com, of Course!

Your single source for process measurement and control products!

© COPYRIGHT 2010 OMEGA ENGINEERING, INC. ALL RIGHTS RESERVED

Shop Online at

Easily Add Wireless Sensor Capabilityto Your Meter, Controller, Recorderor Data Logger!

Visit omega.com/mwtc_seriesFor Complete Product Details

Panel Meter

MWTC-REC6-V1-915**

$49

Miniature WirelessThermocoupleConnectorThe Smart Connector TM

MWTC-K-915*

$79

For Sales and Service, Call TOLL FREE

Dilbert © United Feature Syndicate, Inc.

Wireless Transceiver

DP24-E

$195

USA

MADE IN

Visit omega.com/mwtc-rec6For Complete Product Details

Visit omega.com/dp24-eFor Complete Product Details

**PATENT PENDINGCovered by U.S. and

International patents andpending applications

*PATENTEDCovered by U.S. and

International patents andpending applications

Shown largerthan actual size.

Shown smallerthan actual size.

Shown smaller than actual size.

FREE! New Horizons ®in Wireless

Comm

unications

Visit omega.comto order yourFREE copy ofThe BLUECAT®

New Horizons in WirelessCommunicationsVersion 24

Featuring 60 ClassicDILBERT Cartoons!

ThermocoupleSC-GG-K-30-36

(Included with MWTC)

INW_0210:Control Design 1/7/10 9:50 AM Page 1

IN10Q1_FPA.indd 2 1/25/10 4:31 PM

* Software and firmware are downloadable for authorizedcustomers from www.automationdirect.com

For complete information or to order our freecatalog, visit: www.automationdirect.com/c-more

1-800-633-0405

www.automationdirect.comREMOTE ACCESS AND CONTROL BUILT-INNo Additional Hardware requiredThe C-more Remote Access feature resides in all panels withEthernet support, and requires no option modules. Accessreal-time data or initiate an action on a control systemfrom anywhere, any time. (Requires software and firmwareversion 2.4 or later*, and an Ethernet C-more panel)

With these new C-more 6-inch TFT touch panels, we’veimproved features and lowered the cost. Check out thepowerful yet easy-to-use configuration software bydownloading a demo version at:http://support.automationdirect.com/demos.html

ALL C-MORE PANELS INCLUDE:• Analog resistive touch screen with unlimited touch areas• One USB A-type and one USB B-type port• Serial communications interface

FULL-FEATURED MODELS ADD:• 10/100Base-T Ethernet communications• CompactFlash slot for data logging

C-moretouch panelline-up:

6-inch STNgrayscale

6-inch TFT65,538 colors

8-inch TFT10-inch TFT

12-inch TFT15-inch TFT

Starting at:$395

Starting at:$495

$995 $1,595 $1,895 $2,295

CONNECT TO CONTROLLERS WITH DRIVERS FOR:• All AutomationDirect PLCs/PACs• Allen-Bradley

ControlLogix®CompactLogix®MicroLogix™ 1100/1400 Ethernet ENI Adapter for SLC Series FlexLogix SLC® 5/05 Ethernet™ MicroLogix™

• Modbus RTU and TCP/IP Ethernet • GE 90/30 SNPX (90/30, 90/70. Micro90, VersaMax Micro)• Omron Host Link Adapter (C200/C500), FINS Serial

and Ethernet • Selected Mitsubishi FX Series, Q Series • Siemens S7-200 PPI and S7-200/300 Ethernet

(ISO over TCP/IP)

Two new C-more 6-inch operator touch panels offer:

• Clear TFT 65K color display• LED backlight• Lower price!

1002-IndustrialNetworking-Cmore6-MAG:cmore6 1/11/2010 9:03 AM Page 1

Where Do I Go for Wireless Products?omega.com, of Course!

Your single source for process measurement and control products!

© COPYRIGHT 2010 OMEGA ENGINEERING, INC. ALL RIGHTS RESERVED

Shop Online at

Easily Add Wireless Sensor Capabilityto Your Meter, Controller, Recorderor Data Logger!

Visit omega.com/mwtc_seriesFor Complete Product Details

Panel Meter

MWTC-REC6-V1-915**

$49

Miniature WirelessThermocoupleConnectorThe Smart Connector TM

MWTC-K-915*

$79

For Sales and Service, Call TOLL FREE

Dilbert © United Feature Syndicate, Inc.

Wireless Transceiver

DP24-E

$195

USA

MADE IN

Visit omega.com/mwtc-rec6For Complete Product Details

Visit omega.com/dp24-eFor Complete Product Details

**PATENT PENDINGCovered by U.S. and

International patents andpending applications

*PATENTEDCovered by U.S. and

International patents andpending applications

Shown largerthan actual size.

Shown smallerthan actual size.

Shown smaller than actual size.

FREE! New Horizons ®in Wireless

Comm

unications

Visit omega.comto order yourFREE copy ofThe BLUECAT®

New Horizons in WirelessCommunicationsVersion 24

Featuring 60 ClassicDILBERT Cartoons!

ThermocoupleSC-GG-K-30-36

(Included with MWTC)

INW_0210:Control Design 1/7/10 9:50 AM Page 1

IN10Q1_FPA.indd 3 1/25/10 4:31 PM

Dual RF

Wireless Redundancy

Dual RF

Wireless Redundancy

• Reliable Redundancy • Flexible Mobility • Seamless Roaming • Proven Ruggedness

IN10Q1_FPA.indd 4 1/25/10 4:32 PM

7 FIRST BIT Wider-Scope Security

8 PACKETS HART Recognizes Mitsubishi

Chemical

11 BUS STOP When COTS Isn’t Good Enough

21 PARITY CHECK Relationships Make the Di� erence

24 PRODUCTS

26 TERMINATOR Modbus, the Grand Old Dame

COLUMNS & DEPARTMENTS

COVER STORY

INDUSTRIAL NETWORKING is published four times annually to select subscribers of CONTROL and CONTROL DESIGN magazines by PUTMAN MEDIA INC. (also publishers of CHEMICAL PROCESSING, FOOD PROCESSING, PHARMACEUTICAL MANUFACTURING and PLANT SERVICES), 555 W. Pierce Road, Suite 301, Itasca, IL. (Phone: 630/467-1300; Fax: 630/467-1124.) Address all correspondence to Editorial and Executive O� ces, same address. ©Putman Media 2010. All rights reserved. The contents of this publication may not be reproduced in whole or part without consent of the copyright owner. INDUSTRIAL NETWORKING assumes no responsibility for validity of claims in items reported. Single copies $15.

E V A L U A T E 1 2

For additional information, please contact Foster Printing Service, the official reprint provider for Industrial Networking.

PMS 370 C

C: 60M: 0Y: 100K: 28

Call 866.879.9144 or sales@fosterprinting.com

RepRints aRe ideal foR:

n New Product Announcements

n Sales Aid For Your Field Force

n PR Materials & Media Kits

n Direct Mail Enclosures

n Customer & Prospect Communications/Presentations

n Trade Shows/Promotional Events

n Conferences & Speaking Engagements

n Recruitment & Training Packages

Use reprints to maximize

your marketing initiatives and

strengthen your brand’s value.

Reprints are a simple way to put information directly into the hands of

your target audience. Having been featured in a well-respected publication

adds the credibility of a third-party endorsement to your message.

Custom REPRINts

18

INDUSTRIAL NETWORKING

Q1• 20105

Miniaturization and CommunicationLatest Innovations in Signal Conditioning Include Smaller Footprints and Increased Interoperability

R E S E A R C H 2 2

Select and Test Connectors WiselyEnvironment Is a Key Consideration When Choosing Connectors, but How and When Do You Validate Your System Once It’s Installed?

BY MIKE BACIDORE, MANAGING EDITOR

D E S I G N 1 8

How Much Access?As Dangers Grow, Better Tools and Standards Make Network

Security Easier and Safer

BY JIM MONTAGUE, EXECUTIVE EDITOR

IN10Q1_05_TOC.indd 5 1/27/10 2:47 PM

IN10Q1_FPA.indd 6 1/25/10 4:32 PM

7

Do you really know what it is you’re doing? i usually think i do, but sometimes i get shaken by something that shows me that i’d better check again. not comfortable.

so, there i was, researching and reporting this month’s “how Much access?” cover article (p12, www.ControlDesign.com/howmuchaccess) on network security and quizzing a bunch of excellent sources, when i got asked a simple question in

return. near the end of our interview, Francis lauryssens, Pi software systems specialist at sun Chemical’s pigment plant in Muskegon, Mich., asked me, “what is network security?”

after a few years covering this topic, i thought i knew what network security was—keeping out intruders, stopping unauthorized access, killing intrusive computer viruses, right? Certainly, but lauryssens explains there’s a lot more to security than this narrow, physical, old-time-burglar-based definition.

“security is about preventing things from happening that you don’t want to happen,” he explains. “try to think about it this way—what does security mean for your car? Does it mean just keeping people out? or does it also mean having good brakes, seatbelts and airbags, as well as an engine, tires and other parts in good working order? all of these give your car the ability to keep operating well and allow you to keep traveling down the road. this is not just keeping intruders out. likewise, this broader definition of security also includes getting your 5000-mile maintenance checkups, but then do you just hope your mechanic fixes your car right, or do you ask some questions and say what you need and expect?”

of course, lauryssens’ perspective is similar to the idea expressed by several sources that network security is very similar to safety and can be viewed at least partly as a subset of it. This idea is especially useful if it helps already-safety-conscious controls engineers and technicians learn about and adopt network security as part of established safety mindsets and procedures.

however, when you think about it further, can’t the definition of safety be widened beyond itself, too? safety also is about preventing bad things from happening, and so this conception

of both can be extrapolated further to account for even wider circles of potential threats and negative impacts on your car and you.

For example, making sure your community maintains decent roads, plows snow and ice, maintains effective signaling and enforces traffic laws—such as speed limits—can have a potential impact on your car’s security and safety. likewise, effectively training young

drivers, reevaluating older ones and keeping drunk drivers off the road can do the same.

in fact, i’d bet lauryssens’ expanded security definition not only could be applied to cars, industrial networking and process control and automation, but also could be used in homes, families, organizations, communities large and small, planets or anything that their users might want to protect.

these are not jobs that network switches can do, but they can help. For instance, though there are lots of network security resources and tools, the most important one this side of a good firewall is to secure and maintain common-sense awareness of your tools, application, network and facility, including knowing what data is going in and coming out and at which points. this knowledge will direct you to implementing the most appropriate network security hardware and software.

however, you also must have the sticktoitiveness to follow through and religiously perform your security and safety maintenance training and chores. and, sorry, but this includes bringing controls and it staffs together, drafting a workable patching policy and installing patches and service packs every time they come in from your software suppliers.

Many controls engineers counter that they can’t just shut down critical applications every time Microsoft sends out a patch, and they’re right. however, there also are a growing number of methods and tools for quarantining and testing patches and then downloading them to the plant floor as soon as it’s convenient.

so, even though questioning what you’re trying to do might be startling and seem unnecessary, reexamining some basic concepts like security may help make you and your application to be truly more secure.

Wider-Scope Security“What does security

mean for your

car? does it

mean just

keeping people

out? or does

it also mean

having good

brakes, seatbelts

and airbags?”

f i r s t b i t

Jim montagueexecutive editor

jmontague@putman.net

7industrial netWorking

Q1 • 2010f i r s t b i t

IN10Q1_07_FirstBit.indd 7 1/26/10 10:13 AM

IndustrIal networkIng

Q1 • 20108 p a c k e t s

HART Recognizes Mitsubishi Chemical

The hART CommuniCATion FoundATion (www.hartcomm.org) selected the mitsubishi Chemical ethylene plant located in Kashima, Japan, as recipient of the 2009 hART Plant of the Year Award. The award is given annually to recognize the people, companies and plant sites around the globe that use the advanced capabilities of hART Communication in real-time applications to improve operations, lower costs and increase availability. mitsubishi is Japan’s largest chemical manufacturer.

mitsubishi Chemical uses the hART capability of more than 800 interoperable field devices integrated with its dCS and asset management systems through multiplexers and hART-enabled i/os to access real-time, continuous process variables and diagnostics. By accessing this real-time intelligent data, mitsubishi can diagnose abnormal process conditions and track equipment health 24 hrs/day. As a result, peak production performance improved with an estimated operational savings for the plant of $20000-$30000 per day.

diagnostics also are used to uncover device failures before they affect the process. it is estimated that two or three device failures have been detected that would otherwise have caused unplanned shutdowns. An unscheduled plant shutdown costs an estimated $600,000 in lost production value per day with a minimum production restart time of five days for a total savings of around $3 million.

“diagnostic parameters that help detect signs of an abnormal situation or degrading performance are difficult to obtain with simple handheld devices because they require a time-consuming, manual, step-by-step approach,” says Takayuki Aoyama, team leader, instrumentation group, mitsubishi Chemical. “hART technology made it possible to access this data without manual operation. This made it much easier for us to gather data and detect abnormal situations from field devices and reduced maintenance costs by 10%.”

in addition, trending and analysis of secondary process variables throughout the plant provide process insight that allows plant engineers to analyze, troubleshoot and resolve a number of operational problems including plugged impulse lines, an unstable flow profile and an inefficient compressor pump.

“We designated hART as our standard communication protocol, and will replace older devices with hART-type whenever we get a chance,” says Takayuki. “We use hART communication to collect online data from our field devices without disturbing the 4-20 mA analog signal to the control system. our goal is to detect abnormal situations in the process and protect field devices from malfunctions.”

mitsubishi Chemical is a perfect example of how the power of hART can be used to lower costs, improve plant availability and help keep a plant competitive, says Ron helson, hART Communication Foundation’s executive director.

mitsubishi Chemical, including subsidiaries, has 39000 employees. The ethylene plant capacity is 380000 tons/year. Approximately 800 hART devices are currently installed in the plant with an additional 2200 4-20 mA only devices that will be upgraded over time.

The hART Plant of the Year is presented to end-user companies to recognize ingenuity in the application of hART Communication technology. The award showcases end-user companies and their suppliers who have demonstrated creativity in using the full capabilities of hART Communication technology.

Bits & Bytes

the CC-Link Partner Assn. (clpa, www.cc-link.org) released cc-link Ie Field network, an open 1 gb industrial ethernet field network. Based on the Ieee 802.3 standard, cc-link Ie Field network offers 1 gb/s transmission and real-time protocol, using cat. 5e cable and rJ45 connectors. It delivers deterministic control communications without requiring ethernet switches and allows a variety of topologies.

Emerson Process Management (www.emersonprocess.com) and Optimal Industrial Automation (www.optimal-ltd.co.uk) formed an alliance that integrates optimal’s syntQ pat data management package with emerson’s plantweb digital plant architecture.

Igus (www.igus.com) joined forces with For Inspiration and recognition of science and technology (FIRST, www.usfirst.org) as a gold supplier of its robotics competition by donating more than $50,000 worth of various plastic machinery components, including cable carriers, linear guide systems, plastic plain bearings, spherical bearings and aluminum shafting.

the Fieldbus Foundation (www.fieldbus.org) released its updated Foundation fieldbus Host test kit (Htk) dd application Module (v.2.0.0), which includes hardware and software for testing the functionality of a fieldbus host and its conformance with host profile specifications.

HART SMART

HART Communication Foundation Director of Technology Programs Ed Ladd (left to right) and Executive Director Ron Helson present the 2009 HART Plant of the Year Award to Mitsubishi Chemical’s Takayuki Aoyama, team leader, maintenance and engineering, instrumentation group; Kenji Tsutsui, general manager, maintenance and engineering; and Nobuyuki Mishima, group manager, maintenance and engineering, instrumentation group, in Kashima, Japan.

Ha

rt c

oM

Mu

nIc

atIo

n F

ou

nd

atIo

n

IN10Q1_08_09_Packets.indd 8 1/26/10 10:15 AM

9IndustrIal networkIng

Q1 • 2010

European Industrial Ethernet Ensures TransparencyProcess industries have begun to acutely feel the need to reduce plant downtime through real-time knowledge sharing and high-speed communication protocol, according to a report from Frost & sullivan (F&s, www.industrialautomation.frost.com). They require intelligent devices that extend location-independent control over other automation components to facilitate rapid information recovery and immediate response, as well as to optimize asset utilization of the plant.

however, implementing sophisticated information systems entails deployment of a vast array of devices across the plant, which, in turn, necessitates seamless data flow across different modules of the process infrastructure, from low-level field devices to business-level decision-making systems, according to the F&s analysis. This complex connectivity can be simplified by using a high-speed, open system and a central network, such as industrial ethernet, which assures complete transparency in operation.

F&s’s “Strategic Analysis of European Industrial Ethernet Market” provides insights into industrial ethernet protocols such as Modbus transmission control protocol/internet protocol (tcP/iP), Profinet, ethernet/iP, ethercat, ethernet PowerLink and other protocols.

“ethernet devices used for either an enterprise application or production process work with the same technology and offer the benefits of a common and shared platform,” says research analyst Khadambari shanbagarman. “This creates the flexibility of sharing the network, lowering additional expenses and reducing unwanted cabling.”

This flexibility also helps convey field-level data to the business application, enabling the close functioning of the plant, which, in turn, eases workforce operations, notes shanbagarman. in fact, ethernet devices greatly emphasize the need for a predictive maintenance capability that provides great workforce mobility in large plants.

Further, industrial ethernet allows the system to be connected to the plants’ intranet, where information from various plants can be accessed across different facilities and information can be quickly transmitted even across

diverse geographies. this indicates that the ethernet setup helps in a seamless connectivity across all parts of the plant network and the real-time information is made readily available to the user, according to the report.

A S I A PA C I F I C | A F R I C A | E U R O P E | M I D D L E E A S T | L AT I N A M E R I C A | N O R T H A M E R I C A

IN10Q1_08_09_Packets.indd 9 1/26/10 10:16 AM

For additional information, please contact Foster Printing Service, the official reprint

provider for Control Design.

Give yourself a competitive advantage with reprints. Call us today!

PMS 370 C

C: 60M: 0Y: 100K: 28

Call 866.879.9144 or sales@fosterprinting.com

Use reprints to maximize your marketing initiatives and strengthen your brand’s value.Custom reprint products of articles and features from Control Design create powerful marketing tools that serve as instantly credible endorsements.

Reprints are a simple way to put information directly into the hands of your target audience. Having been featured in a well-respected publication adds the credibility of a third-party endorsement to your message.

RepRints aRe ideal foR:

n New Product Announcements

n Sales Aid For Your Field Force

n PR Materials & Media Kits

n Direct Mail Enclosures

n Customer & Prospect Communications/Presentations

n Trade Shows/Promotional Events

n Conferences & Speaking Engagements

n Recruitment & Training Packages

CUstom REPRINts

IN10Q1_FPA.indd 10 1/25/10 4:32 PM

1111F I R S T B I TB a n d w I d T h

A decAde or so Ago, our complex employed a locally legendary controls specialist, who was unique in his fixation on nitpicking standard products that lacked some feature he insisted was indispensible. We’ll call him “craig.”

His co-workers, like me, derived a lot of entertainment from hearing the torment that sales reps experienced in their meetings with him. craig was extremely knowledgeable and an

unabashed instrumentation nerd whose penchant for revealing and deriding all the technical shortcomings of every rep and his or her products was relentless and nearly universally dreaded. craig was a bit of a loner, so we’ll never know whether he derived some pleasure from these floggings or simply felt he should extract some toll from those who asked for a bit of his time.

curiously, craig’s efforts in the field were often devoid of the intensely demanding requirements he placed on vendors. An improviser, he rarely hesitated to leave convention behind.

one of his more infamous efforts used numerous, daisy-chained, six-outlet power strips to power single-loop controllers and recorders in an old panel. Fortunately for operations, craig took a plant radio home and lived close enough to monitor the transmissions when he left work. It rarely took a phone call to get him out to the plant to troubleshoot and remedy a fault. To most of us, craig’s job-security obsession with being indispensible was a bit over the top.

Few of us don’t value job security, especially these days, but an equally scarce number want to be so indispensible they can’t take a vacation or leave the plant radio at work. craig left us long before the widespread use of office-class Windows boxes and their associated network hardware became an everyday reality. But I wonder how many discount store hubs, routers and pcs we’d find had they been common in his day. For those of us who sometimes use coTs hardware in the plant, it’s worth pondering whether we’re setting ourselves up to be like craig or leaving behind a scrambled hodgepodge for our successors. When a component fails, will you be able to troubleshoot it? Will the persons covering for you have a prayer of figuring out what you did?

A week or so ago in our plant, a moxa access point (Ap) we’d installed some time ago needed

another portable device added to its list of allowed mAc addresses. The Ap is managed through a password-protected HTml interface, and we soon realized no one remembered the password. Fortunately, moxa’s website still had the documentation available for download, and we were able to reset the switch and use the factory default password. Had this Ap been a no-name generic from an online retailer, I suspect we

might be replacing the whole thing right now.“environmentally hardened industrial ethernet

components are designed to provide the same lifespan as other automation components—typically 10 to 30 years or more,” offers Bill Wotruba, director of connectivity products for Belden (www.belden.com). “By comparison, typical commercial-grade products for offices are designed for a five-year average lifespan.”

We discovered this when we shopped for a spare 3com superstack III switch for our dcs. We were a bit dismayed when we couldn’t find a “new” one for sale anywhere—the offerings seemed to be eBay-like surplus and salvage retailers. The huge volume of coTs products makes them lower cost, but their commoditization also means a given model could be superseded rapidly.

When we use network hardware from a supplier whose main focus is industrial applications, we are much more likely to find its technical support friendly to the circumstances we encounter and get competent assistance with a product long after the person who installed it is gone.

one of our oems determined a switch was needed for a local outdoor control panel last year and sent me a change order for a Hirschmann eight-port ethernet switch. This little box cost a bit more than a comparable coTs offering but was built for service down to -40 °F, certified for class I, div. 2, hazardous atmospheres, and was dIN-rail mountable to save us from losing the device in the tangle of wire and cable on the floor of the cabinet or relying on double-faced industrial Velcro.

I’m impressed, and it’s likely I’ll be focusing on similar made-for-purpose industrial-class network devices for future applications.

John rezabek is a process control specialist at Isp in lima, ohio.

when we uSe neTwoRk

haRdwaRe FRom a

SupplIeR whoSe maIn

FocuS IS InduSTRIal

applIcaTIonS, we aRe

much moRe lIkely To

FInd ITS TechnIcal

SuppoRT FRIendly To

The cIRcumSTanceS

we encounTeR and

geT compeTenT

aSSISTance wITh a

pRoducT long aFTeR

The peRSon who

InSTalled IT IS gone.

When COTS Isn’t Good Enough

11

John Rezabekjrezabek@ispcorp.com

11InduSTRIal neTwoRkIng

Q1 • 2010B u S S T o p

IN10Q1_11_BusStop.indd 11 1/26/10 10:18 AM

IN10Q1_12_17_CoverStory.indd 12 1/26/10 2:07 PM

The two main questions in network security are: How closed does your network need to be? And, how open can you afford it to be?

Industrial network security is a delicate balancing act. In this case, the balance is between keeping equipment and processes protected—but

typically isolated as they were in the past—and carefully allowing them to touch larger computing realms via Ethernet protocols

and the Internet to gain new connections and capabilities—but exposed to potential viruses and attacks.

If you install too much security, little access is available and no productive work

can get done, especially when users want to employ new devices and software tools that rely on external links. If you have too little security, your machines, application and plant floor are vulnerable to viruses, malicious software and even outright attacks. Several engineers report the biggest threat is someone inadvertently plugging an infected flash drive into the network.

“Whenever you try to move control system data to the IT network, you’re going to need some kind of server, but we see security problems more as a result of conflicts with IT than from viruses trying to come in,” says Francis Lauryssens, software specialist at Sun Chemical’s (www.sunchemical.com) pigments plant in

Muskegon, Mich. “All the PCs, HMIs and other devices used to have hard-coded IP addresses, and

I think a lot of the security problems we have now started when IT wanted to change these back to

DHCP, which automatically assigns IP addresses. This allowed IT to change settings that we might not want

to change and also means we’re no longer sure where many devices we’re communicating with are actually

located. This is why we need firewalls and segmented networks and why we negotiated and collaborated with IT and

agreed that there are some PCs that they can’t touch.”

Security through SafetyEric Cosman, engineering consultant at Dow Chemical (www.dow.com) and ISA 99’s committee co-chair, adds, “We have a small staff group that is responsible for industrial control system cybersecurity, and we follow a multi-year plan that takes into account all the available standards and guidance. When we

ask ourselves why we need to implement cybersecurity, we remember that our first concern as manufacturers is to protect people and processes. Whether an unsafe condition is caused by an equipment failure, mistake or cybersecurity incident doesn’t matter. We are about safety first, and so we follow a similar approach with cybersecurity because the goal is the same.” ISA 99 is the International Society of Automation’s (www.isa.org) Manufacturing and Control Systems Security standard.

Likewise, security and safety both require inventorying related equipment and applications, dividing processes into manageable segments, conducting risk assessments, prioritizing potential hazards, implementing appropriate

protections and then reevaluating on a regular schedule. Thinking about network security’s similarities to safety could make it easier for many engineers to embrace.

“Though we in the controls and automation community usually know what we’re talking about with safety, we still don’t know what we’re talking about when we talk about security,” says Joe Weiss, PE, CISM, of Applied Control Solutions (www.realtimeacs.com) and author of Control’s “Unfettered” blog (community.controlglobal.com/unfettered). “Most security discussions still focus on IT issues, and so our controls folks need to get much more involved. We’re the only ones who can develop security for our variable-speed drives and field devices. The major controls suppliers and SCADA vendors got religion on the need for security, but they still don’t have a vision or plan for accomplishing it, and the many proprietary monitoring and controls systems usually haven’t addressed any security issues.”

Weiss claims there have been more than 170 cybersecurity incidents since 1998, including two cases in which people were killed, three that caused large-scale electrical outages and others that resulted in large equipment damage and significant spills to the environment. “Many of these were unintentional, some were intentional, and some were the result of unintended consequences such as software worm propagation,” adds Weiss. “However, the bottom line is that people still talk about cybersecurity incidents as if they were hypothetical and blow it off. The other problem is that, even though we have some cyber-forensics tools for Windows, there are none for proprietary systems, and so many users wouldn’t even know if they did have an incident.”

Weiss explains that, while IT staffs believe that cybersecurity vulnerabilities require either a connection to the Internet, running Windows or using IP addresses, many security incidents in control systems have none of these three red flags. “In a test and demonstration of a real-world cyber-attack at Idaho National

As External Dangers Multiply, Network Security Gets More Complicated. Better Tools and Clearer Standards Can Help Make Secure Access Easier and Safer

By JiM MoNTAGuE,

ExECuTivE EDiTor

IN10Q1_12_17_CoverStory.indd 13 1/26/10 2:09 PM

INDUSTRIAL NETWORKING

Q1 • 2010

Laboratories about two years ago, the staff was able to physically destroy the couplings of a large diesel generator, and they did it via a dial-up modem,” says Weiss. “Unfortunately, the related industries generally have done nothing on cybersecurity since then.”

To help solve these problems, Weiss adds that both controls engineers and their IT counterparts must fi rst convince their senior management to buy in with budgetary and organizational support. “Next, they need to fi nd out what they have in their networks by walking it down, checking their equipment piece by piece, determining what each device is and how it’s confi gured, and then doing risk assesments to help decide what security solutions each one needs,” he says. “You have to understand which devices you have in the fi eld that are cyber-sensitive, such as modems, and then understand what they’re doing and what the ramifi cations are. � is will help determine the risk for each and what should be done to mitigate it. Finally, your team needs to draft a cybersecurity policy, regularly reevaluate and redo it and update the cybersecurity for any equipment that needs it.”

Bradford Hegrat, CISSP, Rockwell Automation’s (www.rockwellautomation.com) principal security consultant, adds, “Safety tends to start with a localized approach, and so it was driven from the bottom up. On the other hand, security is more systemwide, and so it’s

been driven from the top down. � e trick now is to get them to meet and balance in the middle.”

BETTER TOOLS � ankfully, many of the basic network security tools are more capable and easier for new users to implement. � ese tools include intelligent network switches and routers, fi rewalls and hardware and software devices for managing network connections, authenticating users, encrypting data and establishing demilitarized zones (DMZs) and other segregated areas.

“� e cybersecurity fi eld has gotten more mature in the past two years, but it needs another fi ve to 10 years to get standard methods, processes and engineering in place,” says Eric Byres, CTO of Byres Security (www.tofi nosecurity.com), which develops fi rewalls and other security devices, such as its Tofi no fi rewall-confi guration appliance. “� ere is good consulting advice available on cybersecurity, of course, but the average plant doesn’t yet have a defi nitive code for cybersecurity. Still, the standards are coalescing, and this has tangible results on the plant fl oor because engineering managers are getting a better idea of what they need to do for cybersecurity.”

Byres also agrees that network security and safety are two sides of the same coin, and that engineers can use how they think

E V A L U A T E

Internet zone

Data center zone

Plant network zone

Controls network zone

Field I/O

Intrusion prevention

Network monitoring

Content ltering Anti-virus Remote

access

Server monitoring

Web-usage reporting

Wireless security

Service-level management

User management

Server management Anti-spam

PC workstations

File and print services Wireless

Intrusion prevention

Internet

Internet rewall

Control network rewall

Perimeterrewall

Anti-virus

Application workstation Interface

Control node bus

PC portal

Control station Interface

PLCI/O

I/O

I/O

I/O

I/O

I/O

Intrusion

Control network rewall

Anti-virus

Application workstation Interface

Control node bus

PC portal

Interface

I/O

I/O

Control network rewallControl network rewallControl network rewallControl network rewall

Intrusion Intrusion Intrusion workstationworkstation

Control node busControl node busControl node bus

InterfaceInterface

I/OI/O

Plant network zone

Controls network zone

Service and support subzone

Data aquisitionand interface

subzone

Control network rewall

INV

ENSY

S

MULTIPLE ZONE NETWORK WITH SUBZONE

A multi-zone network can improve network security by integrating plant and IT networks with a combination of firewalls, intrusion detection/prevention devices placed at strategic locations, station lock-down procedures for services on UNIX and Windows platforms and policy settings, as well as adding subzones as DMZs on the firewall to provide an extra level of control.

14

IN10Q1_12_17_CoverStory.indd 14 1/26/10 2:10 PM

about and address safety to accomplish cybersecurity. “There are many safety techniques that apply to security, and so I think it’s easier to turn a safety engineer into a security expert that the other way around,” says Byres. “For example, the safety world can teach security people to be consistent, evaluate all points attached to their network and be more diligent about accounting for everything.”

Similarly, advises Hegrat, to improve the cybersecurity of their own networks, users should first know their applications and determine who and which devices are supposed to talk to whom on the plant floor, so they can create functional zones insde their control networks. Next, they need to secure these subzones using Layer 3 access control lists (ACLs) and follow the Principle of Least Route to give the network more resilience to recover if a failure or security event occurs. Also, users need to inventory and prioritize their equipment and areas by criticality, rating the impact of the loss of those assets against the potential for occurrence and then use the results to select and implement appropriate protections, such as firewalls and DMZs.”

In addition, while any network that uses TCP/IP needs to have firewalls and other security measures, some Ethernet-based versions of the fieldbuses have additional specifications, rules and requirements that can help discourage intrusions. For example, Chuck Lucasik, director of the CC-Link Partner Assn. Americas (www.cclinkamerica.org), reports that CC-Link Industrial Ethernet (IE) doesn’t use the typical IP addresses in its devices, and so it’s less susceptible to potential hacking because typical TCP/IP or UDP/IP messages can’t reach them as easily. “CC-Link IE also uses an Ethernet Adapater switch to constrain the amount of traffic allowed onto its network, and this offers even more protection,” says Lucasik.

StandardS Coming togetherDozens, if not hundreds, of cybersecurity efforts have been undertaken by governments, trade organization, standards bodies and other corporate groups in recent years, and a few are emerging as clear leaders:• ANSI/ISA 99, “Security for Industrial

sealevel.com > sales@sealevel.com > 864. 843. 4343

®

Connectivity and control. Making your interface as reliable as the

tides—and just as strong. Sealevel creates hardware and software

solutions for both digital and serial interface requirements.

We Listen. Think. And Create.

© 1986-2010, Sealevel Systems, Inc. All rights reserved.

SeaLINK® USB serial converters reduce host processor overhead compared to

traditional processor/UART-based designs.

The right connection creates incredible power.

Computing/HMI Serial I/O

IN10Q1_12_17_CoverStory.indd 15 1/26/10 2:10 PM

INDUSTRIAL NETWORKING

Q1 • 201016

Automation and Control Systems,” covers all of the major process industries. Part 2 of its three parts was approved in January 2009, and it’s scheduled to be delivered to ISO/IEC in February for eventual adoption as an international standard. ISA 99 provides guidelines to establish an industrial cybersecurity program for almost any control and automation system, such as DCSs, batch, SCADA and even discrete applications.

• North American Electric Reliability Council-Critical Infrastructure Protection (NERC-CIP) standard took eff ect Dec. 31 and governs the power generating and distributing industries. It requires users to have one year of auditable compliance by the end of 2010. However, critics say it allows users to defi ne too many of their operations and assets as non-critical.

• American Chemistry Council’s Chemical Sector Cybersecurity Program has been in place since 2002.

• National Petroleum & Refi ners Assn. and its Cybersecurity Subcommittee work with other groups on cybersecurity issues, and have developed a variety of resources and recommendations on cybersesecurity procedures.

“I think the overall network security picture is getting clearer and better defi ned, and so users will be able to learn about and begin to implement them more easily,” says Kevin Staggs, engineering fellow for cybersecurity at Honeywell Process Solutions (hpsweb.honeywell.com), who also is one of ISA 99’s working group leaders. “For example, ISA 99 is a lot more visible now. Over the next 18 months, we’ll also see certifi cation of many users’ process application by vendors certifi ed by the ISA Security Compliance Institute (ISCI) to evaluate compliance with ISA 99. Likewise, Honeywell and others can audit customers for compliance with NERC-CIP and other standards and provide recommendations and services for correcting problems, performing security updates, patch management and monitoring operations.”

Byres adds that much of ISA 99 was developed from two or three main sources. “A lot of the guts came from the ISO 27001 standard

for establishing an IT security program, and were modifi ed for the process and discrete manufacturing industries by James Gilsinn at NIST’s Intelligent Systems Division,” he says. “Much of ISA 99 was infl uenced by best practices for network security provided by Eric Cosman at Dow Chemical, Tom Good at DuPont and Johan Nye at Exxon Mobil. ¡ ey deserve a lot of thanks because they and many other people busted chops and made a huge eff ort to make ISA 99 a reality.”

Cosman adds that the best news right now is that there’s a lot of cross-pollination between people involved in the major cybersecurity eff orts. “We have a lot of work on NERC-CIP and smart grid security going through NIST documents and then on to be included in the ISA 99 work products,” says Cosman. “¡ e other good news is that we’ve made good progress in establishing a liaison relationship between ISA and IEC and that ISA 99 standards are immediately submitted to become international standards.”

In addition, paralleling the recent cooperation on standards is an equally large gathering of users, suppliers and government agencies formed and launched as the Industrial Control Systems Joint Working Group (ICSJWG) in March-April 2009 under the jurisdiction of the U.S. Department of Homeland Security and its Control Systems Security Program (CSSP).

“In the past year or two, we’ve seen a much stronger understanding by the user community of the need for cybersecurity, but many folks still struggle to fi nance it,” says Ernie Rakaczky, program manager for Invensys Operations Management’s (IOM, www.invensys.com) control systems cybersecurity portfolio. “¡ is is happening because traditional control system environments and processes, such as measurement, levels and alarms, are beginning to be thought of as something that can drive business models, too. ¡ is creates new risks and the need for cybersecurity over the life of the plant. ¡ is means setting up

E V A L U A T E

Francis Lauryssens, software specialist at Sun Chemical’s (www.sunchemical.com) pigments plant in Muskegon, Mich., says there are several main tasks users must perform to increase network security.

Turn on virus protection software, and be vigilant about installing patches. However, realize that security is about preventing unwanted events, and so it also involves keeping processes running properly. Use complex passwords that include numbers and mixed characters. In fact, uncommon passwords can be easier to remember than simple ones, if the brain is trained to do it. Also, change passwords every three to six months.

Install � rewalls, but then also monitor them to check on who is accessing the network and what software they’re using.

Turn o� unnecessary ports and devices, so people and devices use only the applications appropriate to what they need to do their jobs. Turn down and lock down PCs as much as possible. For example, an HMI should only run the programs it needs to operate and only interact with appropriate devices, so delete programs like Internet Explorer that it shouldn’t be using anyway. Train staff to follow security policies and not work around them.

NETWORK SECURITY TO-DO LIST

IN10Q1_12_17_CoverStory.indd 16 1/26/10 2:10 PM

17 INDUSTRIAL NETWORKING

Q1 • 2010

fi rewalls and then updating them as needed. is can be done by setting up two redundant fi rewalls, updating one while the other runs, and then going back and updating the fi rst one.”

PROPER PATCHINGWhile generally stated standards and recommendations might be helpful, one of the most difficult, confusing and often unresolved security problems that controls engineers face is how to manage the frequent software patches coming into their networks. How are you supposed to apply patches to a production line or process application that must run continuously and can’t be shut down and restarted whenever some bit of software shows up? Many of these updates are delivered by software suppliers on a pre-determined day each month, such as Microsoft’s well-known second-Tuesday schedule, or more often if needed.

Consequently, while many IT staff s accept and push out patches to stop newfound viruses, control engineers must try to test patches to make sure they won’t hinder or damage their application before distributing them to equipment on the plant fl oor or out in the fi eld. In fact, many IT security departments still are settling on communication policies and procedures for identifying vulnerabilities and managing patches, but even more control security departments don’t have the know-how or tools for deploying the protection that the patches are supposed to provide.

“We too have a pretty robust patching policy that continues to evolve,” adds Cosman. “We’re a big company with many systems to

patch, but we manage to get it done. So, we tell others facing the same task that it’s doable and to just go do it. ink of patch management the same way you think of doing other kinds of preventive maintenance you should have been doing all along. If we don’t do preventive maintenance, we pay a price. It’s the same with patching.

Cybersecurity isn’t a job that can be done by engineers or IT alone, argues Cosman. “ ey must work together,” he says. “It’s tough to build and maintain these relationships, and it’s even harder and more challenging to do on an ongoing basis, but it simply must be done.”

Basically, the IT side has its fi rewalls, intrusion detection systems (IDSs), intrusion protection systems (IPSs) and other protection gear, but these devices don’t have enough intelligence or sets of rules to function in process environments. For process control to gain the same benefi ts as IT security, its fi rewalls, IDSs, IPSs or security-confi gured switches need the right control-specifi c information embedded in them, such as what kind of network traffi c can cause a loss of control.

As a result, the main strategy is to send patches to a segregated area, test them to make sure they don’t adversely aff ect the control system, equipment and application and then download them later. “For our Windows software-based systems, we quarantine patches in a live environment, install the lead patch on a sample machine and see how that machine reacts before we let the patch onto the plant fl oor,” says Marty Jansons, network consultant at Siemens Industry (www.usa.siemens.com/automation).

Similarly, Wurldtech Security Technologies (www.wurldtech.com) creates resilience profi les for each device it tests, and these include a list of vulnerabilities, safe operating parameters and intrusion-detection signatures and fi rewall rule sets. is allows users to take the fi rewall, load it with these rule sets and give that fi rewall the ability to operate in a process control application by blocking the traffi c that would otherwise trigger vulnerabilities in the control device.

To help increase the time between patches, Rockwell’s Hegrat suggests that controls engineers, who know their applications and equipment well, and IT technicians, who know the IP source and destination addresses and TCP/UDP ports for those devices, can cooperate to draft an application white list for the network. “At some point, software patches will require a system to be rebooted, and this can hinder production,” explains Hegrat. “However, a white list of known addresses and ports can help users design and engineer the system and network more appropriately, lessen the time needed to do real-time patches of devices when necessary and allow more lengthy periods between the times when patches and anti-malware are installed.”

Cosman adds that the security-by-design concept also is beginning to emerge and that this will be the future of network security. “ e big control system vendors are stepping up to the table, contributing to ISA 99’s meetings and committees and designing security in from the ground up. ey’re starting to catch on that cybersecurity can be a market diff erentiator and competitive advantage,” he says. “ is is where we need to go, but it’s still going to take awhile. e key is for users to demand security capabilities as part of the acquisition process.”

CYBERSECURITY ORGANIZATIONSHere is a list of the major government and related organizations that deal with cybersecurity issues, coordinate responses across many industries and are helping to draft network security standards. Each has many resources and guides that can help users improve the security of their individual networks.• U.S. Dept. of Homeland Security (www.dhs.gov)• National Institute of Standards and Technology

(www.nist.gov)• Idaho National Laboratories and Sandia National Laboratories’

National SCADA Test Bed (www.inl.gov/scada)• DHS and NIST’s Process Control Systems Forum

(www.pcsforum.org) • Process Control Security Requirements Forum (PCSRF)

(www.isd.mel.nist.gov/projects/processcontrol)• U.S. Computer Emergency Readiness Team (US-CERT) and its

Control System Security Program (CSSP) (www.us-cert.gov)• North American Electric Reliability Council (www.nerc.com)• SANS Institute (www.sans.org)• Chemical Sector Cyber Security Program

(www.chemicalsybersecurity.com)• The Repository of Industrial Security Incidents

(www.securityincidents.org)

IN10Q1_12_17_CoverStory.indd 17 1/27/10 3:04 PM

IndustrIal networkIng

Q1 • 201018

envIronment Is a key ConsIderatIon when ChoosIng ConneCtors, but how and

when do you valIdate your system onCe It’s Installed?

Select and Test Connectors Wisely

ConneCtors are the glue that holds an industrial network together. Whether you rely on fiberoptic cable, copper cable or wireless communications, the connectors you choose will have a profound effect on reliability and dependability. and the environment can dictate which type of connectors are the best fit.

“our biggest industrial environments have the same three problems—dust, vibration and water,” explains tom Prokop, manager of infrastructure and remote services, Consol energy (www.consolenergy.com), Pittsburgh, Pa., which uses primarily fiberoptic cable at its sites. “if we know it’s a high-vibration environment, we find connectors with good mechanical locks on them. We tend to migrate more to an sC barrel connector on our fiber, rather than an sC connector that might just slide in. For the electrical side, we look for things we can mechanically fasten. We use a mix of fiber and copper. all our backbones are fiber. That can be about 70-80% of our cable. typical fiber runs might be a mile to 12 miles. in terms of connectors, it’s probably 50-60% fiber.”

Joe roegner, sCada technician for orange County (orangecountyfl.net) in orlando, Fla., sees similarities between his water and wastewater treatment environment and the wiring done on sea vessels. “With an ocean-going ship, vibration and corrosion are

common, so using things like butt connectors to join wires are taboo, while ring connectors for terminations are preferred,” he explains.

alice McWilliams, Pe, senior instrument and controls engineer at Chevron Phillips (www.cpchem.com) in Pasadena, texas, thinks high-vibration environments are one of the more difficult environments to handle. “They can cause connections that intermittently are bad,” she says. “When the connection is good 95% of the time, it’s very hard to find the source of the problem.”

any environment with harsh temperature, vibration or moisture conditions could potentially cause issues, warns Matt Finlinson, sales engineer at Molex (www.molex.com). “Choosing connections that have proper iP ratings to guard against dust and water is essential,” he says. “For instance, in a factory setting, these connections might be subject to machine washdown.”

even a small amount of contaminant can cause havoc in networks if the connectors are not sealed properly, cautions nick Clute, product specialist at turck (www.turck.com). “any sort of mechanical disturbance—for example, high vibration—can cause network connector issues,” he says. “But, it might not be clear to all users why an iP67-rated M12 connector should be used instead of a standard rJ45 iP20-rated connector for ethernet in a standard manufacturing environment.”

The three main culprits are vibration, temperature cycling and corrosive gases, summarizes Michelle goeman, product manager—terminal blocks and electronic interface, Wago (www.wago.com). “applications and environments prone to severe or extended vibration are among the most problematic, especially for screw terminations,” she explains (Figure 1). “in industrial settings, we’ve seen failed control panel connections halt production. a shift’s worth of time and productivity are lost to a 30-cent screw terminal. as machines ramp up, they create vibrations that could cause screws to back out—hence, the need for extensive preventive maintenance programs that idle the lines, while connections are checked either with thermal imaging technology, which is expensive, or retorquing to spec, which is time-consuming.”

industrial applications subjected to temperature cycling also trigger connection failures, explains goeman. “Beyond current-induced changes, consider the environment,” she advises. “Factory floors quickly heat up and quickly cool; in industrial settings, this leads to changes of hundreds of degrees. all of this causes copper conductors to expand or contract, and this is on top of current-

by mIke baCIdore, managIng edItor

d e s I g n

Control panels rely on high-voltage terminal blocks and pluggable connectors. In certain environments, connections require ensured reliability against excessive vibrations.

FIGURE 1: SHAKEN, NOT STIRRED

wag

o

IN10Q1_18_20_Featr2.indd 18 1/26/10 11:21 AM

19IndustrIal networkIng

Q1 • 2010

induced changes. If the interconnect device, such as a terminal block or simple splice, doesn’t compensate for this, the connection can fail. Sulfur, nitrogen, chloric gases and even salt oversprays also significantly degrade connections. This is where connection material and a gas-tight connection become vital to network reliability.”

TesT The NeTworkNetwork validation tools are available to test point-to-point and end-to-end runs, but knowing when to use what and whom to trust can be the trickiest part of validating the system.

“Several years ago, our construction contractor made the connections that assembled the communication network for our DCS highway,” recalls Chevron Phillips’ McWilliams. “After startup, we began to experience communication problems on both the active and redundant highways. When the connectors were examined, they were so misshapen that it became very apparent the wrong tools had been used. We contacted the DCS company and asked them to check and repair our highway. However, this was only after we experienced a lot of tense moments concerning our communication between the DCS consoles and the DCS controllers. The situation could have been taken care of before startup if we had thought to inspect these connections as part of a startup checklist instead of taking for granted that they had been correctly put together.”

Consol Energy’s Prokop prefers to build up a calibration curve via point-to-point and then join the segments and do an end-to-end run. “By just doing the end-to-end, because of the distances we’re dealing with, it might take half an hour to get to the point we need to find,” he explains. Prokop suggests using the optical time-domain reflectometer (OTDR) or the copper equivalent for cable testing. “You want to test for signal quality,” he says. “If you just do the first-level test on connectivity and you try to run 10 GB of data, although the connector’s on, it might not be on right. Make sure you can test with the actual types of signals you’ll be carrying.”

Turck’s Clute says it might not be necessary to test each individual run on many industrial networks. “Many times, it’s not required until there’s a problem,” he says. “That being said, it’s not enough to say that the network is running properly, so everything must be working. It’s imperative that during final checkout the actual data is looked at with a hardware tool capable of keeping track of network errors and connection timeouts. It’s more important to test a network after it is fully laid out. Often, network issues occur as they grow, so testing individual segments before the system is complete could be meaningless.”

Charlie Norz, product manager—Wago-I/O-System, recommends advanced, managed Ethernet switches to validate large-scale, critical apps. “These switches use cable test menus to virtually validate physical copper links connected in each port,” he says. “An on-screen menu will indicate ports that carry a properly terminated link. If a link is disconnected, the switch will indicate which link is open and estimate the distance from the port to where the circuit is open. This streamlines commissioning and can save a significant amount of time in the event of a lost link.”

Sven Burkard, product manager, Belden, Hirschmann & Lumberg Automation (www.belden.com) recommends validating each leg or section of the network first to ensure all cable or fiber runs are fault-free and terminated correctly (Figure 2). “Once all cabling is tested, it is then best to do a complete network test,” he says. Performing both tests ensures there are no problems with the network.

“It’s important to have an inspection of the final work,” says Orange County’s Roegner. “Test everything and document the readings. A follow-up inspection before the end of the warranty period also will help catch problems that need to be addressed.”

There’s No Time Like …The point when you choose to test the system can have significant advantages or disadvantages. While some prefer to test as part of the

installation procedure, others would rather wait until the system has been operational for a few months and then test.

“Make sure to budget time, money and resources in the business case or ROI planning process, and be certain to baseline your system at initial optimized performance, and invest in monitoring and diagnostic tools to maintain the system throughout its useful life,” advises Molex’s Chris Zimmerman.

“I’m a true believer in getting a baseline test,” agrees Consol Energy’s Prokop. But, depending on the data’s criticality and what kind of external forces they might be subject to, do you need to do ongoing testing? “Once most of our underground lines are tested we just run them,” says Prokop. “We don’t test again until something fails to work, or if there is suspected mechanical damage because a piece of equipment hit a cable or someone accidentally pulled the cable down. If you know you’re running long spans that are stretching your basic design parameters, you might want to test more often, too.”

FIGURE 2: LEG UP ON VALIDATION

Using industrial-grade connectors with distributed i/o blocks, such as in this assembly application, can make it easier when validating each leg or section of the network to ensure all cable or fiber runs are fault-free and terminated correctly.

Beld

en

“Make sure you can

test wIth the actual

types of sIgnals you’ll

Be carryIng.”

IN10Q1_18_20_Featr2.indd 19 1/26/10 11:22 AM

Testing and validating can add substantial time to a network installation and startup, explains Belden’s Burkard, but it ensures, once the network is up and running, there will be minimal issues, if any. “It is best to test and validate a network when first doing the initial installation, before startup,” he says. “It gives the chance to replace cabling or connectors, make changes to settings in the infrastructure devices and work out any bugs that always show up on a newly installed network. By waiting and validating or testing the network after startup, you compromise the ability to make certain changes to the network without affecting the current processes. By waiting until the system is operational, you almost certainly ensure there will be problems with the startup, making it much more worrisome in the short- and long-term time frames.”

Turck’s Clute agrees it’s extremely important to test as you go. “If you install a number of nodes and then try to commission the network, it’s very difficult to determine where to start if there’s a problem,” he explains. “All networks should be built one node at a time to verify that no new issues are introduced with a single node. That said, it’s only when the network has been up and running for some time that it’s advantageous to do a complete network communications test, because only when everything is up and running will you have the standard amounts of noise, cable length and communication running to give the network a true test.”

DIY or SI?Sometimes, it might be appropriate to contract a system integrator (SI) to implement network solutions, specifically pertaining to connectors. But how do you know when you need help?

“We use SIs for a new or complex technology we might not have the tool set for,” explains Consol Energy’s Prokop. “We’ll rely on them to help define the connectors and prove the concept. Once we find out that it works, we’ll invest in specialized

tools and training. When something is done infrequently, it might be better to pay. A good example of this is when we first started to do fiberoptic. Plasma fusion splicers were $20000-$30000 investments when they first came out, so we found an SI that had those tools.”

Typically, system integrators and engineering services companies take the customer’s mechanical, environmental, electrical and performance requirements and provide a bundled solution, says Molex’s Zimmerman. Specifically, an SI or engineering firm would determine, for example, how robust the connectors would need to be, based on a specification, he says.

“The days of the customer having a control engineering staff to assist in the

implementation have shifted to outsourcing to reduce cost,” says Belden’s Burkard. “A system integrator is an economical and complete solution with expertise in system layouts from the control panel to the network devices on the plant floor. An SI eliminates

connectivity issues. Network management reports indicate 72% of failures are attributed to the OSI layers 1–3.”

It wouldn’t be necessary to contract a system integrator just for connectorizing a solution, says Turck’s Clute. “Many connector suppliers are happy to sit down with customers to look for potential hazards and opportunities to improve the installation,” he says. “However, if a user is concerned about networking problems on a system, chances are they already have a system integrator contracted. The important thing is to make sure that you connect the system integrator with the connectorized solution provider.”

Wago’s Goeman advises bringing integrators in on the ground level. “This way, they can help select connection solutions that will readily withstand anticipated stresses, such as extreme vibrations or rapidly fluctuating temperatures. Upfront discussions will undoubtedly save time and costs down the road.”

IndustrIal networkIng

Q1 • 201020 d e s I g n

“connectIons that

have proper Ip

ratIngs to guard

agaInst dust and

water are essentIal.”

IN10Q1_18_20_Featr2.indd 20 1/26/10 11:22 AM

21f i r s t b i t 21industrial networking

Q1 • 2010p a r i t y c h e c k

Ian Verhappeniverhappen@

industrialautomationnetworks.com

Quite A number of different industriAl network topologies such as star or chicken foot are in use today for the various levels of the enterprise. The field level has different environmental and bandwidth requirements than the control system backbone. These requirements significantly influence the decision-making process of today’s automation professional.

today’s industrial networks extend to all levels

of the enterprise with field-level protocols such as foundation fieldbus, Profibus, modbus and others running on twisted-pair, to ethernet typically from the control level, including remote i/o, and through to the enterprise. of course, now there are wireless permutations over these same domains, but we will leave wireless alone for now.

ethernet is by default a star topology with the router or switch having individual spurs to each end device. in some cases this end device is another router or switch, and, as a result, a network is born. The majority of industrial ethernet suppliers offer some form of a ring topology network, as well as provide an economical and rapidly healing (typically 20–50 ms) method to increase the reliability of a network used to transmit control messages with minimal interruption in the control of the process.

At present, these ring topologies are proprietary, meaning all the switches in the ring must be from the same supplier. now that’s not really a major obstacle, since most facilities use a single supplier for their infrastructures.

rapid spanning tree protocol (rstP) is an ieee standard, and there is discussion underway to develop a standard for ring topologies, too.

At the field level, daisy chain, star, spur, chickenfoot and tree are the most common options. it’s important to remember that the predominant process automation networks, foundation fieldbus and Profibus-PA, are based on the same physical layer and, most importantly, are wired in parallel. Also don’t forget that all networks need terminators to match the system’s characteristic impedance in order to avoid noise problems.

daisy chain is widely used in rs-485 networks, including Profibus-dP and modbus. The devices are linked by connecting each device or network node in series, one after another. it is the computer

equivalent of a series electrical circuit with the same limitation: if one device in the network should fail, all devices downstream of that device are no longer visible. many of us are old enough to recall old Christmas light strings on which, if one bulb failed, the tree went dark. fortunately, many protocols using rs-485 include connectors that are a combination daisy chain/spur connector with circuitry that isolates a failed device from the

network, so the chain is not interrupted.The spur network is very similar to daisy chain;

the devices are strung along a trunk with each device connected to it by a short length of cable—minimum of 1 m.

The most common configuration for process automation is chickenfoot because it is most similar to a traditional analog instrument installation with a homerun cable—multiconductor—and individual spurs—cables—to the end devices.

A tree configuration should have many branches, and the same is true for industrial networks. The devices are the leaves, and the trunk is the cable with terminators at either end. normally, one of those ends is connected to the control system i/o card, and then you can have a combination of spurs and chickenfoot termination assemblies along the trunk. This provides the end user with the optimal use of the installed field cable and takes full advantage of the capabilities of field-level industrial networks. ethernet networks are built the same way, with various routers and switches connected together, typically on a higher-speed trunk to connect a variety of end devices such as computers and printers.

The above does not include consideration of limitations imposed by the area classification of the installation, which obviously will impact the hardware selected to build the network.

ian Verhappen is an isA fellow, certified automation professional and recognized authority on industrial communications technologies. His global consultancy, industrial Automation networks, specializes in industrial communications, process analytics and heavy oil/oil sands automation. His blog can be read at http://community.controlglobal.com/kanduski.

all networks need

terminators to

match the system’s

characteristic

impedance in

order to avoid

noise problems.

Relationships Make the Difference

IN10Q1_21_ParityCheck.indd 21 1/26/10 10:23 AM

IndustrIal networkIng

Q1 • 201022 r e s e a r c h

UNIVERSAL CONVERSIONUniversal signal conditioners in plastic slim-line housings convert, isolate and transmit scale signals from process sensor and controller I/O. DIN-rail mountable models 884114 and 84116 support scalable input signals including mA, Vdc, thermocouple with internal cold-junction compensation, two- to four-wire RTDs, linear resistance and potentiometer signals. Both models feature mA and Vdc outputs, and the 84116 adds two individually programmable relays for alarming and control. The module supports seven programming languages and can be password-protected. The display module also can display input signal values, engineering units, output signal and relay status.AutomationDirect; 770/889-2858;www.automationdirect.com/signal-conditioners

MINI TRANSDUCERMini analog shunt transducer converts and isolates mV signals from shunt resistors and features three-way 1.5 kV isolation and low power consumption. The transducer can accept -50 mV to 3 V drops. The

signal output is also configurable to analog signals. Device has a 6.2-mm housing and T-bus power bus capabilities. The hot-swappable signal conditioning slices clip onto the powering T-Bus connector without removing bus bars or bridging.Phoenix Contact; 800/322-3225; www.phoenixcontact.com

BULLETIN BOARDBulletin 931 analog signal conditioners isolate multiple signals on the same power source and convert signals from field devices to standard 4–20 mA. Many of the analog signal conditioners have hazardous location approvals, including ATEX and UL Class I, Div. 2, certification. Transmission of data over the HART protocol is available on certain models.Rockwell Automation; 800/223-5354; www.rockwellautomation.com/go/prsignal

SEGMENT PROTECTORSR2 FieldConnex segment protectors are UL-listed for Div. 2 applications and FM/cFM-approved for Div. 2/Zone 2 applications. These smart fieldbus wiring blocks provide short-circuit protection and energy limitation. When the fault is repaired, R2 segment protectors automatically resume operation of the spur. A T-connector allows the segment protector to be disconnected while leaving trunk communications uninterrupted and inherently prevent

over-termination. They provide IP20 protection with DIN-rail mounting in four-, six-, eight-, 10- and 12-spur configurations. They feature removable terminals with retaining screws, and LEDs for power, communication and short-circuit indication.Pepperl+Fuchs; 330/486-0002; www.pepperl-fuchs.com

latest InnovatIons In sIgnal condItIonIng Include smaller

FootprInts and Increased InteroperabIlIty

Miniaturization and Communication

NEW INNOVATIONs IN sIgNAL CONDITIONINg, CONVERsION and processing come in small, glacier-like steps, with slow and powerful movements.

“The latest signal conditioning innovations involve miniaturization, or channel density, and communication such as UsB or Ethernet,” explains Donald Lupo, director of sales and marketing—process, Acromag (www.acromag.com). “Today, you can find signal conditioners that are only 6 mm wide or 22 mm high. UsB and Ethernet communication have further increased ease of use and interoperability with PCs. Ethernet communication enables development of multi-channel units with

densities approaching 1 mm per channel to lower I/O cost per channel, and eliminate the need to pull wire by using any network media. Ethernet devices increase performance since you don’t have an analog output that can drift. It’s all digital.”

While developing multi-channel signal conditioners, Moore Industries’ research and development team focused on two in-demand attributes of signal conditioners: high density and switch-selectable products, explains Jay DeCastro, project engineer, Moore Industries (www.miinet.com). “High density is important because panel space equals money, and there is a growing need for very narrow instruments,” he says.

IN10Q1_22_23_Research.indd 22 1/26/10 10:36 AM

23IndustrIal networkIng

Q1 • 2010

MULTIPLE CONNECTIONSMGate EIP3000 products have one or two DF1 to EtherNet/IP ports for connecting DF1 devices and EtherNet/IP devices to A-B PLCs for remote maintenance capability. ProCom technology generates four extra virtual serial channels for Ethernet data passthrough, and supports two IPs—one for each serial port, allowing EtherNet/IP devices to communicate with two DF1 devices simultaneously. The gateway features multiple EtherNet/IP connections with up to 16 simultaneous requests for rapid communication and cascading Ethernet ports.Moxa Americas; 714/528-6777; www.moxa.com

UNIVERSAL INPUTIAMS universal signal conditioners are DIN-rail mounted and provide complete isolation and conversion. The universal input can accept

RTD, TC, Ohm, potentiometer, mA, Vdc and process input signals. They have a detachable LCD display/programming module and more than 100 possible input-to-output combinations and are available in three models. The setpoint model allows dual setpoint control capability through dual Form A relays.

The analog model provides a retransmitted analog signal. A third model provides both an analog output and relay control capability. Red Lion Controls; 717/767-6511; www.redlion.net

BIPOLAR INPUTS857-819 mV signal conditioner accepts bipolar mV inputs from -100 mV to +1,000 mV and converts to a current or voltage output. Current output available is in 4–20 mA, 0–20 mA, 0–10 mA and 2–10 mA variants; voltage output is available in 0–10 V, 2–10 V, 0–5 V and 1–5 V variants. The device ensures safety through three-way isolation (test voltage of 2.5 kV) and has transmission errors of less than 0.1% on adjusted span.Wago; 800/din-rail; www.wago.us

HUNDREDS OF COMBINATIONSDR900 is a customizable universal signal conditioning module with more than 100 input and output analog conversion combinations and three-way signal isolation. The device is available as a linear or

square root extraction model and both are precalibrated for all input and output ranges. Factory or custom field scaling is available by a mode switch change. This product is CE-compliant and DIN-rail-mountable.Omega Engineering; 888/55-omega; www.omega.com

ANALOG SIGNAL CONDITIONERSDesigned to provide isolation for non-isolated two-wire transmitters, 8B42 module supplies power to a current transmitter and then isolates, filters and amplifies the resulting current input signal and provides an analog voltage output. To ensure accuracy, current-to-voltage conversion takes place internally in the module. It’s designed for installation in Class I, Div. 2, hazardous environments.Dataforth; 800/444-7644; www.dataforth.com

SOUND AND VIBRATIONThe NI Sound and Vibration Measurement Suite 2009 is a collection of analysis and signal processing tools for noise, vibration and harshness (NVH), machine condition monitoring and audio test applications. The suite features a continuous frequency sweep

virtual instrument (VI) and includes an AES17-compliant audio filter VI for the LabView graphical development environment and the NI Sound and Vibration Assistant.National Instruments; 800/258-7022; www.ni.com

MICROCOMPACT CONDITIONINGFeatures include input ranges of 0-10 V, 0-20 mA and 4-20 mA, as well as galvanic isolation in either two-or three-way isolation. Microcompact signal conditioning units offer IP20 rating and are DIN-rail mountable and approximately 40-55 g each.Lutze; 704/504-0223; www.lutze.com

ETHERNET-TO-FIBEROPTICEKI-2741 converts Gigabit Ethernet networks to Gigabit fiber networks by transparently converting Ethernet signals to optic signals. It acts as a solution for applications that require wide bandwidth, EMI immunity and long-distance transmission capability. The switch supports MD/MDIX auto detection, so users don’t need to use crossover wires. Surge protection is 3000 Vdc.Advantech, Industrial Automation Group; 513/742-8895; www.advantech.com/ea

MORE, MORE, MOREFind more information about signal conditioners from companies including ASI, Invensys/Eurotherm, Moore Industries, Turck and Weidmüller at www.IndustrialNetworking.net/Q12010research.

IN10Q1_22_23_Research.indd 23 1/26/10 10:37 AM

IndustrIal networkIng

Q1 • 201024 p r o d u c t s

DesigneD to specDataBus Cable line of PLTC/ITC-ER, PLTC and TC-ER versions meets fieldbus specification IEC 61158.2 (ISA/SP-50). It includes 3076F−Type A, 300 V single pair with Beldfoil shield, and S1359A−Type A, 300 V 50-pair individually and overall shielded cable with a sunlight- and oil-resistant PVC jacket. The cables are appropriate for use in all Class I, Div. 2, applications and are RoHS compliant and CE approved.Belden; 800/belden1; www.belden.com

enDure the BenDsEndurance products are extended length/extended life MVC-800 FireWire IEEE 1394, up to 23 ft, GEV-1000 GigE, CCXC Analog Camera, Camera Link and Camera Link PoCL cable assemblies. They have industrial-grade, dual over-mold connectors for enhanced strength and performance. All cables are tested for high-flex life and have exceeded 10 million cycles on standardized flex test protocol for tick-tock bending and rolling/torsion flex.Northwire; 800/468-1516; www.northwire.com/flx

FlexiBle switchEL228 28-port (24+4G) industrial Ethernet managed switch can be used for any mix of copper RJ45 or fiber transceivers. The switch

features LEDs, power/ground connections, console ports and bracket positions on both the front and back. It complies with IEC 61850/IEEE1613 standards and

has advanced cybersecurity, real-time message delivery, enhanced multicasting, and management and monitoring functions.Sixnet; 518/877-5173; www.sixnet.com

signAls From the source BL Compact modular I/O collects a variety of signals in one node to obtain analog, digital, thermocouple, RTD, serial, RFID or a mixture of signal types over DeviceNet, CANopen and Profibus-DP in an on-the-machine device. Up to two signal types can be combined, and the device, with M8 or M12 connectors, has four, eight or 16 ports in an hardened package rated for IP67 and 69k protection. Turck; 800/544-7769; www.turck.us

wlAn splitterSCW04N four-way wideband signal splitter covers 750–2700 MHz, is suitable for 800 MHz and 900 MHz cellular and ISM band operation, and enables 1.8 GHz and 1.9 GHz (1800-1900 MHz) PCS

cellular radio applications, as well as 2.3 GHz WCS Band (2.31–2.36 GHz), 2.36 GHz CDMA Band and 2.4 GHz 802.11b, 802.11g and 802.11n applications. It has a 50 W power rating and is constructed from heavy-duty aluminum. L-com; 561/995-2256, x7140; www.l-com.com

orDer up A mAgnumMagnum 6KL Managed Edge Switch brings fiber port configurability for managed networking to the edge of industrial networks. The environmentally sealed 10-port Ethernet switch has

an operating temperature range of -40 to 85 ºC, includes four 10/100Mb copper ports (regular or PoE), plus up to six

additional ports which can be combinations of Gigabit, 100 Mb, and 10 Mb fiber ports and copper ports. The hardened, convection-cooled, sealed metal box, with optional conformal coating offers high EMI noise immunity. GarrettCom; 510/438-9071; www.garrettcom.com

ethernet rADio702-W and 702M12-W industrial wireless Ethernet radios are supported by IEEE 802.11n to use three antennas and multiple-in/multiple-out (MIMO) for increased throughput. 702M12-W is an IP67-rated version of its counterpart, the 702-W. Both have -40 to 70 ºC operating temperature range, power over Ethernet (PoE), and redundant power inputs (20-49 Vdc). Web-browser management and LED displays, including four user-definable LEDs, are included.N-Tron; 251/342-2164; www.n-tron.com

16-input moDule958EN BusWorks Ethernet I/O module has 16 analog input channels and a quick-connect DB25 port to capture isolated and amplified sensor signals directly from a full panel of industry-standard 8B signal conditioners. This analog input module performs 16-bit analog-to-digital conversions to make the temperature, frequency, strain gage or other sensor data available to any control device via Ethernet. Commercial-grade versions are available. Industrial-grade models offer -40 to 70 °C extreme temperature operation, have integration/totalization capability and are designed for UL/cUL Class I, Div. 2, ABCD (Zone 2) sites.Acromag; 248/295-0880; www.acromag.com

IN10Q1_24_25_Products.indd 24 1/26/10 10:29 AM

25IndustrIal networkIng

Q1 • 2010

IndustrIal networkIng

Q1 • 201025

Disconnect optionsModular, flexible system of disconnect and fuse terminals is based on FTRK-type basic terminals and accessories consisting of disconnect blades, disconnect and diode plugs, fuse holders for 5 x 20 G fuses. In two- and three-wire versions, the basic terminals are 5 mm wide and have a current carrying capacity of 18 A. The terminals can be fitted with FQI 2.5 standard cross-connection units for convenient potential distribution. Conta-Clip; +49 5257/9833-72; www.conta-clip.de

thums upSmart Wireless Thum Adapter for existing HART field instruments frees up diagnostics

and process information previously inaccessible in wired legacy system installations. It can retrofit on almost any two or four-wire HART device without special power requirements to operate as components of Emerson’s Smart Wireless self-organizing field networks to remotely manage devices and monitor health. Emerson Process Management; 800/833-8314; www.emersonprocess.com/smartwireless

moDbus to ethernetEGW1 connects any Modbus-enabled industrial equipment to an Ethernet network. It was designed for industrial applications where all equipment involved uses Modbus TCP, Modbus ASCII or Modbus RTU communications. EGW1-MB can connect PLCs, drives, temperature controllers, barcode readers, vision systems and any other type of serial communication industrial equipment. It provides DIN-rail mounting, RS-232/RS-485/RS-422 selection via software and installs and sets up via serial, Telnet or a Web browser.Exemys; 408/540-6009; www.exemys.com

three-in-one WireLessEKI-6311G 802.11 b/g wireless access point, client bridge and repeater offers standards-based and license-free wireless connectivity. As an access point, the device allows wireless devices to communicate with each other and with 10/100BaseTX Ethernet wired networks. Where a wireless extension cord is needed, client bridge operation connects wired devices to a wireless network. Combining both modes, the unit operates as a wireless repeater. Advantech, Industrial Automation Group; 800/205-7940; www.advantech.com/ea

ip67-testeDImpact67 compact field bus I/O modules feature predefined inputs and outputs, port-related

cutoff and single channel diagnostics via LED. The modules also are equipped with fieldbus group diagnostics. Impact67 modules are available with different bus protocols, including Profibus, CANopen, DeviceNet, EtherCat and EtherNet/IP. The modules also feature pluggable connections, diagnostic options and IP67-tested seals.Murrelektronik; 770/497-9292; www.murrinc.com

25

a d I n d e x

Advertiser pAgeno.

automationxchange ................................27

automationdirect ........................................2

CC-link Partner assn. ..................................6

garrettCom ..................................................20

Moxa technologies ......................................4

omega engineering ....................................3

Prosoft technology .....................................9

sealevel systems........................................15

transition networks .................................28

ContACtus555 w. Pierce rd., suite 301, Itasca, Illinois 60143

630/467-1300 • Fax: 630/467-1124industrialnetworking@putman.net

editoriAlteAm editor In Chief Joe Feeley executive editor Jim Montague Managing editor Mike Bacidore digital Managing editor katherine Bonfante senior technical editor walt Boyes senior technical editor dan Hebert editorial assistant lori goldberg

design&produCtionteAm art director derek Chamberlain

publishingteAm group Publisher/VP, Content keith larson ad traffic supervisor anetta gauthier director of Circulation Jack Jones group art director steve Herner

subsCriptions888/644-1803

sAlesteAmnortheasternandmid-Atlanticregionalmanager

dave Fisher • dfisher@putman.net24 Cannon Forge dr., Foxboro, Massachusetts 02035

508/543-5172 • Fax: 508/543-3061

midwesternandsouthernregionalmanagergreg Zamin • gzamin@putman.net

555 w. Pierce rd., suite 301, Itasca, Illinois 60143630/467-1300 • Fax: 630/467-1124

Westernregionalmanagerlaura Martinez • lmartinez@putman.net

218 Virginia, suite 4, el segundo, California 90245310/607-0125 • Fax: 310/607-0168

insidesalesmanageremily rogier • erogier@putman.net

555 w. Pierce rd., suite 301, Itasca, Illinois 60143630/467-1300 • Fax: 630/467-1124

reprintsFostereprints

Jill kaletha • jillk@fosterprinting.com866/879-9144 ext.168 • www.fosterprinting.com

IN10Q1_24_25_Products.indd 25 1/26/10 10:31 AM

F I R S T B I TInduSTRIal neTwoRkIng

Q1 • 201026 T e R m I n a T o R

InduSTRIal neTwoRkIng

26

N. Lewis BoddeNnlbodden@engineer.com

T e R m I n a T o R

It’s been around sInce the begInnIng of time. Well, certainly since the beginning of the PLc industry. It was developed for use with Modicon—now schneider electric—programmable controllers. The name “Modbus” comes from “Modicon bus.”

The two constant reasons for device communications are programming and data transfer. Modicon needed a way to load and save programs into its controllers, so there are

a set of commands that do that. The most used commands are the data transfer commands.

Modbus is a master/slave—generically referred to as request/reply—communications protocol. one device, the master, sends requests to the slaves, which, in turn, reply. The master can read data, or it can send data. The master addresses only one slave at a time. This scheme is referred to as polling, and it keeps things simple. one command, a request and reply, must be completed before the next one is started. allowances are made for failures to respond and other errors.

In the old days, the devices were connected using multi-drop networks such as an rs-422 or similar networks. sometimes modems were used.

for example, a system at niagara Mohawk gas & Power had a master in syracuse, n.Y., that collected data from 17 remote sites across upstate new York. The modem at the master connected to leased lines to each remote station.

The modems communicated at 2400 baud. The master was an Intel 8080-based card bus system with Modbus master communications programming. The slaves were single-board computers based on the Intel 8085 cPu, and the Modbus communication was something that I developed for the project. The software was divided into functions for sending data, receiving data, building the Modbus commands, decoding the Modbus replies and polling control. I thought that I had correctly implemented the crc message error-checking routine. It was the same on both ends, so it did not report any errors. When I tested it with a Modicon 484, it didn’t work. I looked at the crc bytes for different large messages, and they were all the same. after a close look at the specification, I realized that with large messages, the crc bits were being shifted out of range.

Modbus commands read and write data to blocks of memory—discrete inputs, coils, input

registers and holding registers. The first digit of the address indicates registers (4), inputs (1), outputs and coils (0). one of the most confusing things about Modicon Modbus addressing is that the communications command address of zero is “register 4001” or “40001,” depending on the device. The same thing applies to the bits command address of zero is “1001” or “10001.”

The first thing to do when you’re getting data—

it’s not what you expect—is to check the address offset. The second-most-confusing thing is the byte location in a word. Is it high byte-low byte or low byte-high byte? The original Modicon Modbus used the unconventional high byte–low byte. The registers are 16-bit, but do they represent a signed or unsigned integer? The user has to coordinate this at both ends. What about scaling? You can use fixed-point scaling in 16-bit registers, but this is hard to keep track of and document. You need 32 bits to properly represent floating-point data.

old Modbus now can be packaged in ethernet (tcP/IP protocol) packets to transport the requests and replies. If the devices are programmed to operate as both master and slave, then each device can control the communications it needs to transfer data, like a peer-to-peer protocol.

Modbus is a good protocol for reading from and writing to devices from different manufacturers, using a memory map agreed on by both parties. It requires extra effort to map data and keep documentation up-to-date. I use an excel spreadsheet to organize everything. I can make a column of Modbus addresses quickly by entering the start address, and dragging the fill handle in the bottom right corner of the cell down to the cells that I want to fill with the addresses—autofill. Then I can relate each address to tags and descriptions. It’s easy to cut and paste cells.

There are pros and cons to using Modbus. native protocols don’t require you to map the memory to numerical addresses, and the data types and formats are handled behind the scenes. old Modbus does the job when different devices don’t have a common denominator.

n. Lewis bodden is a control systems consultant with 35 years of practical experience in all aspects of system integration and control system design.

Modbus, the Grand Old DameThe FIRST ThIng To do

when you’Re geTTIng

daTa—IT’S noT whaT

you expecT—IS To

check The addReSS

oFFSeT. The Second-

moST-conFuSIng

ThIng IS The ByTe

locaTIon In a woRd.

IS IT hIgh ByTe-low

ByTe oR low ByTe-

hIgh ByTe?

IN10Q1_26_Terminator.indd 26 1/26/10 10:25 AM

For more information on attending AutomationXchange,contact Andy Wuebben, Executive Director, at 952.224.7640

AUGUST 8-11, 2010 PARK CITY, UTAH

“Okay. So we’re not in the wedded bliss business.”But how about a series of one-on-one problem-solving sessions, designed speci� -cally to address your most pressing auto-mation needs? In the weeks leading up to AutomationXchange, our editors will put you through a rigorous needs evaluation pro-cess, identifying solution providers best suited to your particular automation priorities. Network with your peers, share best practices, and hear ideas for solving your speci� c automation problems – all in a � rst-class setting. Come to AutomationXchange and � nd out why, for a growing number of industry leaders, it’s how the business of automation gets done.

AUTOMATIONXCHANGE SOLUTION PROVIDER PROFILE

Among the industry-leading solution pro-viders represented at AutomationXchange 2010 is Anixter, which brings IP infrastructure knowledge to the process industry and factory floor to help integrate production information with day-to-day operations. With product and technical knowledge in industrial automation, data centers, communications networks, phys-ical security, electrical and electronic wire and cable, fasteners and other small components, Anixter helps its customers specify solutions and make informed purchasing decisions around technology, applications and relevant standards. As a leading global supplier with locations in 52 countries, Anixter provides in-novative supply chain management services to reduce customers’ total cost of production and implementation.

CT1001_AUTOXAD.indd 5 1/27/10 1:38 PMIN10Q1_FPA.indd 27 1/27/10 1:58 PM

C

M

Y

CM

MY

CY

CMY

K

FACE-THE-TRIAL-IN.7.875x10.5.pdf 1 7/30/2009 8:22:30 AM

IN10Q1_FPA.indd 28 1/25/10 4:33 PM