Previous Page  48 / 84 Next Page
Information
Show Menu
Previous Page 48 / 84 Next Page
Page Background

equipment in the factory. This real plug-

and-work operation facilitates plant

layout modifications. Furthermore, HSR

supports the redundant IEEE 1588v2

submicrosecond

synchronization

protocol, which simplifies the

synchronization of the system to

perform precise reconstruction of

the sampled sensor data or the

implementation of control tasks. In

order to provide seamless redundancy,

each HSR node sends the Ethernet

frames through both directions of the

ring. This approach allows “hot” cable

or equipment plugging and unplugging.

Each node is in charge of forwarding

both frames, and the IEEE 1588v2

support corrects the residence and link

delay times to ensure timing accuracy

in the entire network. Thus, frame

hardware processing is mandatory

to ensure low and constant latency

times in every node. Indeed, the IEC

standard recom

mends a “cut-through” approach

for forwarding the frames in the

ring. To avoid circulating frames, for

unicast communications the node

that receives the frames is in charge

of removing them from the ring. For

multicast and broadcast traffic, the

sender removes the frames when it

sees them again in the redundant port.

Additional rules regarding circulating

frames (such as corrupted frames) are

applied to ensure network stability.

HSR, combined in many cases with the

Parallel Redundancy Protocol (PRP),

is the recommended High-Availability

Ethernet protocol in the standard for

the automation of one of the most

critical sectors worldwide: power sub

stations. Other sectors, such as

military and aerospace, are also

adopting these Layer 2 solutions.

Smart gateways provide hardware

switching from the Ethernet and

serial ports to the HSR infrastructure

ring. There are two smart gateways,

represented in the left and in the right

of Figure 3, that connect the HSR ring

with the Ethernet-based enterprise

network working as a redundancy box

(RedBox). Functionally, the access

point represented on the right is

optional, as it can be used to avoid

the single point of failure that would

appear in the case of a network using

only one RedBox. We recommend

implementing the dual-box setup in

cases where high availability is needed,

or when it is necessary to manage

PRP frames (IEC 62439-3 Clause 5)

in the critical nodes in the enterprise

network. Additionally, there are internal

networking ports in the gateway to the

processing elements of the SoC device.

In most cases, a “dumb” switching

approach is useless to join plant and

IT worlds. The heterogeneity in the

data and network formats makes

straightforward connections difficult.

What’s needed is a powerful integrated

processing system able to talk with

local, enterprise or cloud databases.

In addition, such a system would be

in charge of translating protocols,

managing HMI systems, supporting

MES systems and even running soft

PLCs for real-time control. But that is

not all. The customer also expects such

a system to perform complex sensor

data preprocessing and filtering in the

equipment, and of course, advanced

cybersecurity operations.

The cybersecurity requirements

in these kinds of advanced

manufacturing facilities vary widely.

Advanced security is necessary to

protect the status of the production

itself, avoiding any malicious or

accidental interruption generated

by any cyber infrastructure (device,

network, software or hardware). It

is also necessary to authenticate

users and devices that are accessing

information or any critical operation.

Furthermore, this information and

the control protocols need to be

protected in terms of authentication

and privacy, because factory networks

are connected to larger IT networks in

an enterprise and outside of it. These

challenges can only be addressed

with a layered cybersecurity approach

that takes into account each plant

implementation. A common element

in all the projects is the need to

support secure boot and storage

with encryption and authentication.

This feature will make credible the

implementation of secure software

and secure net

works. The trusted embedded system

is more and more difficult to protect

due to the increasing number of

devices and their heterogeneity. For

authentication and for networking

security, these systems can directly

Figure 2 – The CPPS-Gate40

smart gateway from SoC-e

48 l New-Tech Magazine Europe

1 43 44 45 46 47 48 49 50 51 52 53 54 84  FlippingBook