Embed Size (px)
Citation preview
mbCONNECT24
The Remote Service Platform for remote maintenance, data collection and M2M communication
11/2016
1
THE ECOSYSTEM
mbCONNECT24
• worldwideaccessibilityviainternet
• servesascentralconnectorbetweenuser,unitsandplantcomponents
• secure,encryptedconnectionstothemachinesandtotheusers
• asbasisforsecureremotemaintenance,datacollection,M2M-communicationandnetworkingviainternet
Remote Service Portal
• simplemanagementviawebinterface
• projectbasedmanagementofyourmachinesanddevices
• rolebasedusermanagementwithhighlyscalableaccessauthorizations(alsoonIP-orPort-level)
• comprehensivefunctionsforreporting,taskmanagementandmessaging
• variousserversolutions,publicandprivate
• encryptedSSL/TLS-connections
• 2-factorauthentication
• SecureRemotePasswordProtocol(SRP)
• IPBlack/Whitelisting
• certifiedandauditedsecurity
• Security-by-Design
Server Management Maximum Security
2mbCONNECT24
Your machines and equipment
IP transparent access (mbDIALUP)
99Diagnosis,configurationandprogrammingviainternet
99UseofexistingengineeringtoolssuchasSiemensStep7,TIA,RSlogixorCodesys,asifyouwereonthespot
99DirectMPI/PROFIBUSinterfaceanddriverforSIMATICsoftware
99Remotediagnosiswithprogram-andfirmware-updates
99 Severaluserscanaccesstherouteratthesametime
Web based access (mbWEB2go)
99 Supportswebserver,RDPandVNCdirectlyinstandardbrowsers
99Optimizedforsmartphonesandtablets
99Noclient-oradditionalsoftwarerequired
Web based visualization
99 Easylinkofindicatingandoperatingelementwithprocessdata(drag&drop)
99Readingandwritingofsystem-andprocess-dataviastandardbrowser
99 EditorforDashboardsandwidgets
99Accesstovisualizationpagesviaexternalstaticlinks
Data management
99Comprehensivereports(manualortime-controlled)
99DataexportasPDF,CSVorHTML
99Connectiontoenterprisesystems(ERP,SCADA)
99 Externaldatabaseconnection(mySQL)
99API-Accesstolive-andlogging-data
Your options
M2M-communication
PLC
LAN
PLC
LAN
Remote access
PLC
LAN
Data logging and alarming
PLC
LAN
RegisteredTrademarksofSiemens:TIAPortal,S7-300,S7-400,S7-1200,S7-1500,SIMATIC,S7,STEP7Beckhoff:TWINCAT3S-SmartSoftware:CoDeSys
3
Forremoteaccess,collectanddisplaydata,web-basedvisualization,monitoringandalarming,aswellasM2Mcommunicationonasecureplatform.
The server with the remote service portal as central connecting component between users and machine and displays the management interface.
VPN
HTTPS
SIEMENS, Rockwell,RSLogix, Beckhoff Twincat,Schneider Electric, Mitsubishi, …
You have access to web-server as well as VNC- and RDP-support via smart-phone or tablet without specifi c soft ware.
The service staff con-nects with the portal via client-soft ware(mbDIALUP) to have a IP transparent access to all devices behind the router.
Via webbrowser you can visualize equipment, read operating data or manage the process, look on the surveillance camera or on the webserver of the PLC.
TCP/UDP
The modular system – functional principle
Functional Principle
Terminalservertechnologies,suchasVNCorRDP,usuallyrequireaappropriateclientontheuserside,e.g.withJavaorFlash.mbWEB2gosolvesthisviaserver-sidedProxywhichtranslatesthegraphicoutputsofVNCandRDP,sothataccessispossibledirectlyviastandardbrowser.
ThembWEB2goprincipleisbasedonaHTML5webapplicationandthereforedoesn’tneedspecialplug-insoradditionalinstallations.Throughtheminimumresourcerequirementsit’sidealforsmart-phonesandtabletcomputers.
Webbased access
HTTPS
HTTPS
mbWEB2go is a service in the remote-service-portal and acts as PROXY – between RDP, VNC, webserver and browser
Browser
mbCONNECT24
4
VPN
PLC
LAN
Motion
RS-232/485
Security through:• Encrypted connections (SSL/TLS)• Only outbound connections • Regular security audits
The router allows the IP transparent access to PLC, HMI and other end devices. Additionally it serves as a fi rewall and collects data from control systems or sensors.
Connection to end devices with serial interface, Ethernet, MPI/PROFIBUS and USB.
PLC
MPI/Profi bus
PLC
USB
Webbased Access (mbWEB2go)
99MobileandsecurewebaccessviaHTTPS
99Workswitheverystandardbrowser
99AccesstowebserverandIP-cameras
99 SupportsRDP-andVNC-protocolswithoutspecialclientsorapps
99HTML5-capablestandardbrowserissufficient
99 Independentfromoperatingsystemontheenddevice
99AllowsthemonitoringandvisualizationindependentfromstationaryPCs
PLC
LAN
HMI
LAN
mbCONNECT24
Web Server
VNC Server
RDP Server
5
Central switchboard
The Center – Remote Service Portal
Varieties of the Remote Service Portal
mbCONNECT24
• Switchboardforusersanddevices(routers,datamodems)
• Allusersanddevicesonlyconnecttotheserver(socalledoutboundconnections)
• Centralmanagementofallprojects,usersandmachines
• Role-basedusermanagement
• Finelyscalableaccessrightsforparticipantsbehindtherouter
• Providesencrypteddataconnectionsbetweenthelocations
• Organizesdevicesandusersinprojects
• Providesefficientworkflowwithintegratedmessagingsystemandtaskplaner
mbCONNECT24Public Cloud
mymbCONNECT24.miniPrivate Cloud
mymbCONNECT24.virtual Private Cloud
• Startwithafree,readytouseenvironment
• Upgradetohigherscopeofperformancepossible
• Forsmalltomediumsizedprojects(upto250units)
• Completesolution
• ServerhardwarewithinstalledPortal-Software
• Readytouse
• Forsmalltomediumsizedprojects(upto100units)
• Hardwareindependentvirtualmachine
• Runswithyourhardware(inhouseorhosted)
• Widelyscalableinfunctionalityandscopeofperformance
6mbCONNECT24
Security at its maximum
• ThankstotheencryptingoverthesecurityprotocolTLS/SSL
• Thecompliancewithhigheststandardsalsoallowstheuseinbusinesscriticalapplications.
• Becauseonlyoutboundconnectionsarebeingused,asmoothintegrationintheexistingITisguaranteedwithoutsecurityconcerns.
• Theexistingsecuritystrategiesremainuntouched
• Thereforesecuringoftheauthentication,integrityandconfiden-tialityofthetransferredinformation.
• 2-factorauthentication(withSMSorGoogle-Auth)
• WithSecureRemotePassword(SRP)technology
• Regulartool-basedandmanualpenetrationtest
Top 10 Facts
1. Secureandtransparentaccesstocontrolsystems,machinesandunits
2. Useofexistingengineeringtools,suchasSiemensStep7,TIA-Portal,RSlogixorCoDeSys,asifyouwereonsite
3. DirectMPI/PROFIBUSinterfaceanddriverforSIMATICSoftware
4. WANconnectionviaPort80,443or1194andPROXY’s,ChinaGateway,oneclearIP-addressperserver
5. NospecificIT-knowledgerequired
6. SeveraluserscanconnecttoarouteratthesametimeandcanaccesstheIPnetworksimultaneously(Limitationthroughlicensesandbandwidth)
7. Fastcommissioningthroughconfigurationtransferviafile(USBstick)
8. Offlineconfigurationmanagementoftherouters(centraldatamanagementontheserver).Noconfigurationontherouternecessary
9. Personalizedandlimitedaccessrightsviaprojectmanagementontheportal
10. Scalableserversolutions
7
The Remote Service Portal in detail
Characteristics
Project Management
• Centralmanagementofallusers,systems,projectsanddevicesinoneplace
• Consistentlyweb-based-alladministrationandmanagementtasksareprocesseddirectlyinthebrowser,nospecialsoftwareisrequired
• Centralconfigurationoftheroutersanddatamodems:Configu-rationisstoredontheportalandloadedautomaticallyassoonasthedevicesconnecttotheportal
• Forsecureandtransparentremotemaintenanceoncontrolsystems,machinesandsystems
• Visualizeandoperateprocessdataofthecontrolsdirectlyfromtheportal
• Efficientlymonitorandstoreprocessdatainlong-termarchivesorexportasadatabase
• MachinesandunitswillbeequippedwithanindustrialroutermbNEToradatamodemmbSPIDER,whichregisterontheportal.
• MachinesandunitsestablishaVPN-connectiontotheportal:permanentwithpowersupply,program-controlledifrequiredorifrequiredbykeyswitchoratthepushofabutton,routerwithmodemviaSMS.
• Theroutersanddatamodemsdon’trequireafixIP-addressbecausetheenddevicesalwaysregisterthemselvesontheportal(alsonoSIMwithfixIP).
• Accesscontrolforeachdeviceconnectedtotherouter.
• Connectionofexternaldevices,withwhichyouconnectyourownOpenVPN-capabledeviceswiththeportal.
• Templatessimplifythejobwithrecurringconfigurations.
Interesting Facts
• PracticalprojectstructureinwhichthesitesandMachineryisdirectlyillustratable
• Project-relatedmanagementandconfigurationoftheenddevices
• Aprojectisthehighestauthority–allunits(datamodemsandrouters)areassignedtoexactlyoneproject
• Assoonasaunithasbeencreatedintheproject,theinterfacesandconnectedcomponentscanbedefinedandmanaged.
mbCONNECT24
Project
Device
PLC
MPI/Profi bus
PLC
LAN
HMI
LAN
Motion
RS-232/485
HMI
RS-232/485
Interfaces
System
LAN
SerialCOM
MPI/Profibus
USB
PLC
USB
8
Client and user administration
Task and message management
Reports Scheduler
• Thedistinctionbetweenclients,usersandusergroupssimplifiesadministration
• Theclientistheparent
• Userorusergroupsareassignedtotheclient
• Theuserrightsforseveraluserscanbeeasilymanagedbyusergroups
• Integratedmailingsystem,sendingemailsinternallyandexternally
• AlarmmanagementwithSMSandemail
• Sendingmessagestootherusers/projectparticipants
• Delegatetaskstootherusers/projectparticipants
• Rolebasedaccessmanagementforallusers:grantaccesstodatatodifferenttypesaufusers,likeoperators,servicetechni-cansorproductionengineers.
• Restrictaccessrightstoindividualportsorprotocols
• Finegradingofrights,forexampleoperators(generalplantdata),servicetechnicians(programmingaccess)andmanage-ment(productionfigures)
• Connectionreportswhichuserwasconnectedtowhichdeviceatwhichtime
• ReportsforSMSdispatch,dataconsumption,configurationtransmissionsandprocessdata
• ViewandexportreportsasPDF,CSV,HTML
• Sendingreports(connections,datapoints)
• Displayalltasksinthedashboard
• Organizerecurrenttasks
• Firmwareupdatesandrouteradministration
Client 1
Client 1.1
Client 1.2
User group 2 User group 3 User group nUser group 1
User1
User2
User3
User4
User5
User6
User7
Usern
Client 2
Client n
Customize
Adaptthelayoutoftheportalwithyourlogoorcompanycolors.Scalableuptoindividualfrontfoilofrouteranddatamodem.
mbCONNECT24
9
Access possibilities for remote maintenance and data collection
Transparent Access (mbDIALUP)
Possibilities of connection for internet and site-sided:
ETH 3G 4G WIFI ETH serialS7-MPI/
PB USBRemoteaccess
Datacollection
mbNET ✔ ✔ ✔ ✔ ✔ ✔ ✔ inprep ✔ ✔
mbNET.mini ✔ ✔ ✔ ✔ ✔ - - ✔ ✔ -
mbSPIDER ✔ ✔ - ✔ ✔ ✔ - - - ✔
Internet Site
VCOM,tunnelsvirtualCOM-PortsonCOM-interfaceofthembNET
SEARCHoverIP,MulticastforcommonPLC-programmingenvironment
TCP/IPEthernet-Protocols
mbNET.S7„Adapter“STEP7-Classic
andTIAPortalforMPI/PROFIBUS
USBoverIP,tunnelsvirtualUSB-PortonUSB-interfaceofmbNET
RS-232RS-485
BeckhoffWago,…
STEP7ClassicTIAPortal
RockwellSchneiderElectric
USB
VCOM
mbNET-S7
USBoverIP
TCP/IP
TCP/IP
SEARCHoverIP
mbCONNECT24
RS-232/485
PLC
MPI/Profi bus
10
S7 Ethernet
S7-MPI/PB
ModbusTCP
ModbusRTU
RockwellEthernetIP KNX
OnBoard I/O’s
mbNET ✔ ✔ ✔ ✔ ✔ ✔ ✔
mbNET.mini - - - - - - ✔
mbSPIDER ✔ - ✔ ✔ ✔ ✔ ✔
Data sources for the data collection
PLC
LAN
PLC
LAN
HMI
LAN
Motion
LAN
Motion
RS-232/485
PLC
MPI/Profi bus
PLC
USBEthernetSerialRS-232/485EthernetSerial
Ethernet
SerialRS-232/485
MPI/Profibus
USB
Ethernet
mbCONNECT24
11 mbCONNECT24
Web-based visualization
Characteristics
99 WorksaccordingtotheHTML5standard,worksonWindows,iOS,Android
99 Graphicalrepresentationofdataandstatesviafreelyconfigu-rabledashboards(instrumentpanel)
99 Visualizationofthedataofindividualmachinesandsystemorlocation-spanning
99 DataiscollectedbymbNETormbSPIDERinthefieldandtrans-ferredtothedashboardsontheportal
99 DatapointsfromthePLCormeasuredvaluesfromenergymeters
99 Youcansetyourownpictures(JPG,PNG)forthebackground
99 Displayofliveparametersviasystemimages
99 ToviewsimpleregistrationbyuserIDandpassword
99 Owndisplaypages(dashboards)withinformationfromsystemsandmachines(allpossiblewithinaproject)
99 Correspondingdisplayandinputelementssuchaspointerinstrumentsandbargraphsareprovidedasalibrary
99 Thedisplaypagesareconfigurableforproject,clientanddevicespecificpurposes
99 Visualizationscanbecreatedastemplatesandreused
Usethewebbrowsertocontroltheoperatingdataofyoursystem-directlyfromyoursmartphoneortablet.Thankstothebarrier-freeaccesstotheremoteserviceplatform,youcandirectlylookatyoursystembysmartphone-theydonotneedeitheranapporaspecialclient-theirpreferredbrowserissufficient.
Data collection
Create your own visualization surfaces
Omin:-30
Display in DashboardDisplay elementScaling
Rawvalue
18
Imax:10
Omax:+30
Imin:0
PLC
RS-232/485
PLC
MPI/Profi bus
see page 10
Database
Database
12mbCONNECT24
Data collection contains
Data collection and evaluation
Examples
Create data report ...
… as PDF
Data management
99 Monitoringprocessvalues
99 Alarmwhenlimitsareexceeded
99 Archiving,evaluatingandanalyzingdata
99 Provisionforfurtherprocessing(CSV,PDF,SQL)
99 Displayprocessdatadirectlyindashboardswithwidgetandpositionthemfreely
99 Analysisandevaluationviastandardbrowser
99 CreationofevaluationsinexportformatPDForCSV(AlsoforExcel)
99 Storethedatainanexternaldatabase(customersystem)orinternallyontheportalmbCONNECT24
99 DependingonthembSPIDERormbNETvariant,variousinterfacesandprotocolsareavailableforfielddevices(Seedatasourcesonpage10)
99 Pre-madetemplatesforcommonconfigurations
• Providesaccesstoallthedataintheportalinordertopro-cessitinitsownITenvironment(SAP,Excel,...)
• Basisforcustomer-specificapplicationssuchasreporting,long-termarchivesordetailedevaluation
• Retrievaloffaultmessagesandalarmhistory
• Enablesindividualwebvisualizationforendusers
Exampleforwidgetpositionsinabrowser
Exampleforfreelypositionablewidgetsinabrowser.Thebackgroundimagecanbefreelyselectedforthispurpose.
Exampleofthedisplayofloggeddata.Thesedisplayelementscanbeindividuallyconfigured
Data collection and visualization
13 mbCONNECT24
Alarming and monitoring
Intheeventofmaterialshortages,faultsorotherevents,pleasenotifytheappropriatepersonnelbySMSore-mail.mbCONNECT24canmonitoreverythingyouhaveasanexternalsignalorasavalueinacont-rolsystem–forexample,thetemperatureinacoldstore,theoutputofaproductionplant,theoperatingconditionofaheatingsystem,thelevelofasilo,thetemperatureofhydraulicoil,thelevelsettingsofriversorthepressureinthewatersupply.
Characteristics Alarm visualization
99 Alarmsforcertaineventsorexceedingthresholds
99 Easyentryandmonitoringoflimitvalues
99 Eventsandalarms,summaryofvariousattachmentsonadashboard
99 SendviaSMS,e-mailand/orviatheintegratedmessagesystem
99 Messageprofilescanbesetbymeansofcalendarfunctions,sothatthedispatchofthemessageistime-dependentandcanbecontrolledaccordingtoneeds
99 Thealarmhistoryisshowninthedashboard
99 Alarmscanbedifferentiallyprioritizedandthuscanbeselectivelyreportedtousers
99 Activealarmsaredisplayedintheformofalistorasagraphicalmap
Create your own alarm
Display in DashboardConditionScaling
Rawvalue
18
Imax:10
Omax:+30
Imin:0
Database
IfTemperatur>10°C
no
yes
Alarm
Omin:-30
14mbCONNECT24
M2M communication
Application example for a permanent virtual network infrastructure:
CharacteristicsM2M communication
99 Thecommunicationrelationsareorganizedintheprojectstructureintheportal.Eachdevicewithintheprojectcancommunicatewitheachother
99 Remotecontrolunits(HMI)cancommunicatedirectlywiththePLCsinthenetworknetworkviatheM2Mnetwork
99 WithintheM2MnetworkeachparticipantisaddressedwithauniqueIPaddress
• Automateddataexchangebetweenmachinesorbetweenterminalsandacentralcontrolcenter
• Networkingofplantsandmachinesamongeachother
• Alldeviceswithinaprojectareconnectedtransparently
• Permanentcouplingofnetworks
• TheSCADAsystemhaspermanentIPaccesstoallsubscribers(PLC)
• EachPLChaspermanentIPaccesstotheSCADAsystem
• EachPLChaspermanentIPaccesstotheotherPLC's
• RemotemaintenancetothePLCscanbecarriedoutatanytime
Machine3PLC
LAN
SCADA
REMOTEMAINTENANCE
Machine1PLC
LAN
Machine2PLC
LAN
WAN
LANVPN
Internetcompanynetwork
PLC2
HMI
PLC1HMI
LAN
PLC
LAN
PLC
LAN
DMZ
Machine2
Machine1
MBconnectlineGmbHoffersuniversalsolutionsforworldwideremotemaintenanceofmachinesandequipment.ThespecialistsatMBconnectlinecandrawonyearsofexperienceandextensiveknow-how.
MB connect line GmbHWinnettenerStr.691550DinkelsbühlGermanyTel.+49(0)9851/5825290Fax+49(0)9851/58252999
MB connect line Inc.4320WinfieldRoad,Suite200Warrenville,[email protected]
Follow us:EN:facebook.com/mbconnectlineincDE:facebook.com/mbconnectline
EN:twitter.com/mbconnectlineenDE:twitter.com/mbconnectline ©
201
6 M
B Co
nnec
t Lin
e G
mbH
. All
right
s re
serv
ed |
Text
and
pho
to c
redi
ts: M
B Co
nnec
t Lin
e G
mbH
, fot
olia
, shu
tter
stoc
k, S
iem
ens
AG |
mbC
ON
NEC
TLIN
E_EN
_11_
16_O
| La
yout
: H1Q
N.d
e
