Using the cloud to meet certification requirements

14 October 2018

Arno Martin Fast explains how Ricola has utilised cloud computing alongside its tried-and-tested automation technology to provide a cost-effective solution to meet stringent certification requirements to allow it to export its products across the globe.

A pioneer in natural herb cultivation, Ricola exports 90% of its herbal specialties to over 50 countries with its strongest sales being in the USA, Germany, France, Italy, and Switzerland. The development of new candies and opening up new markets has required to the company to consider additional certification. Products heading to USA, for example, need to meet the stringent requirements set by the FDA. Storage and production processes have to be documented from end-to-end as part of such certification and this led to the company’s search for a solution, which it found with cloud technology in the form of Proficloud from Phonenix Contact.

Transmitting data across sites
The PROFINET Industrial Ethernet standard can be used to realise a range of automation concepts – from machine building and production technology, through process and building automation, right through to drive technology. The real-time-capable transmission protocol uses the TCP/IP channel and IT standards, and is able to incorporate both fieldbus and cloud-based systems. Proficloud technology – Phoenix Contact’s cloud-based, open IoT platform which connects hardware and software components – enables PROFINET networks, such as those operated by Ricola, to be connected to the Internet, opening up the limitless opportunities presented by the Internet of Things (IoT) to the user. 

But what does IoT have to do with making speciality herbal candy? The Ricola herbs are grown by approximately 100 herb farmers in five regions in the Swiss mountains. A total of 1,400 tonnes of herbs are processed annually. These herbs need to be stored and processed under optimum conditions. Both the administration offices and the storage and production facilities are located in Laufen, albeit in different districts. The decentral arrangement of the individual buildings means that relevant information needs to be exchanged as cost-effectively as possible. Furthermore, the solution must be integrated into the existing automation technology. To achieve an efficient solution, Daniel Bhend, senior director of technology/engineering at Ricola, worked with the integrator, Kundert Automation, and with Phoenix Contact. A combination of standardised communication protocols for automation technology and the Internet is used to exchange data over long distances.

Information on the condition of the storage rooms, which are located some 15km from the production facility, must be transmitted to the central distributed control system (DCS). To achieve this, the recorded measured values are transmitted via PROFINET protocol to the process control system. The relevant PLC also assumes the function of a PROFINET controller, which is why Proficloud was an option here. This is because a standard Proficloud application is normally made up of at least one Proficloud coupler, one Proficloud device, and one PROFINET controller. 

The Proficloud coupler connects the local PROFINET network to Proficloud via two Ethernet interfaces. While one interface is used to establish a connection to the local PROFINET system in the production facility, the second Ethernet interface is used to establish a connection to the Internet. The coupler then initialises a connection with Proficloud automatically, and is ready for use after a short amount of time. The same applies to Proficloud devices that are simply connected to the Internet, connecting automatically to Proficloud. 

At Ricola, the decentral AXC Cloud-Pro Proficloud controllers acquire the data from temperature sensors distributed throughout the storage rooms via Axioline F I/O modules transmit this via Internet to the Proficloud coupler. "By using Proficloud, we do not have to develop a complex network infrastructure," said Bhend. The system integrator simply had to register the Proficloud devices in Proficloud using its Universal Unique Identifiers (UUIDs) and assign them to the central Proficloud coupler. UUIDs are used for the clear identification of information in decentral systems, ensuring secure communication via Proficloud. Upon registration, the PROFINET system records the TLS-secured data transmission via Proficloud.

Retrieving weather information 
Along with the capture and transmission of measured values from the storage rooms, the latest weather information is also communicated to the DCS and this is added to the FDA inspection documents. Ricola could have installed a weather station for this, which would have had to be set and connected to the PLC. However, it was easier to use the Proficloud Weather cloud service, which allows the relevant information to be retrieved from the weather service via the Internet. This can then be used by the controller directly as PROFINET data. The Proficloud service is treated as a virtual Proficloud device in the Proficloud system. With the input process data, the user can determine which location the weather information is to be retrieved from – in this case by entering the warehouse coordinates.  

As soon as a connection has been established to the Internet and, therefore, the cloud, the PROFINET device sends its process data to Proficloud. Restricting communication to an outbound connection ensures that no Internet subscribers can communicate with Proficloud devices unsolicited in order to manipulate temperature data, for example. Once the connection to Proficloud has been established via the Internet, a PROFINET instance is created in the Proficloud coupler for each connected Proficloud device. The station in the warehouse and the weather device thus receive a separate IP and MAC address that is represented in the local PROFINET network. After that, each Proficloud device can be programmed as a local PROFINET device.

Protection from unauthorised access
Due to the fact that the data transmission of Proficloud couplers and devices is protected with TLS1.2 encryption and the connection can only ever be established by Proficloud devices, two fundamental aspects are taken into account with regard to data security of Proficloud. Even the web application for configuring Proficloud is securely transmitted to the user with HTTPS and is thereby protected against unauthorised access. This has been certified by independent agencies.

In conclusion, the combination of tried-and-tested automation standards and cloud technology has long been a reality. Proficloud, which has been available as a live cloud platform for over two years, is being used in ever more applications. In addition to the cloud-based PROFINET communication utilised by Ricola, time-series database solutions have also been realised and company-specific concepts have been developed that are based on Proficloud. 

Arno Martin Fast is product manager for Proficloud at Phoenix Contact Electronics.

Contact Details and Archive...

Print this page | E-mail this page