With automation systems expanding in size, the effort needed to manage them grows rapidly

Author : Michael Babb, Control Engineering Europe

05 July 2010

Oh for the days of the mainframe computer — and the proprietary distributed control system. Yes they had their advantages, and they were relatively easy to manage from top to bottom. But today’s “open” process control systems have become an assortment of controllers, PCs and servers, engineering workstations, and what have you. How do you stay on top this kind of system?

Chris Lyden, president of PAS
Chris Lyden, president of PAS

How large have automation systems in today’s facilities become? Chris Lyden, president of software supplier PAS in Houston, says its not unusual to find a 200,000 barrel per day refinery with several process control networks consisting of 400 or more PCs each. And he’s seen much larger networks than that, systems with thousands of Windows PCs and servers sharing the same cable.

All of this is the happy result of the PC era, with the architecture of corporate computer systems shifting from mainframes and VAX clusters to client/server systems loaded with personal computers as workstations. People said they wanted “open” systems, and they got what they wanted. And as a bonus, to make life more interesting, the Internet was thrown into the deal.

So, if you’re an IT manager, how do you keep abreast of all of this? With so many different devices attached to the same networks, the vulnerabilities multiply. Simply applying Microsoft’s monthly patches becomes a headache when you have so many PCs (hopefully, all at the same revision level) on the network. There must be some rules, and strict enforcement.

Fortunately for the IT community, there have evolved software packages like “Solar Wind” to help manage large client/server systems. But this type of application doesn’t work well in the control room.

In the control room

In contrast to what the IT manager is facing, the manager of the process control network has a lot more on his plate. The automation infrastructure tied together by the process control network impact plant safety, economic throughput, environmental compliance, and equipment protection.

Each system contains a complex collection of tags, programs, databases, and user interfaces that change daily. It’s an IT infrastructure that simply didn’t exist with the traditional proprietary automation systems. And more often than not, it’s completely isolated from the corporate IT system, so that even if the IT managers had the appropriate tools to configure and manage the process control network, they would not be able to access it.

What are some of the special requirements of process control networks? First of all, managers of these systems must implement what has become known as “Common Operating Environment Compliance” which means the configurations of hardware and software on the network must be uniform to a certain standard. This ensures reliability and security, and importantly for the manager, it makes troubleshooting easier.

The manager of each network is responsible for defining the specifications of the Common Operating Environment. He might, for example, specify that all com ports and USB ports on all PCs in the network are to be disabled to prevent the possible intrusion of a virus.

Other things the network manager has to worry about include configuration changes on various devices, which may include upgrades, and licensing compliance. It is common nowadays for software vendors to provide a specific number of licenses and expect the manager to keep track of what is installed.

Vendor compliance is another area that may be difficult to track in a large network. Automation systems, like other products, are sold with warranties protecting against defects and malfunctions. However, some software installations and updates can inadvertently void the manufacturer’s warranty. The system manager needs to be able to identify unauthorized software, hardware, and configurations that may void these warranties.

There are several other aspects of great importance to the site manager: he has to be sure the system is available 24 hours per day, including clients that may need to access the system from off site through a virtual private network. Security is always a prominent issue.

Integrity Recon software

To address these issues, Mr. Lyden says his company PAS has released new software called “Integrity Recon.”

The software monitors and reports vital information and vulnerabilities about automation infrastructure. It helps the automation organization to better manage their system infrastructure, and allows managers to securely monitor different aspects of the control systems, such as license management.

An important aspect of Integrity Recon, says Mr. Lyden, is its ability to keep track of the system’s compliance with the Common Operating Environment — which is called the Standard Operating Environment in some installations. The system manager must sit down and completely define the rules for the COE, and this may take him several days to do, but after that is accomplished, the Integrity Recon software constantly monitors the network for compliance.

“It quite literally monitors the installed software, hardware, and operating system configurations for the servers, work stations, and desktop computers on the PCN and provides notification of any discrepancies from the defined COE,” says Mr. Lyden.

“This capability of Integrity Recon also facilitates software and hardware upgrades by identifying existing components and versions, while simultaneously verifying the prerequisites for new ones.”

It contributes to improving the security and accessibility as well, he says, by constantly monitoring Active Directories to see if they are operating correctly. Active Directories are Windows components used to protect and maintain the integrity of critical networks and systems.

For off-site users, the software’s web-based capability makes it accessible from the outside through the virtual private network.

“Since Integrity Recon supports a wide-variety of automation systems, our clients can now manage their entire automation infrastructure from the same application,” says Mr. Lyden,

“Properly managing compliance with common operating environments and the performance of plant automation infrastructure is an essential element of safety, reliability, and profitability for process manufacturers.”

See also our story about PAS' Integrity software, Sequencing the ‘Automation Genome’

Print this page | E-mail this page