An office worker is likely to have a mobile device somewhere—on the desk, in hand, in the pocket or clipped to the hip. The bring-your-own-device (BYOD) trend is maturing, and workers are using smart phones for both personal and business purposes. It was inevitable in the industrial workspace.
Plant-floor workers of all types are carrying mobile devices with them all the time. This provides access to more and better data by using mobile-device apps as a human-machine interface (HMI) for control and monitoring of machines on the plant floor, with a bit of collaboration included (Figure 1).
Machines and equipment on the plant floor are becoming more social, and there's an app for that. If not, the HMI is at least app-like, working on smart phones and tablets. Machine builders and end users are connecting to machines and processes with apps, and that has some advantages. While monitoring and control are important features of these mobile-HMI apps, the technology is providing more usable information securely on the plant floor, and some enable collaboration.
Mobility in hand
"Think about the computing power readily at hand when using smart phones or other mobile devices loaded with apps," says Hayden Serio, senior engineer at Maverick Technologies, headquartered in Columbia, Illinois, a Rockwell Automation company and a member of the Control System Integrators Association (CSIA). "In addition to phone calls, email, text messages and pictures, these devices can be used for taking notes, downloading documents or even digitally entering and storing round sheets, among other capabilities. Why not take it a step further and use mobile-app technology for real-time data analysis and reporting, system monitoring, diagnosing and troubleshooting potential problems?”
Using powerful mobile applications can greatly impact a company’s reliability and continuous-improvement programs, continues Serio. “As automation professionals make the rounds using mobile technology, they can make informed data-driven decisions in real time about manufacturing systems and processes, improving overall operational efficiency," he notes.
It’s important to make a distinction between mobile apps and mobile access, points out Sharon Billi-Duran, product manager, Rockwell Automation. "Mobile apps offer tremendous value by making use of mobile devices and their features," she says. "For example, a production app that turns a mobile device into a smart node can improve productivity. Workers can use the app to connect their mobile devices to other plant devices to see production, incident and device data. They can also sync their devices with those of other workers to collaborate on production issues. If a worker is troubleshooting a machine, the worker could use the app to share diagnostics with the team or even a photo the worker took with the device."
But the true value of mobility in production comes from using mobile devices to access systems and content, continues Billi-Duran. "Today, production is already highly mobile," she says. "People, machines and data all move around the plant floor. It only makes sense to give HMI screens the same freedom of movement so human processes, decisions and troubleshooting can occur faster. Also, we should remember that younger workers coming into manufacturing today grew up with mobile devices. They expect this technology to be part of their jobs."
Operators are used to consuming data and information from mobile devices, such as smart phones and tablets, more so than HMIs, notes Rob Goldiez, co-founder of Hirebotics in Nashville, Tennessee, a certified system integrator (CSI) of Universal Robots. “Our users consume machine status, production data, quality data and much more,” says Goldiez. “We have the ability to convert machine status into human readable messages that are delivered in real time via push notifications (Figure 2).”
"With mobile apps, real-time data can be delivered to associates in real time, wherever they are," says Nate Kay, project manager at Martin Control Systems in Plain City, Ohio, a CSIA member. "They no longer have to be standing in front of the machine to access this data. If there is an issue with a machine, it is often possible to troubleshoot that issue before setting foot on the plant floor. This can speed up recovery and minimize downtime."
Using mobile apps to access automated machines increases operator mobility. "The operators can control equipment while being near it," says David J. Stock, president at Innovative Control in Algonquin, Illinois. "It also reduces foot traffic needed when constantly returning to a control room and provides the capability of monitoring the process from any location within a facility."
For machine builders that may have a system that requires multiple operator stations, a mobile device can reduce this requirement. "The device can have additional functionality by leveraging barcode scanning and RFID technology," says Stock. "We leverage this to confirm operator presence, even to issue commands to the system. For process control, users can stay with the process and be connected to the same information and functionality that a control room would have."
"Small, handheld mobile devices can show users, such as operators or managers, what they and the engineering and technical teams need to know," says Stock. "But this should be handled completely differently compared to control room SCADA/HMI displays. The displays should be designed/architected for their size and purpose—primarily focusing on text-based views instead of equipment graphics or P&ID-based views. Focusing on a more text-based design enables the maximum usage of the small footprint, allowing several pieces of information to be displayed, and interfaced with, rather than just equipment status."
Another important aspect or consideration is around navigational structures—typical HMI/SCADA navigation methods should not be used with smaller mobile applications, as it could distract from the important pieces of information and functionality, says Stock. "Mobile-app navigation should flow intuitively to minimize training and button clicks. Typing on the mobile devices should be minimized, as well. Barcodes and QR codes reduce errors and operator frustration," he says.
Current HMIs utilize high-performance graphic techniques where fewer distracting shapes and colors use less screen space and communicate only the most critical state-of-equipment information, says Serio at Maverick Technologies. "Using these HMI techniques helps users to view the important information they need on small, handheld mobile devices."
Data is not always information. "It takes analysis and interpretation to make data valuable," explains Serio. "Trending is one way to visualize data over time and allows you to analyze recurring patterns and go beyond the current machine status. Being able to see multiple measured parameters over time will allow users to use their experience to make informed decisions about equipment."
The real potential lies in networking devices and correlating data across machines, processes and plants, says Kay at Martin Control Systems. "For example if I only analyze the data on one machine, that tells me a lot about that individual machine," he says. "However, if I correlate the data from many machines and compare that data with data from across the company, then I can start asking and answering questions such as: How can I improve my overall process? What are areas where efficiency can be improved? How can I improve efficiency? What are the causes of downtime? Why does Machine A seem to run better than Machine B?"
More social apps
"Machine-specific information related to geospatial location, technical information and current and historical alarm status of the connected machines can all be weaved together via a configurable dashboard application and can be customized as needed for specific user roles and scenarios," explains Mike Malone, principal of Technotects (www.technotects.com) in Harleysville, Pennsylvania. "These applications automatically scale to the size and shape of the mobile device, allowing the user the freedom of using BYOD. Mobile machine apps typically have a social media aspect to them, as well. The various team members that are tasked with supporting the machinery can interact and collaborate directly through the apps using simple text-messaging or through videoconferencing technologies such as with Facetime and Skype. These interactions are then logged into the case that gets created for the downtime condition. When confronted with a similar case in the future, technicians can quickly review the case and determine how the issue was resolved previously. It’s all about improving the productivity on the plant floor (Figure 3)."
Mobile apps enable faster and more collaborative and effective decision making by eliminating cumbersome workflows and removing the barriers of being physically present to assess and act, says Mariana Dionisio, DeltaV Mobile product manager at Emerson Electric. "They make it possible to monitor and share critical information without being restricted by location or regular business hours, enabling faster situational responses that help to decrease unscheduled downtime and improve safety and productivity," she says.
More specifically, mobile apps that access automated machines can integrate critical asset and process data from various sources, and they facilitate communication and sharing of data between workers in different locations with different functional roles, continues Dionisio. "Social media-like features such as threaded conversations, live chat, alerts and in-app sharing further enable real-time collaboration and feedback across the enterprise," she says.
"Mobile applications are well suited for communication with many different devices," says Serio at Maverick Technologies. "Wireless protocols, such as Wi-Fi and Bluetooth, make connectivity quicker and cheaper to obtain than older hardwired methods. Couple this with the Industrial Internet of Things (IIoT) technology, and you can create connections to machines, processes and plant systems very quickly. With the IIoT, the sensors and controllers that monitor and control industrial equipment have connectivity built-in; therefore, end users can connect to them via the manufacturer’s mobile applications. Sometimes, they can even connect via a simple Web browser. It is critical to keep cybersecurity in mind as increased connectivity comes with a greater responsibility to protect these connections from cyber attack."
To get connected, tools that were once in the domain of information technology (IT), such as virtual private networks (VPNs), industrial demilitarized zones (DMZs), virtual local area networks (VLANs) and firewalls are being used on the back end, says Kay at Martin Control Systems. "On the front end, many HMI and SCADA software packages have a mobile app plug-in for quick access," he says. "These apps make it possible for end users to quickly select the machine, process or plant they want to access using their mobile device."
Mobile devices, such as smart phones and tablets, generally connect to machinery through the factory LAN on Wi-Fi, or via the Internet using cellular communications, says Mike Malone at Technotects. "Today, they typically communicate to the machines using the OPC-UA protocol," he says. "OPC-UA was introduced in recent years to provide secure machine-to-machine communications, and many of today’s automation controllers, like GE’s PACsystems RX3i family have OPC-UA servers onboard. This makes it nice to develop mobile machine apps regardless of controller manufacturer type. OPC-UA is very open, although it offers a higher level of security, requiring proper authentication to gain access."
"All devices on networks, including control systems, have some inherent security risk, whether or not mobile apps are used," says Kay at Martin Control Systems. "However, if designed properly security risks can be minimized. Anytime we shop or do banking online, there is some security risk. Yet many people still shop on Amazon and check their bank accounts using their mobile devices as the risk is small compared with the benefits. Additionally being able to monitor and access your data in real time through things like mobile apps can increase security in the same way that a credit-card company can alert you to fraud by monitoring your data."
The first statement should be that with or without mobile apps, the plant floor is most likely already at risk for cyber attacks, says Scott Cunningham, product and application manager, controls and automation, at KEB America. "Many machines reach the Internet, either intended or unintended. ‘Was that old machine just connected to a production PC, which happens to have internet access?’" he asks. "It is important that the production floor also has security infrastructure in place as a baseline."
We try to use dedicated mobile devices that can be locked down and isolated from the business network and outside Internet, says Stock at Innovative Control. "Or don’t allow equipment control and sensitive material to be available on the mobile app," he says. "If outside network/Internet is required on the mobile device, this would require a DMZ bridge between the automation system and the business/Internet to further prevent possible intrusion and viruses."
Cybersecurity is a valid concern, states Serio at Maverick Technologies. "Any connected system should have it built in to its design," he says. "Hoping for 'security by obscurity' is no longer a valid approach to cybersecurity. IT managers should start with a robust network-security architecture that incorporates defense-in-depth strategies, as well as smart-domain policies. Over the past several years, however, mobile technology has matured so that more security options are available. The arrival of the Internet of Things and the Industrial Internet of Things has pushed manufacturers to integrate security down to the device level, rather than relying solely on secure infrastructure."
Mobile apps and mobile-device access can be secured just like any other digital connection in a plant, says Billi-Duran at Rockwell Automation. "Some security priorities specific to mobility include implementing WLAN security measures, authorizing mobile connections at multiple levels and using a mobile management platform that allows secure content delivery," she says. "Rockwell Automation and Cisco have released Converged Plantwide Ethernet (CPwE) design guides that address all these topics."
"Cybersecurity is a growing concern in all aspects of everyday life. The user is more likely to get hacked through an email—91% of cyber attacks are achieved through phishing emails—than through an app," says Kyle Davis, Smart Sensor technical support engineer at ABB. "In the instance of Smart Sensor, it is a completely wireless device that does not control a machine but strictly monitors that machine (Figure 4).
In the event that the user was hacked and someone was remotely controlling those machines, which is a worst-case scenario, having a parallel network of monitoring equipment that is not tied into their system could only be beneficial (Figure 5)."
Of course, you should also scrutinize the security of mobile apps and mobile-friendly software before using them, says Billi-Duran. "Make sure apps are designed with security in mind and take steps to secure user and application data," she says. "If you’re using virtualization, your thin-client software should not store data locally on mobile devices. Some thin-client software can even limit a user’s ability to access data to defined locations in a plant."
The most important thing for IT managers to understand about mobile apps is that well-designed mobile solutions can easily be as secure or more secure than other IT/OT systems, says Dionisio at Emerson Electric. "Strategic deployments can help to mitigate the risk to process control and production that cybersecurity threats could pose," she says. "One of the ways organizations can have a mobile-app solution depends on how they transfer data. By focusing on mobile as a monitoring solution, organizations can make data transfer read-only, meaning there are no writes allowed to the distributed control system (DCS) or the devices. Mobile solutions also offer the option to connect via local Wi-Fi, so information can be kept on private networks that are secured by IT (Figure 6)."
According to Dionisio, another way to mitigate the cybersecurity risk is to have intermediate or secondary servers that are located above the DCS or process control network and isolated by firewalls. Mobile devices access data from this secondary server via secure VPN or Wi-Fi; they do not connect to the DCS or other devices and systems on the control network directly.
If it's not a mobile-HMI app, it's app-like. "We use mobile apps, as well as desktop access to Web servers embedded in the equipment," says Rick Lamb, president at Midwest Technology Ventures, a technology-focused system integrator in Indianapolis. "In fact, I’m setting up a client project right now with mobile-app access. It's a material call application in an engine-assembly plant. Wireless pushbuttons are located in the assembly cells, wherever it’s ergonomically convenient for the operators. They push a button, and it sends a material call signal for the specific part they need."
At this point, the app provides important information such as material call status and requests. "There’s an iPad in the assembly area, allowing operators to view the material call status," says Lamb. "Material handlers have iPads on their forklifts, as well. They see a queue of the materials needed. When they go to the storage area, somebody has already picked those materials for them based on the assembly line calls, so the handlers can quickly deliver needed material to the workstations."
But there’s no actual app; it’s all code on the Web server that generates the pages for the user’s iPad. "The material call system is pretty much custom-coded; data is kept in an Oracle database; and the material requisitions are interfaced to the warehouse/inventory management system," says Lamb. "The server is a virtual server in the IT department; it serves up the Web pages to the iPads."
In a different application, monitoring a paint line in a manufacturing plant, Lamb uses the Web server built into Schneider Electric Magelis HMIs. You can selectively publish screens and data from the HMI to its own internal Web server. They can be the same screens shown to the operators on the HMI terminal or different. You can protect them with several levels of security and allow remote operations or view-only screens.
"The customer’s plant engineer has a dedicated computer in his office where he can remotely view the operations from his desk,” says Lamb. "He can also remotely access the plant network from home or wherever, and once logged in he can use remote desktop to that computer and remotely access it from there. He often uses it to remotely check on equipment that is running 24/7."
The paint line’s main PLC tracks line stoppages, downtime, line speeds, parts counts and other factors. "This information can be viewed by the operators on the HMIs but also by the supervisors in the department on their cell phones," says Lamb. "Schneider sells an app for phone/tablet viewing that allows remote access to the screens and reports on the HMI terminals. The same embedded server also allows them desktop access from anywhere on the company network."
Summing up apps
"Any piece of equipment that needs to be monitored or provide feedback could and eventually will be monitored," says Davis at ABB. "With machinery being as advanced as it is, the way to save money and improve manufacturing practices is to reduce downtime, especially unplanned downtime. Now through the use of mobile apps and sensors that communicate with the apps, cost-effective means to reduce downtime on all critical equipment is a reality."
Malone at Technotects points out the plant floor is full of purpose-built HMI screens of various shapes, sizes and vintages. "The security risk and support headache associated with patching and maintaining all of these HMI devices is becoming troublesome," he says. "A well-designed mobile application, which connects and collects all of the plant-floor machinery data into a single, simple-to-use user interface, will undoubtedly improve manufacturing productivity and unshackle the operators from their installed HMI screens and associated logins. The use of mobile-device apps has drastically improved consumer and commercial productivity, and it is just common sense that the industrial space will benefit just as well. Just as a driver can navigate around trouble spots on the highway using GPS-guided and crowd-sourced apps such as Waze, thereby improving his personal productivity, a process technician can avoid upstream issues and save a batch by rerouting the process. Having access to critical machine and process data and getting immediate alerts on your mobile device regardless of your location is key to reducing downtime and improving overall productivity.”