How to bridge deterministic control and edge integration

Aaron Dahlen, applications engineer, DigiKey: This is best answered by considering the type of resource that will be controlled, including a safe, deterministic or buffered edge.

With regard to networks, machine control is classified as:

• safe: This includes safety PLCs, light curtains, e-stops and networks such as ProfiSafe. This is where we design for the safety integrity level (SIL) or performance level (PL) requirements. Any network failure will cause the machine to enter a fail-safe state.
• deterministic: This category includes time-critical signals that a machine requires to operate. Ethernet-connected distributed remote I/O, not specifically identified as safety-rated. An example is a central PLC in a distribution center that coordinates the movement of objects on a conveyor. A network failure disables the machine but does not make it unsafe for the operator, when viewed through a SIL/PL lens.
• buffered edge: This class of communication is important but not deterministic. This is where the horizontal factory floor interfaces with the vertical enterprise network. Staying with the conveyor example, the vertical computers provide "what goes where" data. The PLC provides telemetry data for the folks in the control room: job status, speed, rejection and faults. The use of buffers differentiates between edge and deterministic control. The deterministic signals live close to the PLC scan cycle, while edge devices are more tolerant of network fluctuations. A network fault is tolerated and even expected. However, this does not imply network communication is inconsequential, as our example conveyor does not move without external instructions.  

There is zero room for negotiation when it comes to safety systems. The design, as well as the continued maintenance of this reflexive safety network, falls squarely on the shoulders of the machine designers, including the PLC programmer. This is operational technology (OT) territory. Each hazard must be identified and appropriate SIL/PL mitigation implemented.

The OT team typically manages the deterministic interface. This could be visualized as a set of "do upon network failure" settings for the distributed I/O.

Can Ethernet ports be physically or logically isolated, and how can you configure a demilitarized zone between the factory floor and the corporate WAN?

Aaron Dahlen, applications engineer, DigiKey: Nearly all mid to high-end PLCs have two Ethernet ports. For reliability/redundancy, both ports are used in a loop. The system will remain operational, even with a single wire break. Some PLCs have a third port for connecting to the edge network. This provides a natural separation between the command-and-control network and the external IT network. For those PLCs without three ports, an external module is usually available.

How can you calculate an acceptable round-trip latency for a data packet traveling from the high-speed I/O backplane to a local C++ or Python application and back to the output?

Aaron Dahlen, applications engineer, DigiKey: Things get even more interesting when we consider the “levels” of real-time control. An interrupt-driven PLC can respond in as little as 300 µs, while standard scans are in the 20 to 100 ms range. This matters when we explore “edge” because networks and external computers are not sufficiently fast for time-critical applications.

Get your subscription to Control Design’s daily newsletter.

What are the advantages or disadvantages of an open or closed edge environment?

Aaron Dahlen, applications engineer, DigiKey: There is confusion about the definition of “edge.” In some cases, we are talking about a true edge controller with significantly more horsepower than the PLC. At other times, the term describes a bolt-on, non-PLC-invasive method for extracting data from the factory floor. One is a heavy industrial piece of equipment, and the other is a lightweight data-collection box.

It’s hard to comprehend the power in modern PLCs. We tend to think of them as ladder-logic machines, but they are actually powerful data-processing nodes. Also, most are built with the equivalent of a real-time operating system (RTOS). Siemens runtime on S7-1200 isn’t exactly Zephyr on an STM32, but task scheduling and deterministic timing are present, as are hazards when interrupts are enabled.

How easily can existing PLC logic or IEC 61131-3 programs be deployed or migrated to the edge controller environment?

Aaron Dahlen, applications engineer, DigiKey: Much of the “edge” functionality can be integrated directly into the PLC and is highly desirable for many applications. The PLC must respond to external data and fail gracefully when the network malfunctions. Therefore, “edge” with its negotiated control could be a core operation of the PLC. Here, negotiated control is the recognition that the PLC controls the machine/process; the edge system can request actions but cannot directly command the PLC.

There is a burden of responsibility associated with the PLC-to-edge boundary. Here, we recognize that a PLC-centric mindset runs up against real human limitations. Few people can hold the entire OT and IT talent stack. Also, such people are very difficult to retain and grow. This implies that a shared responsibility is required.