mul$%site*deploymentof* thinmanager*with*rockwell* · pdf file•...
TRANSCRIPT
Mul$-‐Site Deployment of ThinManager with Rockwell
FTViewSE Larry Grate & Stewart Whitlow
2
Agenda
Partnership Overview
Original Infrastructure
Terms
Who is PREMIER?
Who is Huhtamaki?
3
Agenda
New Rollout
Final SoluBon
Lessons Learned
IniBal ConfiguraBon
QuesBons and Answers
4
• 1920: Heikki Huhtamäki, at the age of 19, establishes “Huhtamäki Industries” – a candy factory – in rural Western Finland • 1930s: Expansion into food and packaging industry • 1960s: Packaging becomes a separate business. • 1970s: Huhtamaki’s packaging subsidiary becomes Europe’s leading disposable cup producer • 1980-‐90s: Packaging businesses acquired in Europe, Oceania, Asia and USA. First biodegradable packaging developed
Who is Huhtamaki ?
• 2000s: Focus and exper$se in molded fiber packaging, flexible packaging, release films and paper cup manufacture. Inaugura$on of new produc$on sites in Asia. • 2010: Huhtamaki celebrates its 90th anniversary year • 2011: Huhtamaki acquired Paris Packaging and Ample Industries • 2012: Huhtamaki acquired Winterfield, LLC • 2013: Huhtamaki announced new facility in Batavia, OH • Huhtamaki has grown from a mul$-‐industry company into a packaging specialist through more than 200 acquisi$ons and divestments since 1980. • The company has over 15,000 employees working in 62 manufacturing opera$ons in 31 countries.
5
Who is Huhtamaki ?
For more info . . . Visit PREMIER’s website at www.premier-‐system.com
¡ Founded in 1991 ¡ Privately Owned ¡ 150+ Employees ¡ CSIA CerBfied (6 Years) ¡ Corporate Office Located in Smyrna, TN ¡ Regional OperaBons in S.E. U.S.
§ Smyrna, TN § Decatur, AL § CincinnaB, OH
Who is Premier ?
• Rockwell Solu$on Partner – Rockwell Control / Informa$on/ Process
• THINMANAGER Pla$num Integrator
• Competencies – PLC/DCS Programming and Configura$on – HMI Development – MES Solu$ons – Legacy PLC/DCS Retrofits – Coordinated Drives Solu$ons
For more info . . . Visit PREMIER’s website at www.premier-‐system.com
Information
Who is Premier ?
• Industries – Automo$ve – Chemical – Consumer Products – Food & Beverage – Metals – Pulp & Paper
For more info . . . Visit PREMIER’s website at www.premier-‐system.com
Who is Premier ?
u VMWare u Hosted u Bare Metal
u Firewall u DMZ
Terms
11
Original Infrastructure
Partnership Overview u Rockwell Control System Familiarity u DCS Control System Experience u Network and Security Experience u Previous Control Hardware and So\ware Design Partner
u Control Panel ConstrucBon u Process Tuning and OpBmizaBon Support u MulB-‐Site support capability (Bandwidth) u MulBple years of experience working with Huhtamaki
u Rockwell Reference Architecture (PAx) u Use of a Domain
u SeparaBng FT Directory Server u Use of Redundant HMI Servers
u AssetCentre for Disaster Recovery and version control
u To save Hardware costs used VMWare WorkstaBon
u Host for Domain Controller
u Host for FTD u Host for AssetCentre
Ini$al Configura$on
u Thin Manager
u Ease of Maintenance
u Thin Client Replacement
u Server Failure
u Shorter ConfiguraBon Cycle
u Provided method for remote operator support
u Ease of redundant switch on server failure
Ini$al Configura$on
MultiMonitor iPhone/iPad TermSecure TouchScreen VirtualMachines IPCameras IPCameras Failover PXE Boot
>_F12
MultiMonitor iPhone/iPad TermSecure TouchScreen VirtualMachines IPCameras IPCameras Failover PXE Boot
>_F12
MultiMonitor iPhone/iPad TermSecure TouchScreen VirtualMachines IPCameras IPCameras Failover PXE Boot
>_F12
u Physical HMI Servers
u Deployment of DMZ for security and IsolaBon
u Use of Thin Clients and ACP for Operator StaBons
u Group Policy Changes
Ini$al Configura$on
Ini$al Configura$on
Lessons Learned – Ini$al Configura$on
u Use of WorkstaBon for Infrastructure hosBng is a poor choice.
u Upgrade to ESXI
u Thin Client Redundancy u RA License Challenges
u Port TranslaBon not present in DMZ for Remote Access
Network Security Changes • Wanted to accomplish two specific goals. – Port Transla$on in the DMZ to prevent malware propaga$on.
– Secure remote access with two factor authen$ca$on.
• Microsoh’s Remote Desktop Gateway was the tool chosen for secure remote access. – Port Transla$on 443 from the business 3389 to the process.
– Two Factor Authen$ca$on SSL Cert/User ID and Password.
Final Solu$on u Virtualized HMI Servers
u Virtualized OSI Server and Interfaces u Use of Remote Desktop Gateway for Secure Access
u Virtualized Development Computers
u Use of RDP/TC for Development Support
u Implemented Process Side wireless Access
u Use of script for automated Snapshot and Backup of Servers
u Use of VMWare EssenBals for ESXI Licensing
Final Solu$on
Final Solu$on
Final Solu$on
Final Solu$on
Ongoing Improvements u Use of Apple IPAD as TroubleshooBng device.
u AddiBon of Development sessions stacked on operator console.
u Use of IP Cameras for process monitoring.
MultiMonitor iPhone/iPad TermSecure TouchScreen VirtualMachines IPCameras IPCameras Failover PXE Boot
>_F12
MultiMonitor iPhone/iPad TermSecure TouchScreen VirtualMachines IPCameras IPCameras Failover PXE Boot
>_F12
New Rollout • Needed to provide informa$on to the factory floor from an MES applica$on.
• Desired to implement this without viola$ng the security policy created for other sites.
• Made the decision to move thin client technology into the DMZ. – Provide access to informa$on that is located on both the business and process networks.
– The DMZ is the touch point for all informa$on needed by opera$ons.
MES Archetecture
MES Archetecture
