Whi

te P

aper

SmartGlance Mobile Reporting – Architecture and Data Security

Authors: Saadi Kermani, Manager Industry Applications & Solutions, Invensys Operations Management Bimal Mehta, Director, Industry Applications Management, Invensys Operations Management Steven L. Weygandt, Portfolio Consultant – Partner Products, Invensys Operations Management Snehal Shah, CEO & Founder, Sarla Analytics

What’s Inside:1. Introducing SmartGlance Mobile Reports2. Architecture 3. Wonderware Mobile Reporting Connector:

Collecting and Preparing the Reporting Content for Mobile Reporting

4. The SmartGlance Business Report Generator5. The SmartGlance Mobile Application6. Security7. Conclusion

Page 1

1. Introducing SmartGlance Mobile ReportsSmartGlance Mobile Reports offers managers and information workers within the manufacturing and process industries secure access to critical process data from anywhere using their existing smart phone or other mobile device.

Integrated within the InFusion™ Enterprise Control System (ECS) platform, SmartGlance brings together data and information from a wide range of sources, providing familiar key metrics and graphical trends. Using an existing smart phone such as a Blackberry® or iPhone®, production management and information workers can view real-time production metrics either in tabular or even in high resolution graphical form, complete with support for international languages and date and time formats.

2. ArchitectureSmartGlance Mobile Reports are a perfect complement to an existing ArchestrA®-based plant automation solution. The provided .NET Wonderware® Mobile Reporting Connector can retrieve data from the Wonderware Historian®, Corporate Energy Management (CEM) Application or InTouch® via Wonderware HMI Reports. SmartGlance can also aggregate data from any standard Microsoft® SQL- or Oracle®-based server database — allowing a broader range of data to be accessible by plant workers.

The SmartGlance offering also has an available API to allow further extensibility by third-party developer teams who desire maximum customization and control.

The SmartGlance Mobile Reporting Solution Architecture consists of three major elements:

•A Wonderware Mobile Reporting Connector to aggregate tag data and reporting content from available plant intelligence•TheSmartGlanceBusinessReportGeneratortocreateandservepre-definedorcustommobilereports•The SmartGlance Mobile Application for iPhone, Blackberry and other supported mobile devices

SmartGlance Mobile Reporting – Architecture and Data Security

Page 2

3. Wonderware Mobile Reporting Connector: Collecting and Preparing the Reporting Content for Mobile Reporting Onceapre-definedmobilereporthasbeenselectedoracustomreportdefined,theWonderwareMobileReportingConnectorperforms secure database queries against one or more data sets to aggregate the reporting content.

•TheWonderwareMobileReportingConnectorreliesontheMicrosoftActiveDirectorySecurityModeltodefinetheusersorgroupsthat will have the appropriate permissions to view the controlled and managed content made available from the connector.

•Thefrequencyofcollectingreportingdatacontentisconfigurableandcanbesettouser-definedperiodicintervalsorcanbeinitiated on-demand

•Allthedataaggregationdonebytheconnectorisfirewallfriendlysinceitoccursbehindthefirewallandinsidetheorganization

•Oncethespecifiedandcontrolleddataaggregationhasoccurred,theresultingdatasetisthensecurelypushedtotheSmartGlanceBusiness Report Generator.

4. The SmartGlance Business Report GeneratorTheSmartGlanceBusinessReportGeneratorparses,formats,preparesandlocalizesreportingcontentfortailormadeorpre-definedreports for mobile devices. The SmartGlance Business Report Generator can be accessed as either a trusted hosted solution or implemented directly on customer premises.

SmartGlance provides a hosted solution also known as Software as a Service (SaaS) to alleviate many of the common burdens of hostingasolutionin-house.Withahostedsolution,therearenoupfrontcapitalexpendituresforhardwareandcustomersbenefitfrom a maintenance-free and scalable mobile reporting solution for a low annual subscription rate.

5. The SmartGlance Mobile ApplicationIndividual users can download the free SmartGlance App from the appropriate online application store. The native SmartGlance providesauthorizeduserswithreportsspecifictotheuser’sinformationneeds.Toensurebandwidthiskepttoaminimum,theSmartGlanceapplicationonlydownloadsthereportsneededwhileatthesametimekeepingusersawarethatspecificreportshaveupdated content.

SmartGlance Mobile Reporting – Architecture and Data Security

Page 3

The diagram to the left illustrates the SmartGlance Mobile Reports Architecture.

Data from PLCs and Field Devices connected through the ArchestrA System Platform, in addition to custom databases or application stores, provide the reporting content for the SmartGlance Reports Generator through Data Providers.

Data Providers provide the mechanism to query the various data sources and collect the reporting content.

TheSmartGlanceConfiguratorisusedtoconfigurereportsand to associate the appropriate users to each report.

The hosted Business Report Generator then manages the secure delivery of the prepared reports to authorized mobile devices for real-time review and analysis.

Thediagramontherightillustratestheflowofinformation used in the SmartGlance Mobile Reports architecture.

Valuable plant intelligence is queried against one or more data sources and the results are passed to the Wonderware Mobile Reporting Connector. The Connector,onceconfiguredusingtheConfigurator,pushes the XML reporting content using Secure HTTP to the hosted SmartGlance Business Report Generator.

The SmartGlance Business Report Generator then uses aspecificmobiledeviceAPIstosecurelydeliverthefinalreportsandreportupdates.

Separately, a designated Administrative user can log into the SmartGlance Business Report Generator website to manage user and group privileges and report properties.

SmartGlance Mobile Reporting – Architecture and Data Security

SmartGlance Mobile Reports Architecture

SmartGlance Mobile Reports Architecture - Protocols

Page 4

SmartGlance Mobile Reporting – Architecture and Data Security

6. Security The SmartGlance Mobile Reporting Solution has security measures built in throughout each element of its architecture.

SmartGlance uses Microsoft and standard internet technologies for its data services platform, including Microsoft SQL Server, Web Services, HTTPS and ASP.NET.

•Data aggregation for the reporting content is all done within the customers networkandbehindthefirewallsoitisfirewallfriendly.

•Reports leverage the Microsoft Active Directory Security Model for complete control over which reports are made available to selected users and groups.

•ReportDatais‘pushed’inacontrolledmannerfromthefacilitytoafixedandhighly secure hosted location via HTTPS using 128-bit Encryption, independently verifiedbyThawteofVerisign,athird-partySecurityCertificateAuthority.

•Only authorized mobile users and devices are allowed to download reports based on the three pillars of secure connectivity – authentication, authorization and encryption (see explanation graphic on the right).

• If a non-hosted approach is required, a secured plant-wide Wi-Fi network can be used as an alternative to cellular networks to still enable mobile reporting within the confinesofthefacility.Thissolution,althoughrequiringahigherinvestmentinresourcesandcapital,wouldstillallowthebenefitsofa SmartGlance Mobile Reports implementation, while keeping all data exchange and mobile reporting in a restricted space.

SmartGlance’sdatacenterisstate-of-the-art,withprotectivemeasurestosecurethefacility,includingtemperaturecontrol,power,firesuppression and network bandwidth. Safeguards include:

•24-inchraisedfloor•Steel Seismic Bracing •256+/-fixedpositioned,securitycameras•Level 5 bullet-resistant walls / glass (Kevlar-lined walls) in the front entry, lobby, guard station, and shipping and receiving areas•24 x 7 x 365 on-site security guards•Data Center temperature maintained at 72 degrees F +/- 2 degrees•10 Caterpillar 2000KW (2.0MW) generators•VESDA–VeryEarlySmokeDetectionandAlarmsystem;smallwhite‘airsamplingtubes’drawairintochambers,wherelasers

analyze the air for smoke content•Redundant OC48s

Secured ServiceThe architecture of the service is twofold. The data is transmitted from your company’s database to Sarla’s cloud hosting service and from Sarla’s cloud hosting service to your cell phone or mobile device. The service is fully secured and embraces the three pillars of secure connectivity — Authentication, Authorization and Encryption. The three foundations of Secured Service:

AUTHENTICATIONSmartGlance achieves authentication by registering the phone hardware with your login in the service. This registration ensures that only a “Registered and Authenticated” phone can access the SmartGlance service. Also, only Registered and Authorized users can send data to the SmartGlance service. So, the service is protected from all sides in terms of where data comes in and where data goes out. Each communication message has built-in authentication.

AUTHORIZATIONMobile-Level authorization: In addition to hardware and device authentication mentioned above, the user must be authorized to use the service. Unless a user has a password, he will not be allowed to use the service and access data. So, the user must log in from his own phone and also must have his password to access the service. This level of authorization comes in handy if the user loses his phone hardware. Whoever finds the user’s phone will not be able to access this service without the user’s own password.

Report-Level Authorization: When the company administrator sends the corporate data to SmartGlance’s hosted service, he is required to enter the email addresses of authorized viewers. So, each report that comes to the host system will have a list of email addresses that are authorized to view that report. So, if a user is not authorized to view a particular report, his email address will not be in the report. This is the ultimate level of security.

ENCRYPTIONAll data communication from your company’s database tot he Sarla hosting service and from the Sarla hosting service to your cell phone is controlled under full encryption (HTTPS) secured site verfied by a third party, Verisign Thawte security certificate. All data is encrypted prior to transmission to ensure security from any internet programs.

Page 5

SmartGlance Mobile Reporting – Architecture and Data Security

7. ConclusionThe SmartGlance Mobile Reporting Solution is a convenient and simple way to bring meaningful real-time plant intelligence to both production workers and executives in your organization who already use smart phones and mobile devices.

The hosted solution keeps your data safe and protected and iseasilyscaledandmodifiedwithouttheneedforadditionalinfrastructure investment to support your ongoing or future information needs.

Already have an iPhone or iPad? Start using SmartGlance right away!

Log into the Apple App Store and search for SmartGlance or navigate to:http://itunes.apple.com/us/app/smartglance/id382617306?mt=8.

Download the app and log in as a registered user with the following credentials:

Username: demo@invensys.comPassword: password

For more information on how the SmartGlance Reporting Solution can help you, visit http://www.smartglance.com/.

Invensys,theInvensyslogo,ArchestrA,Avantis,Eurotherm,Foxboro,IMServ,InFusion,SimSci-Esscor,Skelta,Triconex,andWonderwarearetrademarksofInvensysplc,itssubsidiariesoraffiliates.All other brands and product names may be the trademarks or service marks of their representative owners.

© 2011 Invensys Systems, Inc. All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying, recording, broadcasting, or by any information storage and retrieval system, without permission in writing from Invensys Systems, Inc.

Invensys Operations Management • 5601 Granite Parkway III, #1000, Plano, TX 75024 • Tel: (469) 365-6400 • Fax: (469) 365-6401 • iom.invensys.com

Rev. 04/11 PN WW-4077