The Device Chronicle interviews Pyry Grönholm, CEO, Prosys OPC on the importance of OPC UA as a machine to machine communications protocol in industrial automation.
In industrial automation, OPC Unified Architecture (UA) is a platform-independent service-oriented architecture that integrates all the functionality of the OPC including Data Access (DA), Alarms (AC) and Historical Access (HA) – into one extensible framework. OPC is the standard way in which factories transport information from production machines and shop floor equipment about how they are used and how they are performing.
OPC UA is a platform independent from embedded microcontrollers to cloud-based infrastructure. There is a big focus in OPC UA on security: encryption, authentication, and auditing. It is extensible with the ability to add new features without affecting existing applications, and lastly and most importantly, it provides comprehensive information modelling for defining complex information.
Prosys OPC is an active member in the OPC Foundation and the Open Industry 4.0 Alliance, and has an SDK and a solution set for helping both machine vendors and factory operators to use the full capabilities of OPC UA. Pyry has been at Prosys since 1997. From the beginning, Pyry explains that the company was focused on machine connectivity and industrial automation and so has extensive experience in this field. Pyry started out as chief programmer for customer projects and then moved on to being head of customer projects, before eventually becoming CEO.
Value of OPC UA
Pyry has a very pragmatic view on the value of OPC UA. He says “If you want to create a simple and maintainable Industry 4.0 factory then there is no alternative but to use the OPC protocol for machine communications. The value is high and OPC UA provides the easiest and simplest way to do it. OPC UA has a much more complete feature set than MQTT with Sparkplug B, which many people consider as a viable alternative, for example. Pyry also explains that in an Industry 4.0 setup, the factory operator will need an accompanying cybersecurity project as the machine data must only be accessible by parties that are trusted. OPC UA has all the key security components built in to enable robust security protection. There is integrated connection monitoring and automatic detection of failures. Pyry argues that “You will not find this with the basic MQTT-based protocols. OPC UA is the only feasible way to do Industry 4.0 factories.” There is another challenge in the OT environment where with “brownfield” factories, proprietary protocols such as Siemens S7 Communication, Ethernet IP, and Beckhoff ADS are widely used. These proprietary protocols typically come with very few security features integrated. Pyry recalls one example of where cybersecurity was completely lacking in a factory environment: “There was a factory with control software for the printing machine and the development team used an unprotected socket connection from the office to the factory. This is a classic case. The right approach in this case would be to use a DMZ network between the factory floor and everything else – office, cloud – and there should be gateways in the factory floor network to convert everything to OPC UA.”
Importance of trust
With OPC UA, Pyry explains that you can encrypt the transportation and use certificates to trust the other parties such as the client sending a certificate to the server and the connection will not be created unless the certificate is trusted by the server. You can sign the client certificate with a CA so the server will trust it. GDS in OPC UA keeps track of certificates: “It is similar but different to HTTPS in that you can use certificates to encrypt the communication and authorize the connection. Role based access control is also supported so that different types of users can have different levels of access to the nodes and with regards to what they can do on the server. With OPC UA, you can also perform integrity checks to ensure all the data is transferred, so in this way “man in the middle attacks” can be mitigated. There are also mechanisms to prevent Denial of Service attacks. All that can be done on this level to make the connections secure with OPC UA.”
Some drawbacks with OPC UA
Pyry admits that all of these impressive integrated functionalities can make OPC heavy to use. Pyry admits that “It has a specification that is not always easy to implement. Developers need to use libraries so this presents complexity but the benefits with OPC UA are that even with the most complex use cases, they are tackled in a robust and secure way.”
Importance of common information models in OPC UA
Pyry explains that the end game with OPC UA is to get machine data flowing securely. The second level up in OPC UA is the information model. This makes the key difference between OPC UA and MQTT. With MQTT, you define how to transport things. With OPC UA, you define what will be transported. In fact, the OPC UA communication can be handled by MQTT because the semantics used will be the same. If the packaging machine interface and node names are agreed, they will remain the same regardless of which transfer protocol is used, it will be recognised by those that are consuming the data as for example, the packaging machine will have the expected values. “Eventually, you can take MQTT and put the OPC UA communication there because the semantics will remain the same. So, for example, if a factory operator has agreed that the packaging machine interface will look a certain way, and that the machine node names will be this within the semantic framework of OPC UA, then those labels would remain the same for the data consumer even if the message is sent via MQTT. “That which is consuming the data can take the data from the said packaging machine such as the machine name, machine speed etc, as standardized semantics.”
Common information models
Pyry explains that the common information model in OPC UA is distinguished by different types: major industrial players such as robot vendors come together and define the information models for robots and then they become part of the OPC UA model. There are also vendor-specific information models. These would be used in industries where the machines are not standard but are custom built for the specific needs of customers within that industry. These customized machines could be unique, and the vendors could have a unique information model that might need specific naming conventions for the machine nodes. These would have to be followed in OPC UA as being vendor specific. This is done based on the factory demand. In pharmaceuticals, for example, they have hard requirements for track and trace around machine diagnostics. They need to be able to retrospectively analyze data based on standard harmonized data models from all machines for analysis – pieces per second should be used rather than pieces per minute. Integrations and upgrades also become easier if the information models are standardized. The business value for Pyry is that ““The integration work for bringing a new machine or ID system on board is reduced by 90% with a common information model and data exchange system.”
OPC UA Edge
Prosys OPC offers a new solution called OPC UA Edge to help companies use standardized information models. Pyry explains that a machine vendor or factory operator can use UA modeler tools or a company specific OPC UA information model for instance, by importing it into the OPC UA Edge application. This will create an OPC UA server according to that information model so that OPC UA services of the existing machines can be connected to it. This means that a factory operator can retrofit older machines to look like the new machines leading to huge efficiencies in systems management. This model can help IT systems with Overall Equipment Efficiency (OEE) reporting answering key questions such as how fast was the production run compared to full speed? Or what percentage was the waste from the production? MES systems and cloud systems can also get the data in standardized formats from all different machines for reuse and analysis. The OPC UA Edge solution will also enable the OPC UA protocol to be used with any MQTT broker. Furthermore, it enables integrations with Azure IoT Hub and AWS IoT Core so that OPC UA data can be shared with these systems.
We wish Pyry and his colleagues at Prosys OPC well as they continue to innovate in factory machine to machine communication that support key data and analytics needs.
Prosys OPC and Northern.tech (Mender) are both members of the Open Industry 4.0 Alliance.