Downloaded 23 times
Uploaded byInductive Automation
ICC 2020: Ignition with Cloud Services
Cloud services like AWS and Azure used in conjunction with Ignition offer many advantages. In this session, find out how using Ignition in a cloud environment can improve your solutions at an administrative, uptime, and management level. This session will also detail the networking and security implications and solutions to ensure a robust and secure system, and will take you through examples for outage usability, highlighting Ignition Edge as a local failover.
ICC 2020: Ignition with Cloud Services
- 2.
- 3. Dan Krohnemann Lead Engineer PanaceaTechnologies Inc. Michael Lehrich Automation Engineer Panacea Technologies Inc.
- 4. • Founded in1996 as an Automation Solutions Company • Automation and validation services • Capabilities ranging from small system upgrades to turnkey solution delivery • Successful portfolio of products including OpenBIO and Panacea Update Manager • Batch Experts with an emphasis on regulated Industries • Specialization in solutions for the Pharmaceutical and Biotech Industries • Specialized services for BAS, EMS, IT, and Cyber-Security areas Panacea Technologies Inc.
- 5. What is theCloud?
- 6. • Servers accessibleover the Internet • Rent server space and/or processing power to fulfil business needs • Variety of options in use cases, server sizes, operating systems, etc. • Flexible network architectures How does it work? What is the Cloud?
- 7. • AWS (AmazonWeb Services) • ~33% Market Share • Integration with many 3rd party applications • Microsoft Azure • ~18% Market Share • Integration with Microsoft suites (365, Office) • Google Cloud • ~9% Market Share • Supports Open Source technologies Key Providers (Q2 2020) What is the Cloud?
- 8. • SaaS –Software as a Service • PaaS – Platform as a Service • IaaS – Infrastructure as a Service What is it used for? What is the Cloud?
- 9. • Server/service sizes •CPU/Memory • Hard drive/SSD • Network Bandwidth • Runtime • Peak/Off-peak Pricing • Reserved Instances Options What is the Cloud?
- 10. • No needto purchase and maintain server hardware • Simple/flexible scalability • Server/DB • Ability to host on multiple regions • High uptime • Levels of redundancy • Database replication Benefits What is the Cloud?
- 11. • Everything isstored offsite • Security and data integrity concerns • Reoccurring costs • Complexity of options Considerations What is the Cloud?
- 12. Ignition in theCloud
- 13. • Headless orGUI • Choice of OS and Database • Runs same as local server instance • Ignition accessible Internet instead of local network • Mobile Friendly What does it look like? Ignition in the Cloud
- 14. • Security overthe Internet • Data Integrity • PLC/Device connections • VPN • PLC/Device control Considerations Ignition in the Cloud
- 15. • No needto purchase and maintain server hardware • Simple/flexible scalability • High uptime • Ease of gateway access • Ease in deployment Benefits Ignition in the Cloud
- 16. Networking in theCloud
- 17. • Ignition installedon cloud server • Database on Cloud • Installing database or use • Off-the-shelf cloud provider options • VPN to local network • Cloud based IdP Ignition in the Cloud Networking in the Cloud
- 18. • Do notneed higher end hardware locally • Lack of local control during outages • Ignition Edge • Reliant on Internet and Cloud service providers • Direct PLC Comms are risky • Considerations • Edge or Proxy Gateways Ignition in the Cloud Networking in the Cloud
- 19. • Cloud basedreverse proxy • IIS • Nginx • DMZ with proxy Gateway • No direct controlling Gateway connection • Security Zones • SSL On Premise Ignition Options Networking in the Cloud
- 20. • Configuration isall local • Only Gateway or HTTPS data out, no direct PLC or device connections • Additional installations to manage • Requires local server hardware On Premise Ignition Networking in the Cloud
- 21. • Great optionfor small companies • Option for large companies looking to expand • Network and security planning is a must • Can play to Ignition's strengths with security and Edge computing Conclusion
- 23.
Editor's Notes
- #4 Dan is a Lead Engineer and as been with Panacea for over 6 years. He is a Engineering Leaders Under 40 for 2019 and leads the Panacea Ignition development team. Mike has worked at Panacea for the past 3 years as an automation engineer. He has worked on large and small projects ranging from small additions to existing system to building from scratch. He is Ignition Gold certified and has built several production systems with the platform including a batch reporting tool and a high containment bio-processing suite.
- #7 What people call “the cloud” is a collection of servers sitting in a warehouse somewhere, that are available for rent. Renting a cloud server or server time allows you to utilize processing power and storage space to fulfil your business needs without needing local hardware and IT support. Cloud providers offer a multitude of options for a variety of server sizes, Operating Systems, and use cases. Utilizing the cloud allows for more flexible and dynamic network architectures.
- #8 The biggest names in the game are Amazon Web Services (AWS), Microsoft Azure, and Google Cloud.. AWS – One of the first to market. Tons of integration services with many different applications. AWS Sitewise Azure – Microsoft’s Solution, can offer integration into other Microsoft applications and suites, such as Microsoft 365. Upgrade/Migrate from HyperV to Azure Google Cloud – Currently the 3rd biggest provider, and offers a lot in terms of Open Source technologies, allowing you to not be constrained to a single vendor.
- #9 Software as a service – software needed is hosted online (Gmail, Microsoft Teams, etc.), often little to no client-side application needed. Little to no maintenance is required by the purchaser. It is an application you can access through the internet, and typically have no access to the backend configuration. Platform as a service – platform to build applications in the cloud with the ability to scale up and down as needed Infrastructure as a service –servers are rented, with the infrastructure being available to do what you need. Often a choice of OS. Most flexible of the options, but requires the most amount of maintenance for the purchaser. Servers can be sized to meet the needs of your application, and can be resized as needed if the applications or business grow. The servers can also be turned off when not in use, to save on cost, as most of these providers bill per time (often at the second level)
- #10 Servers can be sized to meet the needs of your application, and can be resized as needed if the applications or business grow. CPU, RAM, storage can all be customized depending on the service provider. The servers can also be turned off when not in use, to save on cost, as most of these providers bill per time (often at the per second level)
- #11 Works great for smaller companies with minimal IT staff or space for physical servers. This also frees up your team to focus fully on developing and maintaining your application. Flexible to accommodate demand. Automate server scalability during peak hours and reduce servers during off-peak hours. Multiple regions allows multiple levels of redundancy and more reliable connection to customers on other parts of the globe. AWS for example is committed to having an uptime percentage of 99.99% or greater (<5 minutes downtime per month). Depending on the cloud provider services selected, automatic replication is available for redundancy as well as database redundancy. Cloud providers also offer scalable databases which are managed by the cloud provider infrastructure but are isolated and secured by your network.
- #12 Since everything is offsite, internet access is required to access the data or applications. If the internet goes down, no access. Since it is open to the internet, you cannot “air gap” the system, where the process or control network is physically not connected to the corporate network or internet, leaving more potential avenues for access. Typically a monthly reoccurring cost, which can add up depending on server count, size, and usage. For a beginner, choosing a provider and VM size can be overwhelming (see screenshot from AWS estimator). Amazon Lightsail for example has a simpler selection of VMs to select from. Less flexible, and may not be able to use the full processing power, but could be a starting point for the inexperienced.
- #14 Ignition in the cloud can look very similar to your local installations. You have your choice of Operating System and databases. This allows you to easily install a headless Linux server and install Ignition to minimize cloud computing costs, but you still have the option to install you favorite Operating Systems or databases. Since the cloud server is accessible over the internet, Ignition can be accessed from anywhere. This allows simpler access with desktop or mobile devices that may not have VPN access when remote to the corporate network.
- #15 Repeat considerations from other page. Not “air gapped”. Need to consider security more. SSL/TLS should be utilized when possible to encrypt the connections. Identity providers can secure your logins to a currently setup provider, such as Microsoft 365 or G Suite. Access to the end devices from the cloud becomes more tricky than a server within the same network. A typical solution will rely on a VPN, to make a seamless network connection to the cloud server. Other options involve port forwarding, and certain protocols. Controlling a PLC from a cloud server should be minimized where possible, as it opens up a safety risk.
- #16 Can access the gateway, designer, and clients through an internet connection, not needing a VPN connection to the server or network.
- #19 A Raspberry PI or old laptop may suffice locally to get any data to the cloud server. You are dependent on internet services for your view or control. If the internet goes out, you will not have access to the system unlike a local Ignition installation. To reduce the risk of downtime during outages, you can implement and Ignition Edge installation local to the equipment. That will allow you to have a failover to be able to access the equipment locally, as well as the typical Edge features of Historical data buffering. Similarly, it can be a bit unnerving to rely on a third party for anything business critical. Communications to the PLCs or end Devices directly from the internet is very risky and a cause for safety concerns. Many PLCs do not lock down external access adequately, so exposing access to a server in the cloud
- #21 More secure: air gap from internet Requires more support to manage all hardware as well as software
- #22 Small companies who do not have the capital or space for server hardware are able to take advantage of the ease in setting up Virtual Machines in the cloud without needing a local IT team to manage the servers. Large companies can also take advantage of the scalability in quickly adding new servers without needing to go through purchasing and installing new hardware that may lead to delays, while a new cloud VM can be spun up in an instant. Networking and security need to be heavily considered before Ignition is put in the cloud and connected to any local devices. If Ignition is not connecting to any local devices and used as a stand-alone system, that can alleviate some safety concerns, but not security concerns that would be larger compared to an air-gapped system. Utilizing good security and data integrity practices can alleviate these risks. Ignition also suites itself well for alleviating these concerns. Utilizing an IdP, connecting through the Gateway network, and installing an Edge instance are al ways to make a cloud Ignition server application successful.
- #23 Dan