Plant operators and machine manufacturers need to rethink their approach. This is because it is essential to design the future network structure in its entirety from the outset in such a way that it can be operated for direct data access for the purpose of process digitization without any concerns. The basis for successful holistic digitalization is the use of source data directly from the production process, which can only be implemented with an open, convergent network structure. Fast solutions with data acquisition via gateways or via the process image of the PLC limit the data volume and do not make the data scientist happy. Digitalization and thus the comprehensive provision of production data is only possible through forward-looking network planning with a holistic approach.

Criteria for OT network planning in order to successfully and holistically digitalize production processes can basically be described using three key words. The first is consistency. This enables direct access to data sources from the process. Certain rules must apply, which brings us to the second keyword, security, which prevents unauthorized access. The third keyword is capacity, i.e. the bandwidths that need to be taken into account during planning with regard to expected future data traffic. The bandwidth problem has clearly been solved with a view to gigabits. What needs to be changed, however, is the current fundamental compartmentalization. The aim here is to achieve the necessary flexibility, performance and security in planning by setting up virtual sub-networks using logical separation via VLAN (Virtual Local Area Network).

Consistency: Who has the overview?

The future always starts in the present. This also applies to data engineering, which is a crucial part of data science projects. This primarily involves the collection, processing and validation of data, which should always begin with an inventory. Particularly in the case of brownfield sites, it is important to gain clarity and an overview of the data sources and their development: What data is available, what data is required? What are the worst-case and best-case scenarios? Which consumer provides which data in which format? How reliable is the data from the PLC? Are capacity limitations to be expected? Further points are the network and performance analysis. The costs and benefits must always be considered and weighed up against each other to ensure that digitalization remains affordable.

The existing network must therefore be checked for the requirements of the ever-increasing "data hunger" in terms of topology, infrastructure performance and security requirements in order to ensure the flow of data. For the most part, machine and system networks are designed homogeneously, i.e. a controller for a Profinet application is declared a "trusted zone" in terms of security and reliability. However, the new requirements necessitate a convergent network design and therefore a much more global trusted zone.

The control systems are programmed according to all the rules of the art, each one works reliably and, of course, interfaces are also provided for communication within the automation network. However, this is not enough as a basis for meaningful and successful digitalization. In digitized production, there should be a common network. Each individual machine is then part of this heterogeneous network, in which several applications should run smoothly alongside and with each other. The consequence of this is that machine builders need to rethink, but they need clear specifications from the future network operator. This is the only way to avoid a serious increase in programming and engineering costs for the machines.

Tapping into data sources

Digitalization has a huge "hunger for data" that can only be satisfied with data from the machines. At the moment, all data comes from the machine control system, which is made available via the process image of the PLC or through additional applications. But do we really get all the data we need, or are we possibly being deprived of some? Let's take an example from energy efficiency.

Today, it is already possible to access energy consumption from individual consumers directly via the PLC. This is still somewhat cumbersome because there is no uniform standard, but a uniform language such as OPC UA opens the door for this. Instead, machine and system networks are shielded and an energy meter is used at the infeed from the control cabinet. The possibility of analysing peaks of individual consumers, potential for process optimization and thus potential savings are lost. This isolation ultimately means that only around 40% of the 100% possible process data is currently being used. This is a stumbling block, even a danger for the comprehensive idea of digitalization. In addition, we are denying direct access to "intelligent" sensors and actuators or setting up parallel networks.

Who is allowed in and with how much bandwidth?

The next aspects to consider when planning are network security and capacity. Despite the greatest possible continuity, it must be ensured that only authorized persons can satisfy their "data hunger". Here too, clear structures help to meet the necessary security requirements. In the previous section, we only talked about IT and OT levels. It is clear that there is a gap between these two levels. It needs to be closed: With a holistic network concept that provides for an additional level, the IIT level (Industrial Information Technology). This IIT level can be used to solve the known problems of end-to-end communication: Bandwidth, real-time guarantee, reliability and security requirements. In future, this level will have a high-performance infrastructure with intelligent network management that will enable different applications to operate stably and reliably. Virtual separations via VLAN connections ensure direct access, and diagnostics-capable managed switches, which act as "network policemen" so to speak, are used for both network and application monitoring. It is important to make the right choice here.

Special tools are available today to help with holistic planning and design. It is much more important to take a holistic conceptual approach before planning. This includes the aim and type of communication, structures, access authorization (security) and, above all, the issue of responsibilities. In addition to the Pronetplan software range and the Promesh diagnostic switch family, Indu-Sol offers a partnership for consulting, planning and monitoring in OT networks. Evaluation and analysis of the current status and concept creation in the sense of basic engineering for the network and thus creation of optimal conditions for data mining. Digitalization is in danger of failing if we do not create the conditions to make optimum use of data mining.

Karl-Heinz Richter, Managing Director Indu-Sol