The Purdue Model And Ignition
A Secure, Scalable ICS Framework
4 minute read
In the automation world, the Purdue Model (also known as the Purdue reference model, Purdue network model, ISA 95, or the Automation Pyramid) is a well-known architectural framework for industrial control systems (ICS). The purpose of the Purdue Model is to help organizations build their ICS in a way that improves security, efficiency, and scalability. It achieves this by defining a structure for how industrial machines, processes, and technology interact with each other.
Because it is a standard, the Purdue Model provides valuable guidance while still allowing for adaptation to different situations and for evolution as new technologies are introduced in the industrial space.
In this article, we’ll take a quick, level-by-level look at the Purdue Model and how the Ignition platform fits into it.
Level 0: Physical Process
This is the lowest level of the Purdue Model, where sensors collect and process information from the environment, and actuators take digital commands and convert them into physical movements such as opening valves. In addition to sensors and actuators, other field-level I/O devices such as cameras, scanners, and monitors may also operate here.
Level 1: Process Control
At Level 1, programmable logic controllers (PLCs) and remote terminal units (RTUs) control and monitor the devices operating at Level 0. In controlled environments like plant floors, PLCs are most commonly used, while RTUs are mainly used in less-controlled remote environments. Because the Ignition platform includes many common PLC drivers as well as support for open standard protocols such as MQTT and OPC UA, it can connect reliably to practically any PLC.
Level 2: Supervisory Control
This level is where process control and real-time production is managed, and it’s where Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and HMI, alarming, trending, and reporting solutions reside.
For example, you could have a local Ignition SCADA server and client at Level 2 to see and control processes, and to track, display, and trend historical data. Your Ignition installation could be connected to a historical database, and with Cirrus Link modules that enable you to securely connect, publish, and subscribe to edge-of-network data via MQTT.
At Level 2, you could also have edge computing solutions. For instance, you could utilize Ignition Edge IIoT to bridge device data between remote sites and the plant floor by publishing it to an MQTT server or another endpoint, or utilize Ignition Edge Panel to turn any screen into an IIoT-capable HMI that provides visualization at the edge.
Level 3: Operations Systems
Plant-wide operations and processes are managed at Level 3. Here, you could have a central Ignition gateway connected to a client. Ignition could also be connected to a SQL database, which enables your organization to track transactional data, and helps your IT and OT departments to work together better.
This level is also where you could have Manufacturing Execution Systems (MES) software, which assists with decreasing downtime and increasing overall equipment effectiveness (OEE), statistical process control (SPC), traceability, and batch processing control. Through these functions, MES helps your organization to bridge the gap between HMI/SCADA systems in Level 2 and business-oriented applications like Enterprise Resource Planning (ERP) in Level 4.
Level 3.5: DMZ
This "in-between" layer allows for separation of networks between the operations technology (OT) and information technology (IT) layers. This is in accordance with security best practices. For more information on security best practices within an automation environment, see our Security Hardening Guide.
Level 4: Enterprise
Level 4 is the highest level of the Purdue Model. This is where activities such as production scheduling, business planning, financial reporting, and ERP are used for corporate planning, strategy, and decision-making.
You might think of this as “the cloud level,” because this is the place for cloud-based platforms like Ignition Cloud Edition, which can be connected to a cloud-based SQL database. Ignition Cloud Edition can also use Sepasoft modules that connect it to ERP systems, such as SAP.
Ignition Cloud Edition can also be paired with Cirrus Link Cloud Injector modules that enable users to select tag data from Ignition to send it into AWS, Microsoft Azure, or the Google Cloud Platform for analytics.
Learn More
The Purdue Model continues to be an important ICS standard for today’s industrial organizations to follow, and Ignition integrates seamlessly across all of its levels.
To learn more about building scalable and secure architectures with Ignition, check out the following resources:
Posted on December 20, 2024
Want to stay up-to-date with us?
Sign up for our weekly News Feed.
By clicking "Sign me up," you agree to Inductive Automation's Terms of Use and acknowledge that you have read Inductive Automation's Privacy Policy.