Securely Monitor Critical Systems From Anywhere
Building Solutions for Remote Monitoring with Ignition60 min video / 51 minute read View slides
Chief Strategy Officer
Co-Director of Sales Engineering
Esteban Núñez Varela
Software Automation Engineer
With social-distancing guidelines requiring so many professionals to work remotely, having a solid plan and system in place for remote monitoring is a greater necessity than ever before. There are many factors for industrial organizations to consider: Can we keep it within budget? Which type of system architecture will work best? Will the solution be able to scale? How will we keep it secure?
In this timely webinar, experts from Inductive Automation and the Ignition community will show you why Ignition is such a powerful platform for remote monitoring solutions, and they’ll share best practices to help you to utilize it to the fullest.
- See how Ignition makes remote monitoring easy, fast, and reliable
- Explore different ways remote monitoring can be used
- Get best practices for designing your remote monitoring interface
- Learn about ways to build out architectures for remote monitoring
Don: Morning everyone, and welcome to today's webinar, "Securely Monitor Critical Systems From Anywhere: Building Solutions for Remote Monitoring with Ignition." My name is Don Pearson, and I'm gonna serve as the moderator. Here's the agenda that we're gonna go through today. We'll be talking about a couple of things today relating to remote monitoring, obviously. We'll give you a quick overview of remote monitoring, and why it's becoming increasingly important for industrial organizations. And we'll talk about remote monitoring with Ignition. We'll share some guidelines for getting the most out of it. Our guest panelists will share some use cases and we'll give you design tips and a short demo. Finally, we'll wrap up the discussion and we'll take some time, of course, as we always do, for your questions. Those of you who may be new to Ignition, our Ignition software platform turned 10 years old this year. It's used by 54% of Fortune 100 companies.
Don: Many companies are choosing Ignition because it provides a universal industrial application platform for their HMI, SCADA, MES, and IIoT solutions. It's got a number of bullet points here that you can certainly get more from our website at inductiveautomation.com. But it's a cross-platform compatibility with an unlimited licensing model based on standard IT technologies, scalable server client architecture, web-based, web-managed, web-deployed designer and clients, and modular configurability, of course, gives you the chance to just buy what you need and expand as you need it along with the rapid development and deployment tools.
Now, let's meet our guest speakers for today's webinar. Kevin McClusky is the co-director of sales engineering here in Inductive Automation, Esteban Nunez Varela is the CEO of NV Tecnologias and is joining us as a panelist. NV Tec is an Ignition Premier Certified Level Integrator based in Costa Rica. And Keith Gamble is a software automation engineer for DSI Innovations and he's joining us as a panelist also. DSI Innovations is an Ignition Premier Certified Integrator based in North Carolina. I'd like each of you to take a minute and tell us a little bit more about what you do at your company. So, I know you, Kevin, but for our audience here, we'll start with you.
Kevin: Thanks, Don. Yeah, so as Don mentioned, my name's Kevin McClusky, co-director of sales engineering here at Inductive Automation, and I work with a lot of customers. I talk about a lot of architectures. And I'm a very technical person, very technical when it comes to Ignition software and technology. And I go as low as bits and bytes all the way up to more or less what you can get out of Ignition, business value for different things. I've worked with hundreds of companies who are using Ignition. And before that, I was working for a systems integrator. And so I worked with lots and lots of end users, and built systems, and sat on buckets upside down while programming systems in the middle of startup and so, it's fun to be on this side and be able to share information about the technologies that we have, and just technologies in general that will help everyone going forward. So that's it for me. Back over to you Don.
Don: Thanks, Kevin. Esteban?
Esteban: Hello everyone, my name is Esteban Nunez, I'm CEO of NV Tec, for short. And my role mostly relies on customer success, helping around with the employees for them to have success every day, and analyze the company status, and help along with partnerships to assure that the company’s health is good and sound.
Don: Thanks, Esteban. And thanks so much for joining us today. Alright, Keith, introduce yourself.
Keith: Thanks, Don. My name is Keith Gamble. I am a software automation engineer for DSI Innovations based out of Raleigh, North Carolina. At DSI, we focus on automation and controls for all types of manufacturing, including discrete processes, continuous, batch, and pretty much any other data integration systems. However, my primary focus is within Ignition specializing in Perspective, database architecture and data collections, and just, similar to Kevin, trying to get really low-level and understand technically the functionality and feature set of Ignition.
About Remote Monitoring
Don: Keith, thanks so much. And really, thanks again for joining us today. We're gonna be talking about remote monitoring as I mentioned. And we can define remote monitoring as a process or a system for controlling some kind of facility or operation through automation. It might be heavily automated or only somewhat automated, depending on the process and the factors involved. To clarify something upfront, although we are gonna hear very often, which you will hear remote monitoring and control paired together. They're in fact two separate things. This webinar is gonna focus on remote monitoring rather than remote control. Remote control comes with its own set of considerations which, of course, merit their own discussion. And what are the main benefits of remote monitoring? When you really look at it, it gives you the ability to check on a process on the factory floor without having to physically be there. For example, an operator or a manager can check on a process or confirm the temperature of the warehouse while they're miles away. It gives you instant access to information.
Don: For example, an operator could use a mobile HMI on their smartphone or tablet to instantly see data. It can eliminate the need for onsite supervision after working hours. Take a look at that, you could have a remote access system that allows the personnel to control operations locally during regular operating hours. And of course, it could keep the ability to monitor the process after hours and on weekends; allows organizations to reduce the number of personnel that need to be onsite, which reduces costs. And it also improves safety by minimizing worker exposure to hazardous conditions or situations. We actually have an example of a company in Texas called Streamline Innovations and they built the semi-autonomous intelligence system that remotely operates the process of converting a lethal chemical called hydrogen sulfide into a safe fertilizer grade sulfur.
Don: When you take a look at the COVID-19 pandemic, it's made it even more important to implement remote operations. During this time in the United States, of course, the Cybersecurity and Infrastructure Security Agency has identified 16 employment categories as essential critical infrastructure. And those workers are as critical and they include a variety of areas including chemical sector, critical manufacturing, the energy sector, food and agriculture, government facilities, information technology, water and wastewater systems, and a number of others. The CISA also advised critical infrastructure companies to do the following.
Don: First, to secure systems to enable remote access, including implementing multi-factor authentication. Next, to test remote access solutions capacity and increase capacity. And then, to increase awareness of information technology support mechanisms for employees who work remotely. A number of experts predict that remote work and remote access will become more common as a result of this pandemic. So now is a good time to take a look at remote monitoring from your organization's standpoint.
Ignition for Remote Monitoring
Don: It happens to be the case, you're on a webinar about Ignition. Ignition is an excellent platform for remote monitoring for several reasons. One of those reasons is that Ignition is unlimited. Ignition can connect to practically anything in your enterprise. That includes touch panel screens, databases, PCs using any operating system, mobile devices, PLCs, LIMS devices and a whole lot more. And Ignition has an unlimited licensing model, which means that you pay by the server instead of paying more for each client you tag. This means you can have unlimited real time and historical tags, unlimited runtime and developer clients, unlimited projects, screens, unlimited database connections, unlimited reporting, unlimited alarming and a whole lot more. This all helps out, and so we ...
Don: Why do we license it that way? (It) really has to do with something that I'm sure many of you are familiar with. The law has been around for a long time called Metcalfe's Law which basically says that the utility of any application or any solution or a network is a function of the number of users squared. If you give two people a telephone, it gives you a certain amount of functionality. Two billion people having a mobile phone, you have a whole lot more functionality and a whole lot more value. So when you think about the manufacturing sector, the more people and things you connect, the more value you create. And unlimited licensing lets you take full advantage of Metcalfe's Law because it empowers people, in this case your remote workforce. And it's the only licensing model that can keep up with the speed of innovation in today's world and how it's moving at that unbelievable rate. So remote monitoring will be more effective if you happen to have a really good mobile access and web apps that your team can use. And I think that meets a really good time for me to turn it over to you, Kevin, so you can talk about our solution for this, Ignition Perspective. Take it away, Kevin.
Kevin: Yeah. So as you mentioned, Ignition Perspective, it's our newest visualization module for the Ignition platform. What it lets you do is easily build mobile industrial applications. You can build them in HTML5 and CSS. You don't actually have to know any HTML5 or CSS though, because Ignition makes those tools visual. It's drag-and-drop. It's connecting things. And if you've ever used Ignition before, it's using the same design tools such as bindings and connections, and the same tag system, and the same scripting system behind the scenes. So there's some new visual tools to learn but there's not a completely new paradigm and you don't have to learn any new languages.
Kevin: So what it lets you do is easily build these web applications, both for mobile devices and for desktops. You can see in the monitor the SCADA system in real time and you can arrange components in different ways depending on the screen design and the screen size, which is really important for if you wanna create a single application that's going to be able to run on a mobile device and inside a web browser, you can do that. And in fact, we'll show a quick example of that a little bit later. I have a demo coming up that I'm excited to be able to show a number of these things to you folks.
Kevin: Now, a big part of the overall point of this webinar is security. And you saw right in the title, Securely Monitor Your Systems Remotely. So we have a bit of a focus on security inside here. If you're not security experts, you can completely be forgiven for that. It often takes a lot to become a security expert and I certainly didn't start there either. But we have a whole slew of security mechanisms built into Ignition to try to make it so you don't have to be a security network in order to comply with a variety of security best practices.
Kevin: (The) Ignition platform supports SSL and TLS for encryption. More specifically, TLS 1.2 is what is used by default. When 1.3 comes out, we'll support that. We're keeping up with the latest and the best practices. So TLS 1.2, for those of you who don't know, that is the latest HTTPS latest encryption technology standard. And 1.3 is right around the corner for web technology. So if you go to your banking website, you're going to be using TLS 1.2. You have that directly inside Ignition as well.
Kevin: You want to ensure those best practices whenever you're doing any sort of remote monitoring. So you wanna make sure that that is turned on, encrypted data is turned on. If you have unencrypted data, anything that's going over that line, it could potentially be monitored by a bad actor who gets access to a network, for example, or if you're going over the internet, then someone could be watching that traffic between and seeing some of that information that's going back and forth. Some of that information might be fine if it's seen but some information you might not want folks to see, production counts for different things. So as a best practice, we always recommend first step, stage one, regardless of if you're using Ignition or you're using something else, turn on that encryption, especially if you're doing remote communication and remote connections.
Kevin: The Perspective Module also has support for federated identity providers, for those standards. For those of you who are technical in this area, it's SAML 2.0 and OIDC. Both of those are supported inside Ignition directly. And those are a couple of technologies, a couple of protocols that let you use systems like Ping and Okta, and Active Directory Federated Services, ADFS. So if you have other web apps that are using single sign-on, often, you can just configure Ignition to use that exact same set of single sign-on, both for the apps and for web browser visualizations. And then of course, there's a very rich permissions model that's part of this as well.
Kevin: This is a checklist that we would recommend going down for any system that is set up in a way that you want to securely monitor different items. And specifically, any SCADA or IIoT system. If you come from the top to the bottom, that encrypted communications is the top item there. That's the HTTPS, SSL, TLS. That is a very important piece, as I mentioned, of any security. And that's step one.
Kevin: A side note, we have a Security Hardening Guide that has guidance for each one of these sections. So if you need that later on, it's posted directly on our website and we have a PDF and we also have just a web version that you can access and it goes over each one of these sections. And these headings were actually pulled from that document because when we put that document together, we distilled down the most important things for folks to focus on, the security. So encrypted communications is step one.
Kevin: And then after that, device OPC, MQTT security. So setting up encryption for those where you can. And then device security. Often, devices don't support encryption. And so figuring out a security strategy for that is important. Some folks will do a small data collector right next to it. And so if you're using Ignition, maybe Ignition Edge, and then do encrypted communication from Ignition Edge to a central Ignition Gateway in order to secure that piece of the communication there. Other folks might have VPN connections or other small data collectors that are next to devices. Or they have network segmentation where the controls network is unencrypted and other networks are encrypted, and the security controls are around the network access. So there's no access to that network from anyone who isn't an authorized user.
Kevin: Security zones are important. So in addition to application security, which is next, those security zones allow for different folks in different places to have different access. So if they're coming from outside of the network or if they're coming from different subnet inside an IP address range, that different physical location, they may not have the same permissions as if they're local or if they're sitting inside a plant or an area.
Kevin: Application security would be security roles. Audit logging is important to turn on. With Ignition, you can just turn that on by going to the auditing section. Database security, there's encryption that can be done for database communication and using users that aren't the root user for the database is an important piece. Platform security is important to focus on. So operating systems and anything that's surrounding different items, Active Directory, authentication sources, you want to tie it into the systems that IT already has in place in order to make sure that you're protected by the protections that they have in place wherever you can.
Kevin: And then software updates. It's important that you're subscribed to security mailing lists. So Inductive Automation has one of those. And it's important that, for any software, you know if there are any security updates that have come out. And if so, you can evaluate and see if that affects you and if you want to update to the latest version of the software. And so of course, Ignition has updates that come out about once a month for different versions.
Kevin: And very quickly, MQTT for IIoT is a very important protocol that we have been doing a lot around. There are MQTT modules for the Ignition platform that you can tie into. The protocols allow you to get large amounts of data from remote sites, lowers bandwidth utilization, it opens up the ability to collect a lot of data that's trapped on the plant floor or at the remote locations. You can capture that data from the field devices and easily add that edge computing onto Ignition, changing that push-pull model. And it's also very firewall-friendly. So you can have outgoing connections from individual locations to a centralized broker instead of needing to have incoming connections through firewalls.
Kevin: These are add-on modules for this remote monitoring, the Perspective Module is very common for folks to use and that's what we've been talking a lot about. Vision Module can be used for this as well. So if you're already familiar with Vision, that's certainly a 100% good option for doing this and we have a lot of folks who are doing that too. The Perspective Module allows it to run in a web browser, so there's no client install. The Vision Module does have a client install. But other than that, they should provide very similar functionality to the users. And yeah, both are great options.
Kevin: And then the Enterprise Administration Module allows central administration of multiple Ignition Gateways. Reporting Module allows for PDF reports. Alarm Notification Module provides alarm notifications and that goes over, that can, of course, via encrypted communication out to whatever's sending the alarms. But you can send out text messages, you can send out emails that are going out, you can send out voice calls where it's going to actually call individual folks. And there are pipelines that you can set up that can be escalated in different ways as well.
Kevin: There was a question ... If I go back to security just for a second, a question came in, "What is platform security?" So that is specifically talking about operating system security. So that's talking about the platform that you're running on. So Ignition is going to be running on Linux or Windows or macOS, the server itself is, and you'll want to make sure that you have security set up on that platform as well. So you wanna make sure that you're going through and properly securing the individual pieces of that, keeping up with the latest security patches there. So that's just an important piece of your overall security architecture. If your operating system isn't secure, then potentially, someone could get into the operating system and try to be a bad actor in some ways from there and try to compromise some things that you have going. So having that security in place is an important piece of your overall security tapestry that you have.
Kevin: Alright. Best practices for remote monitoring: You wanna use VPN for security and privacy when you can. But you don't necessarily need to if you have encryption and you have some other security things in place. So if you don't wanna use a VPN, you can use two-factor authentication to try to still achieve the same or a similar level of protection that you might have from VPN, that's prompts with Duo or other systems that might pull up on your phone, that say, "Do you verify that this is you?" You type in your username and password and then there's an additional factor from an app on the phone or from a text message that comes through or something like this.
Kevin: And if we take a quick look at the architecture examples that we have here, so there's on-site, on-premise alarms or, sorry, on-site, on-premise systems. So if you have Ignition sitting there or you have another SCADA system there, it doesn't really matter. Ignition or other SCADA systems generally can connect over OPC or possibly some other mechanisms as well and pull in tags and make those available. That system, whatever it is on site, has the connectivity to pull in tags and then those can be accessible remotely.
Kevin: This is showing a VPN. So this VPN would be secured with the HTTPS security that we have here. This would be going from an IT department, generally speaking, setting up that VPN. And that's encrypted communication that is going back and forth right there. These clients, designers, anything that's viewing Ignition at that point would be viewing it through this encrypted communication and then having access to it. And you could set up those security zones so that based on where they're logged in from, they have different permissions versus someone who's on site.
Kevin: Now, some folks like this a lot. Some folks say that they want to have a separate system that's in the cloud that doesn't have ... So that they don't have multiple different communication items that are coming through here. So for these clients and designers, they might want that to go through ... Instead of it going through a VPN, have a separate Ignition Gateway that's up in the cloud, have this going through either a VPN or a secured channel to that Ignition server and then having a single remote system or a hundred remote systems or a thousand remote systems that are all connected through the cloud Ignition Gateway.
Kevin: If you do this, there's a couple of other layers here that you can set up. So this firewall in this communication, this can be set up as completely read-only communication between these two systems. So any tags that exist here are read-only tags from there. And then this can be set up just over standard encryption communication. So for a phone and for a desktop, you can just type in an address and go there, and see the system, and browse down things that are on this site but not necessarily have to have a connection back into the site in order to see the data that's coming right now.
Kevin: We see a lot of folks starting to go toward this type of setup because you can just type in an address and you get there immediately. Phones, you don't have to set up a separate VPN connection. You can still do two-factor authentication with this system. So you're still compliant with a lot of companies' security policies doing this. And if it's set up as read-only communication there, then there aren't any worries about someone getting in and actually changing the manufacturing system in any way, changing a live system doing writes back to tags, things like that.
Kevin: As Don mentioned, we will give you rights to a variety of different things and rights are an option that you have as you're going through the system here. But doing rights is not the focus of this webinar. If we were doing rights, there are a few additional security considerations that are important and we're happy to have a conversation about those. Some of those might be obvious but if you wanted to follow up with us later, we would be happy to talk to you. Alright. So I'm going to turn this over, back over to Don really quickly and then Don is going to bring up DSI.
Use Case – DSI Innovations
Don: Kevin, thank you so much. That's fantastic, and I'll be coming back to you for some tips and that demo that you promised everybody. So let's go over to Keith from DSI Innovations. We'll start with you, Keith. And maybe just as a starter, I know you're gonna get into some individual use cases, but can you talk overall about which industries you've used Ignition in for remote monitoring and give us a little bit of background on the approach that you and the team at DSI Innovations have taken?
Keith: Yeah. Thanks, Don. At DSI, we believe that in most cases, when you're adding Ignition to your environment, that you're natively adding the ability for remote monitoring with most of Ignition's native feature sets. If I had to narrow down the list of some of the top remote monitoring projects that I've done with DSI or that we've done, it'd be in the chemical manufacturing space, food and beverage, textile, life sciences, those are some of the larger ones. But in terms of narrowing it down to just one, one project that we have with remote monitoring is for a textile manufacturer, their MES and HVAC SCADA.
Keith: The purpose of that project was to collect data from hundreds of machines, a variety of different platforms around their facility and aggregate it all into one place where anyone can access it and then use the data. We built the project in Perspective and with clients running on around 80 TVs that are on their facility, operator phones and laptops and technician tablets, they had every opportunity for remote monitoring right in front of them and they even use those same things in the plant. So within their environment, temperature and humidity controls were crucial for the quality of their product. So they believed that pushing for a more robust HVAC monitoring system would help cut down on waste and increase the product quality overall.
Keith: So we developed an HVAC SCADA for them that monitors their air washers, chillers, waste systems, and all that good stuff. So that they could always have a real-time view of any equipment in their plant. And one of the things that ... Where this system really works well for monitoring is that, it's all based in Perspective. And what Perspective gives you is the ability to view a system from anywhere on any device with mobile responsiveness as long as you can connect to that system from that device. As Kevin mentioned, the VPN, that maybe your IP network is set up already on your phone or laptop. It can allow this company Maintenance Manager to remotely monitor the facility, detect any issues before there's a problem, and keep in close contact with the technicians that may still have to be there. But he never has to leave his house to do that. One of the main challenges with a project like that is making data in the OT environment accessible outside of the direct local network. That's one of the things that Kevin touched on when he was talking about taking all that localized data and potentially putting a middle ground in the cloud to add a little bit of security between those two environments.
Keith: But that typically is one of the largest challenges in making a system with remote monitoring capability. In this case, they utilized the VPN and Ignition acted as the bridge between the OT and IT environments. And we were able to make this data accessible from anywhere without opening up their controls network to the rest of the world and making it easier for them to get to. Historically with systems like this created as local applications on an HMI or kiosk, it can make it difficult to visualize and use that data outside of the immediate area. So making it in a format with the web, mobile-responsiveness of Perspective made it so it was easy to use that data pretty much wherever you're at. With Perspective, we were able to create all of those traditionally local pages in a format that could be viewed anywhere by anyone with permission and they can also pass that data into other business systems for other customer needs.
Keith: So one thing that we try to focus on here and (a) key thing with remote monitoring is that “remote” is really anywhere that's not on the plant floor from your home, another facility, the corporate office or even just an office on the second floor of the building you are in. Being able to access data without a trip to the plant floor is extremely valuable right now in this current environment and I do believe that even after everything is over the tools developed and the time spent right now on building a robust remote environment will stick around and benefit all of us moving forward.
Don: I think you're right, absolutely, Keith. I'm just curious, is there, and I think you mentioned it in passing a couple of different times, but when you face certain challenges, like the challenge of taking data from the OT environment and making accessible outside of that direct local network any ways you might say that Ignition was particularly useful with the Perspective Module in accomplishing some of the tasks you had, the challenges that you faced?
Keith: Exactly. Yeah, one of the really valuable things with Ignition is because you're able to utilize the Gateway Network to move data back and forth between two systems. It's really easy to, like in Kevin's example earlier, have your local running system collecting data in that fully locked-down environment. But then just over the Gateway Network, have one direct connection to a system in the cloud and that's the only door in and out of that network. And IT becomes a lot more comfortable when there's only one door and you don't have to let every client get into the network in some way. So being able to utilize the Gateway Network and view that remote tag data from the cloud and then just have your employees or users looking at the cloud-based system. It allows you to have a lot more of a lockdown environment that IT is a lot more comfortable with. So I really think that was one strong area that Ignition helped out in with this project.
Don: That's great. Listen, I appreciate you sharing some screen shots before I let you go. Is there any other even just a high level project in this or another industry that you might wanna mention where you were able to accomplish some remote monitoring?
Keith: Yeah, we actually have another project that's relatively similar and what that customer is doing is they are doing line extrusion and chemical batch processes. So Bayer has facilities all over the United States and so they're using remote monitoring on more of a facility to facility basis, so their engineers and recipe designers that are located in North Carolina can remote monitor a system that is running out in Texas and they can see how the system's running, make sure that the recipe that they've provided the system is executing properly, they're getting good quality product and they can make sure there's no issues with the system in real-time. So allowing the customer to be able to look at your system in real-time from hundreds of miles away is really just the big value. I think within Perspective itself, it's one of its major core values. And I think like I've mentioned at the beginning, almost any project with it you potentially just opened up the door to be close to remote monitoring. You're maybe one step away with a VPN or something simple like that. But as long as you can get connectivity to it. It's all right there for you.
Kevin: Hey Keith, I just got a question come in. There was one that came in for you, which is how long does the Ignition server store data for monitoring, is it possible to go back and look at historical data?
Keith: Yeah. Well, it really depends on the perspective you're looking at it, if you've got an architecture. And I'm actually gonna go back to Kevin's slides, so that I can point, it may make it a little easier. So if you've got an architecture similar to this, and if you look at Ignition server, it's gonna be pushing data to that SQL database. In this case, as long as you've got space on your SQL database you can store more data and typically after an extended period of time, when there's lots of data log, it may be better to move some of that data to cold storage, but you can always have it there. Now, in the case where you have an edge gateway, the edge gateway that may be in the middle here between the main server and the PLCs. The edge gateway is gonna be able to store about one week's worth of data in the case of a network outage. So in this case right here, this person utilizing this platform here could look at data here that is just making calls to this local gateway that's looking at the local SQL database. And you could be looking at data that was a year, two years old. If you wanted, it just depends on how much space you have and the resources available to you.
Don: Thanks so much, Keith.
Kevin: Great, alright. Question: “Any plans to bring Ignition into the smartwatch platform?” We have folks who are integrating with alarms and sending some messages to smartwatch. I don't know if it's applications or just the messaging system that's there. Beyond that, we don't have any immediate plans for a smartwatch client, but if you're able to run a browser inside a smartwatch you in theory could run Perspective inside there. Question: “What (is the) Ignition platform: open protocol or proprietary?”
Kevin: Ignition is based on a whole variety of open protocols. We have one proprietary protocol called the Gateway Network, which is moving between Ignition Gateway to Ignition Gateway. But everything else is the open protocols like OPC UA and MQTT, HTTP, HTTPS and a whole variety of other protocols. There's probably 20 or 30 protocols that Ignition speaks on a regular basis that most of them are open protocols. And one last question, I will answer right here, "What is the URL for the Security Hardening Guide?" We will try to paste that into the chat here, shortly, so. Alright, it's back over to you Don.
Use Case – NV Tec
Don: Good. We're back here to NV Tec, and Esteban. So with that, thanks so much for the answers to questions, Kevin, and also for you Keith and your answers and presentation there. So now, let's talk to Esteban from NV Tec. Esteban, can you maybe start like I did with Keith and give us a little bit of an overview of the industries that you’ve used Ignition for remote monitoring, just as a broad stroke and then we'll dig down into some use cases.
Esteban: Yes, for sure, Don. Well, the main focus for remote monitoring industries that we have used Ignition is food and beverage, and in this case, the use case that I have to present, which is a biology museum. We also have sold Ignition for remote monitoring in water/wastewater and hydroelectric generation and that folks have their own infrastructure put in place. But in food and beverage, and in this case, we helped around with the infrastructure to have the remote monitoring properly.
Don: So are there any projects that stand out to you that you wanna maybe share something on today?
Esteban: Yes, I actually have this one right here, which is a project that we did for a biology museum, which is actually called Biomuseo, in Panama. It is a ... what we did is combine Perspective and Vision to create a full environment for all the users on two types of applications. So this is the facility. This is a very nice, it's kind of an amusement park, but its dedicated to educate people everywhere from Panama, from outside the country as well, to tell people what type of biology they have there and they actually build up an aquarium recently. So one of the challenges they had is that the life forms in this place can't have a sudden change of environment. So a system like Ignition, with Perspective Module, helped around to be aware, of the biologists to be aware of the conditions of the fish and the life forms there, because there are not only fish, but coral and other types of life forms there. So it was very important for them to have a very quick and very understandable situation control about the whole aquarium because they have several tanks there. So this is the main home page. And one of the things that I really like about Perspective is the breadcrumbs, the possibility to design that. I think Kevin will talk about that later on.
Esteban: And you can go in and have a back, well, this is in Spanish, but you can have a back button for users to be up and down into the menu and have an easy access to the information they are looking for specific systems. We have also built this in ISA 101 which is the standard from the ISA to help around users of the industrial applications to have a very understandable environment for what things are on alarm. Or what could be a diagnose, something that you should be diagnosing, and also the equipment status.
Esteban: So we put this note here, which is very useful because some of the users are from the automation side, but most of the users are biologists, so they need to be aware of the situation really quickly. So this was one of the Vision's, visualization in Vision. This is a backwash tank. Basically what they do is to take ... from time to time when they see a necessity to clean out the water that is with the life forms, with the fish and everything, they take it to this area, clean it up.
Esteban: They have skimmers so they can clean up the fad and some other stuff that is in the water that they need to clean out. And this is a very important part because one of the most expensive resources for them is the seawater because if they lose seawater they have to pick it up from the ocean, which is a very heavily expensive logistic. So this part is very important and we build this screen for Vision that could be shown in a showroom for people to be there and lookout the system, how is it running? It's kind of more focused on education. And we build up this one for Perspective Module, which is very fast into what the biologists needed to see.
Esteban: One of the challenges that we had here is that the industrial automation part of the working group, they were very much inclining to having something like the slide that we showed before in Perspective. But the biologists were more focused on having metrics and situation control very fast. So we jumped into the conclusion that by doing a gathering meeting that the best way to go, it was to, for the sake of the life forms, which is a kind of, as one of the clients stated, the revenue of the biology museum.
Esteban: So what we did is have this presentation, I mean this visualization kit right here, which is very fast, and you can pick on pumps, UV, ozone, valves, analog and some other things, and you can go and go down into another situational awareness from those type of pumps or those types of devices. Which facilitated very quickly what information they could have from one place or another. Then we have this other example which is a seawater storage. After they clean out the water, they have a seawater storage where the water is clean enough, it has to mature itself as they put it with some bacteria for the life forms to be able to accommodate to their new environment of this new water that came out or we cleaned. And we developed this other screen. It's somehow different in a way that it doesn't have the device itself there, but I think it is meant for a user that is not exactly industrial but it needs to have some situational awareness very quickly about what has been happening in the whole environment.
Don: Thanks, Esteban, that's a really good summary on that. Anything I, same thing I asked Keith, I guess, any of the challenges you met, maybe an example or two of how the Ignition Perspective Module helped you to do that. You did a combination of Vision and Perspective for the remote monitoring. How was Ignition helpful in meeting some of those challenges?
Esteban: Well, I really appreciate, this was our first project using Perspective and I really think that one of the things that was a challenge was, as I mentioned earlier, explaining to the client that the same visualization that it could have done in Perspective with whole devices or the whole system. But in order to deploy the project more fast, we were obviously more comfortable with Vision. But at the moment, everything could have been done in Perspective. But one of the challenges as I mentioned is that, this awareness that you need to have the device showing up in the Perspective screen and we had to do some explanation, and what Perspective help around really to do something like the information icons to have other types of resources that were easily put in place for the customer to have a situational awareness that could be really fast, really fast check-up.
Esteban: Another thing is that the biologist itself, the user, the main user of this application were most inclined into using mobile phones and tablets. So, Perspective helped a lot with that because it was developed in a responsive environment and it was very easy to deploy the application in those types of devices. So as Keith mentioned even though it could be a desktop or a mobile phone, the important thing is that if they are at home like they are right now, they could have a situational awareness very fast, and rely on some teammate that probably they are running like one person in the facility, one other not. So they could rely on the person that is in the facility to take control on some of the devices or some of the situation.
Don: That's great, thank you Esteban, and thank you so much for digging into the detail of the area. I think now, Kevin, you got some tips, you got a demo, you got some work to do, so let me turn it back over to you, Kevin.
Remote Monitoring Design Tips
Kevin: I certainly do and there've been a lot of really good questions that are coming in. “Does Ignition have plans to develop a module for 3D components?” So as you just saw there is 3D on that screen, that was images that were taken from 3D design software. And so the question here is about actual 3D components that could be clicked and rotated inside Ignition. We have a variety of folks doing that in Perspective at this point with embedding 3D viewers. So we have an inline frame component that you can embed other items into, and so, if there's a 3D viewer that you already have, that you wanna use, you can be able to embed it in that way, and that's our current recommendation because often those viewers would be better than anything that's a generic viewer, because they have a variety of other features, and a lot of companies are supporting those with WebGL these days.
Kevin: There's a question about Ignition: “So I just wanna know if I can connect to a PLC? I've been hearing a lot about the Ignition platform.” Absolutely. Connecting to PLCs is the bread and butter of Ignition. We kinda just glossed over that. But Ignition has about a dozen protocols that are built in for native communication. Allen-Bradley, Siemens, Omron, there's DNP3, there's Modbus, and a variety of others. If for some reason yours isn't inside the list of drivers that Ignition supports, sometimes it'll connect over OPC, or you might connect out to a separate system by Kepware or Matrikon that has additional drivers, but for 50%, 60%, 70% of CPLCs out there, you can make a direct connection from Ignition, so you can check our website for that whole list of drivers and see if it covers what you are looking for.
Kevin: Normally, the PLC communication is just kind of an assumed piece of any architecture recognition here. Couple of other questions: “Is Ignition compatible with the DCS?” Often the Ignition will read DCS tag information over OPC, so most DCSs now have an OPC server that exposes their information and Ignition's able to read over that. So if the DCS has that, then certainly, yeah, you can just tie Ignition to read DCS.
Kevin: There are few about, “Is Ignition used in specific industries?” In general, the answer is absolutely yes, we're used in I think every industry that the US government has an export code for, so the fair answer to probably any question there is, yes, we're used from anywhere from nuclear radiation detection systems all the way to airport baggage-handling systems and then the more traditional SCADA and processing and facilities and food & bev and oil & gas, water/wastewater, pretty much every industry out there.
Kevin: One more question about OT/IT data sharing: “How is that done, how simple is that, is it configuration or programming?” Depends on what you wanna do, often it's as simple as configuration, if you're just trying to pull information from an IT database and expose that on the OT side, or you're trying to take OT data and put it into a database, Ignition has direct communications for those, so you can configure a database connection, just drag and drop and setup some queries, and then have that go back and forth, so that's normally not programming. Very little is actual real programming but there can be some scripting for other things that you might wanna do, if you wanna modify that data in different ways, we have Python support inside the platform directly.
Kevin: Oh, there were a couple about some specific technologies that tie into VPNs and some new Linux technologies for security. Basically yes, Ignition supports that type of thing, but in general, Ignition's running on an application platform that if you're running Perspective, it's going to be inside a web browser, so you don't have any client install, if you're installing Ignition on the system itself, VPN connections, we, those aren't inside Ignition directly, those are inside the operating system Ignition's running on. So if you're using any sort of VPN technology, you can pair that up with Ignition but that would be done inside the operating system and then Ignition just utilizes those VPN tunnels in order to do communication back and forth.
Kevin: Alright, so design and usability matter. If we take a look at these design tips, we really need to know who the user is and how they're gonna be using the interface, we need to think about the operator and what they need to do, what's their role, how do they need to effectively operate things on-site. So if we think about the navigation, there are multiple different options for how you might do navigation. Does it make sense to use a bar that's across the top like this? Does it make sense to use side navigation? So you really wanna think about multiple things. You can use this as a checklist as well, so make sure you determine which page navigation pattern is going to work best for the users.
Kevin: If you have tabs they should be intuitive, you wanna make sure every screen or page has a unique name, so folks can refer to those things. Back buttons, breadcrumbs, that might be across the top are definitely very helpful. And then when it says avoid drop-down menus, that's talking about a right click because if you're designing something for mobile and you're designing things for web browser, you want to have the same design paradigms wherever you can and web browsers don't have a right click inside if they're running inside a mobile device.
Kevin: So you wanna avoid the right-click context menus wherever you can, if it makes sense, just left click on something and pull up some context or do a tap, you might do something like that. In addition to thinking about the navigation, you also wanna use emphasis to draw attention to the most important info or object. So if you take a look right down there, you have emphasis on the red and the yellow where you know that there's something that's happening with pump two that might be an issue. You wanna remove the visual clutter wherever you can and keep mobile screens really focused on the most essential functions. You wanna include those levels of depth to provide context and make it touch-friendly.
Remote Monitoring Demo
Kevin: And now, I'm going to switch over to the demo which I'm also going to apply it there. This is the setup right here, this Ignition server is already in place. This is what's running here locally on my system in my laptop. And you can see these different sets of tags, so I've complaint tags, I've some refrigeration, I have accumulator levels, the ambient temperature, discharge pressure and I want this to be accessible centrally. I wanna be able to see this from someone who's sitting at home. So what I've done is, I've spun up an Ignition Gateway in the cloud and I've turned on encryption. That's all I've really done there. This is the Designer for that.
Kevin: So I'll login, I will set this up, so it's going through to, I'm setting up a new project. This is, as I said, 100% from scratch. Let me call this demo. I'm going to grab a project template in this case and create a new project. And as you'll see inside this Designer, it doesn't have any tags or anything else, it's just a standard Designer right here that is very simple. And if I go into my Perspective screens, these are just the default pages that I might have for this. So welcome to Perspective, it doesn't really say anything. And if I expand out my tags down here I'm not really seeing anything specific. I'm gonna hit save on that and minimize this and then we'll go to my configuration. So from this Ignition server right there, I'm going to push some data up, so this is my Ignition server, I'm going to send it up to that cloud system.
Kevin: And I'm going to do that simply, I can do that over the Gateway Network or MQTT, I'm doing the Gateway Network in this case, set up an outgoing connection. I'm going to tell this, I wanna go to secure.ia.io, which is where that server is, going to hit save right there, and then of course for security, we need to verify that that is good. So I'm just gone to secure.ia.io inside another web browser tab here, and I'm coming down to my Gateway Network communication and I have an incoming connection request that's come from there, so I'll take a look at this, if that certificate is good, I'm going to approve that certificate and say this is someone I do want to actually let in and come into the system, and then I will switch back to my main Ignition Gateway, and in fact, I don't need to switch back. It's just set up that connection and we can see that this is up and running.
Kevin: So that connection is running from the other side there as well. And then I'm going to set it up so that I have access to those remote tags. So I'll come down to real-time tags, create a new provider. I've got a remote Gateway Network here provider and I can see that that's setup there and I have multiple different providers. This one is the default and I'll call this site.
Kevin: Come down here, create that provider. And then going to real-time, I can see that I have that in place. Now if I come back to my Ignition Gateway and I come to my providers here, and I look this up, there are all my tags. This is everything. This is streaming over the Gateway Network, this is coming from the site up to the central location. I have access to everything. I'll come in. I will drop maybe my accumulator level on the screen, and I wanna see that in an LED display. Maybe I wanna pull in one of my tags, one of my fa-tags from this slick and I wanna put it on the screen and show a tank right there. It's going to subscribe and then it has that tank information here. And I wanna put some humidity on the screen.
Kevin: Maybe I wanna tie this to even some of the history that's coming from that site that already exists at the site right there. I can do all of that too. So if I pull up that history I can show it inside, let's say inside a standard chart or graph or something that's coming from the alarm configuration there. Let me jump over and answer some questions. By the away, if you were looking at getting access to that, that is online right now. You can actually see those things. So that was something I was going to show you as well. But that's just kind of a pre-point to all of that. That these things are accessible and easy to access and easy to work with. So as a wrap-up discussion, I'm going to turn this right back over to you, Don. And then we'll take it from there.
Don: Kevin, I've seen you move through things rapidly before. But that was ... As one observer here, very well done. Excellent demo. Thank you for getting through a lot of questions. But I wanna just take a couple of minutes, give each of our guests a chance to say any final things as anything relating to Ignition platform, helping industrial organizations, adjust and adapt. So, Esteban, any final words you wanna say just to the audience here as we wrap-up?
Esteban: For folks asking about the industry applications, I think one of the first things that you say or that you think about when you mention SCADA or the SCADA word is, oh, industrial applications. But as we have shown and we have learned over the years is that you can apply it everywhere. Ignition is applicable everywhere, where you want to go, by museums, hotels, industry overall. It's a very, very flexible application and I think that's one of the reasons we are permanently switched to Ignition to develop new projects like this.
Don: Thanks, Esteban. Keith, how about any wrap-up comments or statements you wanna make?
Keith: Yeah. I would say one of the really, the primary great things about Ignition is the quick and rapid development. We just watched Kevin connect two Gateways and start looking at remote tags, and it was probably less than five minutes that he got that data there. And when the question has to do with organizations adjusting and adapting to unexpected changes, well, if you can adapt within less than two minutes, that's a pretty good way to do it. So I think the ease of development and deployment of those kinds of systems with Ignition is really gonna help it out in the future.
Don: Thanks so much. And thanks to you and Esteban for participating and sharing your use cases today. It concludes the presentation, I'm gonna give Kevin a chance to make any final statements or answer any questions. But I wanna mention two things before we end off. First off, you can download Ignition yourself, takes about three minutes, use it in trial mode for as long as you want. Absolutely free. Additionally, we started something new called Ignition Community Live. With everybody working remote and a lot of people in their home environments, we wanted to basically continue to communicate on a regular basis. This new series of online events has recently started. Kevin and Travis are very engaged in these events along with other guests. We got exciting episodes coming up featuring Joe Dolivo from 4IR Solutions on May 5th, Arlen Nipper from Cirrus Link Solutions May 12th, and Kathy Applebaum on May 19th.
Don: So it's a weekly event. You can register at Ignition Community Live for these events, and definitely want people to take advantage of that. They're also available afterwards as archives. This is the group you can follow-up with if you would like a personal demo and to learn more about it. 'Cause I see some of the questions that indicate that some folks probably could use a little deeper dive into Ignition. A couple people did say that you were very fast, Kevin. And they wanna know, they wanna be able to look at it more. So I know that was a lot of quickness. We're available for anybody who wants to do a demo to go deeper. I wanna give you a chance, Kevin, to say anything if you want to and just sort of finally wrapping up today's webinar.
Kevin: Absolutely. One thing that I did want to show there that I didn't have time to (show) is, if I'd taken another two minutes I would have been able to pull history in. We'd see that in live, showing up in a second-by-second update, and then alarms as well. So we would love to give you a longer one-on-one demo where we could show all of this and we could dig into the platform. A couple of folks asked about how do I learn? How do I do this? We have a great site, inductiveuniversity.com, that walks you through and instructs you on using Ignition itself, and then we have a team of sales engineers.
Kevin: I use my team over here who is happy to walk through these things with you on the phone. We can do screen sharing, and we can show you how all of this works. We pride ourselves on selling software that is real and accurate and that the things that we show are things that you can do. We're not trying to pull the wool over anyone's eyes. It's also try before you buy. You get the free two-hour trial that you can restart as many times as you want. So we really wanna make sure for you that it's going to work for you how you want it to work, and before you decide to make the best decision for your organization. So we're more than happy to talk to you. I'm more than happy to talk to you. And it's very great to be able to show these things and talk to everybody here today, so.
Don: Thanks so much, Kevin. And you can see on this screen, Melanie Hottman, our director of sales, and that team you can contact. Also, our speakers Esteban and Keith have contact information here which is why I'm leaving this screen up as we finish up. And call us if you wanna schedule one of those demos. They'll connect up and get you through to people like Kevin and sales engineers along with these folks here. So with that, hope everyone has a fantastic day and that this was useful content for you. Thanks.