A tangible, non-transitory computer readable medium stores machine readable instructions optimized for a microprocessor on a mobile computing device. When executed by the microprocessor, the instructions cause the microprocessor to display a graphical user interface (GUI). The instructions also cause the microprocessor to receive, via the GUI, a selection of one or more items to view. Each of the one or more items is related to a process control system. The instructions cause the microprocessor to transmit to a mobile server, via either the Internet or a mobile telephony data connection, the selection of the one or more items. Thereafter, the instructions cause the microprocessor to receive from the mobile server, via either the Internet or the mobile telephony data connection, a plurality of real-time values corresponding to the selected one or more items, and to display the plurality of real-time values on the GUI.

Process control systems for operating process plants are disclosed herein. The process control systems include control modules that are decoupled from the I/O architecture of the process plants using signal objects or generic shadow blocks. This decoupling is effected by using the signal objects or generic shadow blocks to manage at least part of the communication between the control modules and the field devices. Signal objects may convert between protocols used by control modules and field devices, thus decoupling the control modules from the I/O architecture. Generic shadow blocks may be automatically configured to mimic the operation of field devices within a controller executing the control modules, thus partially decoupling the control modules from the I/O architecture by using the shadow blocks to manage communication between the control modules and the field devices.

Process control systems for operating process plants are disclosed herein. The process control systems include control modules that are decoupled from the I/O architecture of the process plants using signal objects or generic shadow blocks. This decoupling is effected by using the signal objects or generic shadow blocks to manage at least part of the communication between the control modules and the field devices. Signal objects may convert between protocols used by control modules and field devices, thus decoupling the control modules from the I/O architecture. Generic shadow blocks may be automatically configured to mimic the operation of field devices within a controller executing the control modules, thus partially decoupling the control modules from the I/O architecture by using the shadow blocks to manage communication between the control modules and the field devices.

A method of providing data from a process control system to remote computing devices includes obtaining, at a data server via a first network from a mobile server, one or more lists including indications of requested process data parameters indicating process data for communication from the server to the remote devices via a second network. The method includes receiving, from a plurality of controllers within the process control system via a third network, a stream of process data parameter values associated with process data parameters included in one or more configuration files. The configuration files describe a configuration of the process control system. The method includes identifying, by processors of the data server, a subset of the received parameter values corresponding to the requested process data parameters of the lists, and communicating, from the data server to the mobile server via the first network, the identified subset of parameter values.

A method of providing process data to a remote computing device includes receiving configuration data describing a configuration of at least part of the process control system. The configuration data includes information associated with a plurality of process control entities, and the information regarding each entity includes at least one tag associated with a level in a hierarchy of the system. The method includes identifying a plurality of levels within the system based upon the tags, including at least a first-level identifier and a plurality of second-level identifiers associated with the first-level identifier. Further, the method includes identifying a plurality of control modules, each associated with a second-level identifier, and each associated with the entities based upon the configuration data. The method includes generating a hierarchical list of available process data, and selecting from the hierarchical list a set of information to include on a watch list or alarm list.

A method of providing process data to a remote computing device includes receiving configuration data describing a configuration of at least part of the process control system. The configuration data includes information associated with a plurality of process control entities, and the information regarding each entity includes at least one tag associated with a level in a hierarchy of the system. The method includes identifying a plurality of levels within the system based upon the tags, including at least a first-level identifier and a plurality of second-level identifiers associated with the first-level identifier. Further, the method includes identifying a plurality of control modules, each associated with a second-level identifier, and each associated with the entities based upon the configuration data. The method includes generating a hierarchical list of available process data, and selecting from the hierarchical list a set of information to include on a watch list or alarm list.

A system communicates process data to a remote computing device. The system includes a processor, a communication unit, and a memory storing instructions for modules. The modules include a scanner interfacing with the communication unit to enable communication with a server via a first network. The scanner enables communication by receiving data from the server, identifying polling requests in the data received, and transmitting request lists to the server in response to the polling requests. The modules also include a data stream processor determining a set of process data values in the data received, the set of process data values corresponding to view list data to be communicated to the remote computing device. Another module is an application program interface (API) interfacing with the communication units to enable communication with the remote computing device a second network by transmitting the set of process data values to the remote computing device.

A method for decreasing the risk of unauthorized access to an embedded node in a secure subsystem of a process control system includes receiving a message comprising a message header and a message payload, and determining that the message is an unlock message configured to access one or more protected functions of the embedded node, at least by analyzing a bit sequence of one or more bits in the message header. The method also includes determining whether a manual control mechanism has been placed in a particular state by a human operator, and, based upon those determinations, either causing or not causing the embedded node to enter an unlocked state in which one or more of the protected functions are accessible.

A method and arrangement for providing access of a first computer to at least one application installed on a virtual machine of a second computer via a network connection, wherein at a first step, a Remote Desktop Protocol connection (RDP-C) is established from the first computer to the virtual machine and, at a second step, at least one communication relation of the first computer to an industrial controller is made available to the at least one application as a local communication relation of the application from the virtual machine to the first computer via a virtual channel of the RDP-C connection such that from a user's perspective, only exactly one connection to the virtual machine must be established via the RDP-C, where required back channels can be automatically established and where no security settings must be changed in firewalls or routers.

To improve the access control in regard to safety and protection of network operation and network data when controlling accesses to networks based on IT systems including embedded systems or distributed systems, it is proposed that observation and evaluation (detection) of the communication in a network (performance of a network communication protocol collation of the observed protocol with a multiplicity of reference protocols, preferably stored in a list, that are usually used in operation- and/or safety-critical networks) be used to independently identify whether an uncritical or critical network is involved in the course of a network access, in particular the setup of a network connectivity, to at least one from at least one network that is uncritical in regard to operation and/or safety, in particular referred to as a standard network, and at least one network that is critical in regard to operation and/or safety.