METHOD FOR CONTROLLING AN INDUSTRIAL PLANT

Abstract

A method serves to control an industrial plant comprising a programmable logic controller. In the method, the programmable logic controller establishes a connection with a cloud server, the programmable logic controller executes a software module that causes the creation and/or configuration of a virtual machine on the cloud server, the software module receives and stores an access token, the programmable logic controller uses the access token to access the virtual machine and the programmable logic controller cooperates with the virtual machine to transmit process data to the virtual machine and/or to support the control of the industrial plant.

Claims

1. A method for controlling an industrial plant comprising a programmable logic controller, in which the programmable logic controller establishes a connection with a cloud server, the programmable logic controller executes a software module that causes the creation and/or configuration of a virtual machine on the cloud server, the software module receives and stores an access token, the programmable logic controller uses the access token to access the virtual machine, the programmable logic controller cooperates with the virtual machine to transmit process data to the virtual machine and/or to support the control of the industrial plant.

2. The method in accordance with claim 1, wherein the cloud server has a cloud for the virtual machine and a management unit.

3. The method in accordance with claim 2, wherein the software module and/or the management unit creates/create the virtual machine on the cloud server.

4. The method in accordance with claim 3, wherein the virtual machine is configured during the creation, wherein the configuration parameters are provided by the programmable logic controller and/or by the management unit.

5. The method in accordance with claim 2, wherein the management unit communicates the access token to the programmable logic controller and/or the virtual machine.

6. The method in accordance with claim 5, wherein the communication of the access token by the management unit takes place at the request of the programmable logic controller.

7. The method in accordance with claim 1, wherein the access token is received and stored repeatedly.

8. The method in accordance with claim 1, wherein the management unit initiates the creation and configuration of the virtual machine and communicates with the cloud and the programmable logic controller for this purpose, wherein the management unit receives the request from the programmable logic controller to create the virtual machine for the programmable logic controller, wherein the programmable logic controller transmits at least a basic configuration and/or basic requirements for the virtual machine to be created to the management unit, wherein, based on the basic configuration and/or the basic requirements, the configuration parameters required for creating the virtual machine are generated in the management unit.

9. The method in accordance with claim 1, wherein the communication between the programmable logic controller and the cloud server takes place in encrypted form.

10. The method in accordance with claim 1, wherein the programmable logic controller transmits plant data about the industrial plant to the cloud.

11. A system comprising an industrial plant, a programmable logic controller, and a cloud server, wherein the programmable logic controller is configured to establish a connection with the cloud server, the programmable logic controller is configured to execute a software module that causes the creation and/or configuration of a virtual machine on the cloud server, the software module is configured to receive and to store an access token, the programmable logic controller is configured to use the access token to access the virtual machine, the programmable logic controller is configured to cooperate with the virtual machine in order to transmit process data to the virtual machine and/or to support the control of the industrial plant.

12. The method in accordance with claim 7, wherein the access token is received and stored regularly.

13. The method in accordance with claim 8, wherein the configuration parameters are automatically generated in the management unit.

Description

[0034] The invention will be explained schematically and by way of example in the following with reference to the drawing. There is shown

[0035] FIG. 1 an exemplary architecture of a network system with a programmable logic controller and a cloud server.

[0036] FIG. 1 shows, by way of example, the architecture of a network 10 that has a programmable logic controller 11 and a cloud server that comprises a cloud 13 and a management unit 15. The components are each connected to the Internet and can communicate with one another in a protected manner via the Internet, wherein, in the present example, the cloud 13 and the management unit 15 are likewise two separate units connected to one another and communicating with one another via the Internet. Alternatively, however, it is also conceivable that the cloud 13 and the management unit 15 are provided in a single physical unit.

[0037] The programmable logic controller 11 is part of an industrial plant (not shown) and comprises a gateway 17. Furthermore, the programmable logic controller 11 has an IIoT client 19 (Industrial Internet of Things). The IIoT Client 19 is a software module that is based on the IEC 61131 standard for programmable logic controllers and is integrated into a software library.

[0038] The management unit 15 has an API 21 (application programming interface) via which data can be retrieved and managed using a management client 23. In the present embodiment, the API 21 is accessed via an API endpoint by means of http and GraphQI requests and mutations.

[0039] In the method in accordance with the invention, a software module that runs on the programmable logic controller 11 and that is invoked via the IIoT client 19 has the effect that a virtual machine is created and configured on the cloud server.

[0040] For this purpose, a corresponding request is sent from the IIoT client 19 to the API 21. The request can, for example, include basic data about the virtual machine to be created which the user previously determined by means of the IIoT client 19, for instance, a designation, a client, and/or a plant type of the industrial plant. Furthermore, the user can specify at the IIoT client 19 whether the virtual machine should be fully automatically created by the programmable logic controller 11. In addition, it can be possible to communicate via the IIoT client 19 whether the creation should be partly or fully outsourced to the management unit 15 or whether certain configuration parameters for the virtual machine should be obtained from the management unit 15.

[0041] Based on the request, the virtual machine is created and automatically configured. To configure the virtual machine, configuration parameters are accessed that, for example, result from the data determined in the IIoT client 19, i.e., in the present example, the client or the plant type.

[0042] Then, an access token in the form of an SAS token (SAS for Shared Access Signatures) is communicated to the programmable logic controller 11 by the management unit 15 and is then stored. With the SAS token, the programmable logic controller 11 then regularly transmits plant data, which are provided with a time stamp and which in particular provide information about the performance of the industrial plant, to the cloud 13, where they are stored. Based on the SAS token, it can be checked in this respect whether the programmable logic controller 11 has the necessary authorizations to transmit the data to the cloud.

[0043] For security reasons, it is recommended to regularly renew the SAS token that has a limited validity anyway. The renewing and resending to the programmable logic controller 11 then takes place at the request of the IIoT client 19. In general, it would, however, also be conceivable to renew the SAS token automatically after a certain time lapse without requiring a request by the programmable logic controller 11.

[0044] The programmable logic controller 11 furthermore cooperates with the created virtual machine to support the control of the industrial plant. For example, computationally expensive or memory-intensive tasks can be taken over by the virtual machine to improve the control of the industrial plant.

[0045] Via the client 23, data on the industrial plant can then be retrieved and graphically processed. For this purpose, the data are requested in the cloud 13, are transmitted to the management unit 15 with the respective time stamp and are processed for viewing or evaluation by means of the client 23. Furthermore, configuration parameters can be added or adapted via the client 23.

[0046] The communication between the programmable logic controller 11 and the cloud server and to the API 21 takes place in encrypted form by means of TLS with an exchange of mutual certificates (X.509) when establishing the connection. In the present example, the communication is based on HTTPS.

[0047] A “bearer token” is assigned to the programmable logic controller 11 to secure the communication. This also has the effect that the programmable logic controller 11 can only access the data relevant to it in the management unit 15. The bearer token is, for example, stored during the putting into operation of the industrial plant or of the programmable logic controller 11.

REFERENCE NUMERAL LIST

[0048] 10 network [0049] 11 programmable logic controller [0050] 13 cloud [0051] 15 management unit [0052] 17 gateway [0053] 19 IIoT client [0054] 21 API [0055] 23 management client