Scada Review 2017: Schneider Electric
June 2017, System Integration & Control Systems Design
Name: Details withheld at reviewer request
Name: Johan Potgieter
Designation: Service Engineer
Company: Schneider Electric
Phone: +27 (0)11 046 2021
Product name and version: Citect Scada 2015 Service Pack 1
Vendor: Schneider Electric
Phone: +27 (0)11 046 1900
Location: Brits, North West
Project start date: 2015-05
Project end date: 2015-05
Server OS: Windows Server 2008R2
Client OS: Windows 7
Tag count: Digital = 49 120, Integers = 21 555, Real = 914, String = 75; Long = 751; Digital alarms = 35 774; Total = 108 189
Updates per day: 6 436 800 (745 tags per 10 second)
Disk space for one day’s updates: 84 MB
Front ends: PLC = Mitsubishi Q Series
Licences: No new licences were purchased; however upgrades to the latest version were included as a part of the annual support contact.
Scada configuration man-hours: 40 hours
Q: Briefly describe the application including information on any pre-existing control system.
The client has been using Citect Scada V7.2 solutions since 2010. The upgrade to Citect Scada 2015 was made to allow for greater flexibility, page template upgrade for wide screen resolution, enhanced alarm management and more functionality.
Q: What was the primary motivation for the project?
Project simplification and engineering efficiency.
Q: What were the main goals established for the project?
1: Standardisation of objects and templates across all plant sections.
2: Implement ISA-95 equipment model.
3: Consolidate all plant sections into single system.
Q: In the procurement decision-making process what were the primary considerations that influenced the product selection?
Current installed base is Citect Scada and Citect Historian.
Licensing, maintenance & support
Q: What upgrade agreements are in place on this particular application?
A Service Level Agreement with remote support, and a Technology Agreement on the scada software.
Q: How is after-sales support handled on this application?
This is provided via regular site visits and remote support by Schneider Electric.
Q: Do you have a documented process in place to manage, test and install OS and scada system software patches?
Updates and patches are first tested by the Schneider Electric in a simulated environment before being deployed to the production system.
Integration, reporting and archiving
Q: Is the scada system integrated onto an intranet or the Internet?
Yes. The system allows for remote SLA support across a VPN to the client. An overview project was also created with the upgrade, to give managers a remote overview session over the IT network.
Q: Is the system integrated with an MES/ERP or other management reporting or control system?
Yes. Client bespoke MES, the connection is done via SQL through Citect Historian.
Q: Do you run the scada in conjunction with any third-party application software?
Yes, bin material allocation. Third-party software is used to allocate bin material and quantities to specific bins. This information is sent to the scada system where operators can select specific material and routing.
Q: Does the application include data archiving/historian capabilities with an historical data reporting system?
Yes. The scada system connects to Schneider Electric Citect Historian via CTAPI protocol where data is captured into a Microsoft SQL database. SSRS Reports are generated for every shift, day, month and year, and can be accessed on any workstation across the plant, or via VPN. In conjunction an overview dashboard of the plant production was created which refreshes every 5 seconds. This is used only by managers, when managers connect to a remote session on the scada the dashboard is the first view displayed.
Maintenance, reliability and asset optimisation
Q: Have any operational or production benchmarking tools been configured as part of the scada system?
Yes. Target and actual values are displayed on all batching KPAs.
Q: What was the predominant feature (or features) that made you decide to purchase this scada product over all others for this application?
Uniform look and feel. Alarm handling.
Q: What was the most significant change that you implemented in scada engineering practice/technology in this project?
Employed one standard page template throughout the plant to improve development and give a uniform look and feel.
Q: What single operational feature most impresses you about the product now that it is in operation?
The new and improved Alarming Engine. Architectural changes relating to alarm request processing delivers greatly improved Active Alarm, Sequence of Events (SOE), Summary & Count display time; even over latent networks. The Alarm Summary provides a long-term archive and automatic refresh of Summary Pages and Full 64-bit Alarm Server meets scalability demand. Alarm server synchronisation following network disturbances is improved.
Q: What impresses you most about the architecture?
The small hardware server footprint for the scada application, where a single server is used for alarming, logging, trending, and scanning to PLCs, reduces overall costs. (See diagram.)
Q: What tools were used to minimise the man-hours taken?
Standard templates, Citect DBF add for Excel to do bulk editing.
Q: What human factors were taken into consideration as principles or development standards in the HMI design process?
Menu structures and layout has changed but kept the existing genie design aspects, with which the operators were familiar, were carried over from the previous scada and requirements for user input were reduced.
Q: For the graphics development process did you use standard library images, or did you have to draw images from scratch?
Current site standard library images were used.
Q: How would you describe the library of graphic images?
Q: What alarm management standards or best practices were adopted in configuring the scada system alarms?
Schneider Electric South Africa CPS Standard.
Q: What structured processes were followed to determine expected performance under full load, and during abnormal failure conditions?
A complete library of test sheets with a pre-determined set of acceptable limits exists within the Schneider Electric Quality Management System. During commissioning, failures are simulated and results documented against these pre-determined criteria. Exceptions are documented as non-conformances and are actioned before final hand-over.
Q: What are the key physical communication layers and communication protocols employed in the system?
Ethernet over fibre and EtherCAT.
Q: What is the network speed and communications medium of the slowest link in this project’s scada network?
100 MB over Ethernet.
Q: What is the network speed and communications medium of the fastest link in this project’s scada network?
100 MB over fibre.
Q: What levels of redundancy are incorporated in this scada application?
Citect scada hotstandby servers.
Maintenance, reliability and asset optimisation
Q: What steps were taken to address
maintenance, reliability, asset optimisation and/or continuous improvement aspects relating to this system?
QMS Change management forms were maintained to document changes.
Q: What project management principles and/or methodologies did you as SI employ to mitigate risk and to ensure the project came out on time and within budget?
Schneider Electric’s Customer Project Process (CPP) was employed. This is an internally branded Project Lifecycle Management system. CPP methodologies provide guidance for the implementation of a customer project and strive to provide a superior customer experience.
Security and data protection
Q: How have authentication, authorisation and role management been configured?
Authentication has been implemented using a Windows Active Directory domain (users and groups). Each domain group has been associated with internal Citect groups. Within the Citect environment role-based security is implemented, where roles are associated with specific areas. A scada user is unable to view information outside his area without explicit permission.
Q: Does the design make provision for a DMZ and firewall segregation of process (scada) network and business networks (LAN, WAN, GAN, Internet, etc.)?
The solution is logically separated through the use of VLANs. Further information is unavailable as the network is managed by the end-user.
Q: What intrusion detection has been incorporated on the plant network(s) on which this scada system exists?
Intrusion detection is provided via McCafee.
Q: In what ways is this project’s hardware architecture optimised for: patch management and antivirus management?
Patch management is done by Schneider Electric. Every second week of the month a new patch is released. The patch is tested on the client’s project and hardware (simulated environment), if performance or functionality improvement is evident, a date and time are arranged for implementation. Antivirus management is through site IT personnel.
Q: What configuration backup and data archive backup methodologies have been adopted?
Configuration and data backups are performed weekly, monthly and on change.
Q: How would you rate the ease of use of the historical reporting system?
Q: What impresses you most about the engineering/configuration aspects of the product now that it is in operation?
The ease of implementing changes and navigation is also much quicker for site personnel on the scada. Information given from the new improved Alarm Server.
Q: What impresses you most about the architecture?
The small hardware server footprint for the scada application, where a single server is used for alarming, logging, trending, and scanning to PLCs reduces overall costs.
Q: Vendor comments on product/modules?
Schneider Electric is committed to one new release per annum; within a given 12 month period we continue to enhance product quality with service packs and add-on packages such as +PowerConnect and +Facilities. The Citect Scada product is core to Schneider Electric’s automation architecture and is continually enhanced to support integration of Schneider Electric products such as the Webgate ActiveX for Magelis HMI integration and the Pelco ActiveX for Pelco CCTV integration.
Licensing, maintenance & support model
Q: What sort of licensing agreement options are offered?
There are 3 types of licences: Full Server, Client read-only and Client read-write. There is no differentiation between modules and a single full licence enables all functionality. A full licence also acts as a client on the server hardware and the system can be operated from this server. Additional clients provide users access to all system features from additional hardware connected to the system via an Ethernet network.
Q: Are licences sold outright or subject to periodic (e.g. annual) renewal?
Licences are once-off purchases.
Q: What upgrade agreements are offered?
Patches, hot-fixes and service packs are available to end-users with valid maintenance agreements. Version upgrades are available to those end-users with valid maintenance agreements.
Q: What after-sales offerings iro support and maintenance are available, and which technologies are used to deliver them?
Support is covered under a paid annual support agreement and includes ‘virtual engineer’ (desktop remoting), telephonic support, e-mail support, online self-help tools, automatic driver updates, product upgrades, on-site engineering under a service level agreement, security advisory services, user forum (LinkedIn group) and online knowledge base repository.
Q: Do you have a documented process in place to manage and test OS patches and to release scada system software patches?
We have a standard procedure based on hierarchies of workstations and criticality of patches that determines the order and speed with which we deploy patches.
Q: What changes have been introduced into the product in the last 12 months?
Some of the new features and functionality of Citect scada 2016 include:
• Citect Studio – an intuitive and powerful new integrated development environment.
• Topology view – a graphical view of servers by machine and cluster.
• Centralised deployment – management of project configuration for all nodes from a central location.
• Calculated variables – configuration of tags using Cicode functions as expressions.
• Alarm properties for equipment – creation of genies and super-genies with equipment. Item support for alarm properties.
• Specialty drivers - BACnet and KNX enhancements, new S7TCP driver supporting the latest Siemens S7-1500 PLCs.
Integration and reporting
Q: What generic and/or product specific interfaces does the product have iro well-known MES packages?
An OLE-DB compliant interface is available as well as the Citect API for integration into higher level business systems; however, no certified interfaces are available for the above mentioned. OPC A&E, OPC-DA Servers are available as per the OPC Foundation certification and are included in the version release as well. Net Framework is integrated into the cicode programming function.
Q: What native historical data reporting options are available?
Citect Trend Server is a standard archiving component within Citect Scada that will enable an end user to access historical data through a native client tool called Process Analyst.
Citect Historian: the scada system connects to Schneider Electric Citect Historian via CTAPI protocol where data is captured into Microsoft SQL. SSRS Reports are generated. In addition, Dream Reports are integrated into the Citect Historian. Separate licensing is required to use Dream Reports.
PLC configuration and programming
Q: What capabilities does the scada offer in terms of generation and/or management of PLC configuration files or PLC application code?
Citect enables the synchronisation and automatic creation of variable tags using a Unity application project file (.STU), CSV file or OPC Server. It does not generate PLC configuration or PLC application files. It maintains a common set of variables between Citect and Unity, i.e. when tags are added to a Unity Linked device from Citect, the Unity STU file is updated and when variables are added from the Unity environment and saved to the STU, Citect will import the updated variable list.
Security and data protection
Q: What authentication, authorisation and role management models are available for the runtime environment?
The following should be considered: Areas, Privileges, Roles and Users. Security may be incorporated in the application or through Windows’ integrated authentication, which will determine where users are created.
• Areas – an area is a section of the plant. It can be defined geographically or logically.
• Privileges – level of access applied to system elements within the project. A user is assigned a role that possesses particular privileges.
• Roles – a defined set of permissions (privileges and areas) that are assigned to users.
• Users – a person or group of people that need access to the runtime system.
Unique selling proposition (USP)
Q: List the top five feature/benefit pairs that contribute to this product’s USP.
To view the unabridged version of this scada review, please visit http://instrumentation.co.za/+J2235