[SEO Subhead]
This Guidance demonstrates how to set up cloud-based Programmable Logic Controllers (PLC) management and code development using the software-as-a-service (SaaS) product, Software Defined Automation (SDA). With SDA, you can securely access PLC code from anywhere using any device over an operational technology (OT) network. You can deploy code updates to hundreds of PLCs in minutes, reducing factory downtime and increasing productivity. SDA PLC management helps you integrate automated deployments in your continuous integration/continuous deployment (CI/CD) process.
Please note: [Disclaimer]
Architecture Diagram
[Architecture diagram description]
Step 1
A web-based console enables you to manage your automation controllers in a unified, secure, vendor-agnostic interface.
Step 2
Authenticate with Amazon Cognito. Manufacturers have full control over setting project-level permissions per user. They can also enable temporary access for third parties to perform changes on a specific project.
Step 3
All actions in SDA are available through private REST APIs powered by Amazon API Gateway and AWS Lambda.
Step 4
SDA encrypts all data in transit and at rest.
Step 5
SDA Version Pro provides secure storage, versioning, and traceability of PLC source code changes backed by Amazon Simple Storage Service (Amazon S3).
Step 6
The SDA local client provides near-real time code check-in, check-out, and synchronization, establishing the cloud as the single source of truth, even for on-premises engineering Integrated Development Environments (IDE).
Step 7
You can stream specialized engineering IDEs running on Amazon Elastic Compute Cloud (Amazon EC2) instances using NICE DCV directly in a web browser to create and edit projects and commit new versions to the SDA Version Pro repository.
Step 8
SDA connectivity uses Message Queuing Telemetry Transport (MQTT) to establish a short-lived, on-demand virtual private network (VPN) connection to a gateway running SDA Agent VPN Client. These connections happen through AWS IoT Core.
Step 9
Secure connectivity enables seamless deployment of projects to remote PLCs from various vendors with SDA PLC Ops (API) or the SDA IDE as a service (IDEaaS) graphical user interface (GUI).
Step 10
SDA PLC Ops provides code integrity checks and backup of PLCs, on demand or on a recurrent scheduled basis. SDA PLC Ops is backed by AWS services, such as Amazon EC2 for vendor-specific installations and Amazon DynamoDB for metadata storage.
Step 1
A web-based console enables you to manage your automation controllers in a unified, secure, vendor-agnostic interface.
Step 2
Authenticate with Amazon Cognito. Manufacturers have full control over setting project-level permissions per user. They can also enable temporary access for third parties to perform changes on a specific project.
Step 3
All actions in SDA are available through private REST APIs powered by Amazon API Gateway and AWS Lambda.
Step 4
SDA encrypts all data in transit and at rest.
Step 5
SDA Version Pro provides secure storage, versioning, and traceability of PLC source code changes backed by Amazon Simple Storage Service (Amazon S3).
Step 6
The SDA local client provides near-real time code check-in, check-out, and synchronization, establishing the cloud as the single source of truth, even for on-premises engineering Integrated Development Environments (IDE).
Step 7
You can stream specialized engineering IDEs running on Amazon Elastic Compute Cloud (Amazon EC2) instances using NICE DCV directly in a web browser to create and edit projects and commit new versions to the SDA Version Pro repository.
Step 8
SDA connectivity uses Message Queuing Telemetry Transport (MQTT) to establish a short-lived, on-demand virtual private network (VPN) connection to a gateway running SDA Agent VPN Client. These connections happen through AWS IoT Core.
Step 9
Secure connectivity enables seamless deployment of projects to remote PLCs from various vendors with SDA PLC Ops (API) or the SDA IDE as a service (IDEaaS) graphical user interface (GUI).
Step 10
SDA PLC Ops provides code integrity checks and backup of PLCs, on demand or on a recurrent scheduled basis. SDA PLC Ops is backed by AWS services, such as Amazon EC2 for vendor-specific installations and Amazon DynamoDB for metadata storage.
Well-Architected Pillars
The AWS Well-Architected Framework helps you understand the pros and cons of the decisions you make when building systems in the cloud. The six pillars of the Framework allow you to learn architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems. Using the AWS Well-Architected Tool, available at no charge in the AWS Management Console, you can review your workloads against these best practices by answering a set of questions for each pillar.
The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.
-
Operational ExcellenceRead the Operational Excellence whitepaper
SDA uses automation to minimize human error and ensure consistency. Amazon CloudWatch collects logs, metrics, and events, which are consolidated in a central system and transformed into actionable key performance indicators (KPIs) and alarms. Critical alarms are relayed in near-real-time to SDA’s operations team, helping ensure immediate attention and response. User data automatic backups are made in a secondary AWS Region every hour.
-
SecurityRead the Security whitepaper
SDA extensively employs managed services, substantially reducing your operational burden. Amazon Cognito enables user authentication, and all API calls undergo an authentication and authorization process. User authorizations are fine-grained and can be set permanently or on a time-based schedule. All data in transfer and at rest is encrypted.
Additionally, the connection from the cloud to the factory is enabled by a secure, short-lived VPN tunnel created on demand by users. Once the operation on the PLC is complete, the tunnel is automatically destroyed.
-
ReliabilityRead the Reliability whitepaper
SDA uses AWS managed services that benefit from the inherent availability and reliability provided by AWS service teams. For self-managed services, SDA deploys resources across three distinct Availability Zones within an AWS Region. This distributed and load-balanced approach enables automatic replacement of malfunctioning resources and dynamic scaling based on demand.
-
Performance EfficiencyRead the Performance Efficiency whitepaper
Whether using AWS managed or self-managed services, SDA uses real-time usage metrics to right-size resources. This architecture's flexibility helps you swiftly adapt to and integrate new offerings, such as the latest EC2 instance generations. You can benefit from peak platform performance at competitive prices, all while maintaining a focus on sustainability.
-
Cost OptimizationRead the Cost Optimization whitepaper
As a subscription-based SaaS provider, SDA focuses on cost efficiency in its operations. By maximizing price-to-performance ratios with AWS resources, we help ensure savings that directly benefit customers. We prioritized the utilization of serverless services that offer automatic scaling and a pay-as-you-go model, meaning you only pay for the resources you use without having to worry about long-term or upfront commitments. We analyzed usage patterns, established baseline requirements, and instituted scheduled and dynamic auto-scaling policies that adapt swiftly to change in demand. This approach helps ensure that only necessary resources are allocated, eliminating wasteful idle capacities.
-
SustainabilityRead the Sustainability whitepaper
Because SDA only uses serverless services, resources are only consumed when necessary, reducing energy usage and waste. Cloud elasticity reduces operational costs but also contributes significantly to reduce the energy footprint of this Guidance. In the long run, this strategy aids in minimizing environmental impact through optimal resource utilization and lowering carbon emissions associated with data center operations.
Implementation Resources
A detailed guide is provided to experiment and use within your AWS account. Each stage of building the Guidance, including deployment, usage, and cleanup, is examined to prepare it for deployment.
The sample code is a starting point. It is industry validated, prescriptive but not definitive, and a peek under the hood to help you begin.
Related Content
[Title]
Disclaimer
The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.
References to third-party services or organizations in this Guidance do not imply an endorsement, sponsorship, or affiliation between Amazon or AWS and the third party. Guidance from AWS is a technical starting point, and you can customize your integration with third-party services when you deploy the architecture.