[SEO Subhead]
This Guidance illustrates four architecture design options for deploying Siemens Opcenter Execution, a manufacturing execution system (MES) used to orchestrate and monitor production processes. First, the minimal architecture deploys the primary Opcenter Execution application and supporting components. Second, for high availability, the core applications can be deployed across multiple Availability Zones (AZs), while non-critical applications remain in a single Zone. Third, AWS Managed Services can be used to automate the deployment and management of these applications across AZs. Finally, an AWS Outposts option is available, where Outposts is deployed on-premises, establishing a secure connection to the AWS Region. These diverse options enable manufacturers to choose the deployment model that best suits their requirements for proximity, availability, scalability, and integration with AWS Cloud services.
Please note: [Disclaimer]
Architecture Diagram
-
Overview
-
High availability
-
AWS Managed Services
-
AWS Outposts
-
Overview
-
This architecture diagram is a broad overview showing the minimal deployment of Siemens Opcenter Execution applications on AWS.
Click to enlarge
Step 1
Siemens Opcenter Execution is a manufacturing execution system (MES) used to orchestrate and monitor production processes. For this minimal architecture option, the primary Opcenter ExecutionFoundation/Discrete/Process (OC EX FN/DS/PR) application is deployed on Amazon Elastic Compute Cloud (Amazon EC2) in a private subnet.It is deployed with the supporting Opcenter Connect Manufacturing Operations Management (OC MOM) and licensing applications on another Amazon EC2 instance. Another supporting application of Opcenter Execution Foundation Overall Equipment Efficiency (OC EX FN OEE) is deployed on a separate Amazon EC2 instance.
Step 2
A Microsoft SQL Server database is deployed on Amazon EC2 in a private subnet for use by Opcenter servers as the primary data store.Step 3
A NAT gateway in the public subnet allows application and database servers to reach the internet, while a RDP Bastion server hosted on Amazon EC2 allows access to servers in the private subnet.Step 4
The Application Load Balancer (ALB) serves as an entry point to access the MES application.Step 5
Amazon Route 53 in a private hosted zone is used for routing to the ALB.
Step 6
AWS Backup centralizes and automates data protection for all Amazon EC2 instances.Step 7
Amazon Simple Storage Service (Amazon S3) stores files for the Opcenter Connect MOM application.Step 8
Amazon CloudWatch monitors the health of the workload and the infrastructure. AWS CloudTrail collects the audit logs for these workloads.Step 9
The network connectivity to the on-premises manufacturing and enterprise network is enabled by connecting the customer gateway and the VPN gateway through AWS Site-to-Site VPN or AWS Direct Connect.
Step 10
To enable the visibility of manufacturing operations, the industrial machines in the shop floor tier can connect and send data to the MES application through the Open Platform Communications–Unified Architecture (OPC UA ) communication servers.Operators in the shop floor tier orchestrate the production process by accessing the MES application through browser clients. Local printers and devices are connected through local clients (laptops, PCs).
The integration with the enterprise resource planning (ERP) application in the enterprise tier can connect with the MES application through file folders and FTP transfers. Other office users at the on-premises location can access the MES application through a web browser, enabling wider visibility into the manufacturing process.
Step 1
Siemens Opcenter Execution is a manufacturing execution system (MES) used to orchestrate and monitor production processes. For this minimal architecture option, the primary Opcenter Execution/Foundation/Discrete/Process (OC EX FN/DS/PR) application is deployed on Amazon Elastic Compute Cloud (Amazon EC2) in a private subnet.It is deployed with the supporting Opcenter Connect Manufacturing Operations Management (OC CN MOM) and licensing applications on another Amazon EC2 instance. Another supporting application of Opcenter Execution Foundation Overall Equipment Efficiency (OC EX FN OEE) is deployed on a separate Amazon EC2 instance.
Step 2
A Microsoft SQL Server database is deployed on Amazon EC2 in a private subnet for use by Opcenter servers as the primary data store.Step 3
A NAT gateway in the public subnet allows application and database servers to reach the internet, while a RDP Bastion server hosted on Amazon EC2 allows access to servers in the private subnet.Step 4
The Application Load Balancer (ALB) serves as an entry point to access the MES application.Step 5
Amazon Route 53 in a private hosted zone is used for routing to the ALB.
Step 6
AWS Backup centralizes and automates data protection for all Amazon EC2 instances.Step 7
Amazon Simple Storage Service (Amazon S3) stores files for the Opcenter Connect MOM application.Step 8
Amazon CloudWatch monitors the health of the workload and the infrastructure. AWS CloudTrail collects the audit logs for these workloads.Step 9
The network connectivity to the on-premises manufacturing and enterprise network is enabled by connecting the customer gateway and the VPN gateway through AWS Site-to-Site VPN or AWS Direct Connect.
Step 10
To enable the visibility of manufacturing operations, the industrial machines in the shop floor tier can connect and send data to the MES application through the Open Platform Communications–Unified Architecture (OPC UA ) communication servers.Operators in the shop floor tier orchestrate the production process by accessing the MES application through browser clients. Local printers and devices are connected through local clients (laptops, PCs).
The integration with the enterprise resource planning (ERP) application in the enterprise tier can connect with the MES application through file folders and FTP transfers. Other office users at the on-premises location can access the MES application through a web browser, enabling wider visibility into the manufacturing process.
-
High availability
-
This architecture diagram shows how core, critical Siemens Opcenter Execution applications are deployed across multiple Availability Zones within an AWS Region to achieve high availability.
Click to enlarge
Step 1
For this highly available architecture option, the Opcenter Execution Foundation/Discrete/Process (OC EX FN/DS/PR) application is deployed on Amazon EC2 in a private subnet. It is deployed with the supporting Opcenter Connect Manufacturing Operations Management (OC CN MOM) and licensing applications on another Amazon EC2 instance.These core applications are deployed in multiple Availability Zones for high availability. Non-critical applications, such as the Opcenter Execution Foundation Overall Equipment Efficiency (OC EX FN OEE) application, are deployed on an Amazon EC2 instance in a single Availability Zone.
Step 2
The Microsoft SQL Server database is deployed in a high availability configuration on Amazon EC2 instances in a private subnet in multiple Availability Zones for use by the Opcenter servers as the data store.Step 3
The NAT gateways configured in multiple Availability Zones allow the application and database servers to reach the internet. The RDP Bastion server, hosted on Amazon EC2 in multiple Availability Zones, allows access to servers in the private subnet.Step 4
The ALB serves as the entry point to access the MES application.Step 5
Route 53 in a private hosted zone is used for routing to the ALB.Step 6
AWS Backup centralizes and automates data protection for all Amazon EC2 instances.Step 7
Amazon S3 stores files for the Opcenter Connect MOM application.Step 8
CloudWatch monitors the health of the workload and the infrastructure. CloudTrail collects audit logs for these workloads.Step 9
The network connectivity to the on-premises manufacturing and enterprise networks is enabled by connecting the customer gateway and VPN gateway through Site-to-Site VPN or Direct Connect.Step 10
To enable the visibility of manufacturing operations, the industrial machines in the shop floor tier can connect and send data to the MES application through the OPC UA communication servers. Operators in the shop floor tier orchestrate the production process by accessing the MES application through browser clients.Local printers and devices are connected through local clients (laptops, PCs). The integration with the ERP application in the enterprise tier can connect with the MES application through file folders and FTP transfers. Other office users at the on-premises location can access the MES application through a web browser, enabling wider visibility into the manufacturing process.
Step 1
For this highly available architecture option, the Opcenter Execution Foundation/Discrete/Process (OC EX FN/DS/PR) application is deployed on Amazon EC2 in a private subnet. It is deployed with the supporting Opcenter Connect Manufacturing Operations Management (OC CN MOM) and licensing applications on another Amazon EC2 instance.These core applications are deployed in multiple Availability Zones for high availability. Non-critical applications, such as the Opcenter Execution Foundation Overall Equipment Efficiency (OC EX FN OEE) application, are deployed on an Amazon EC2 instance in a single Availability Zone.
Step 2
The Microsoft SQL Server database is deployed in a high availability configuration on Amazon EC2 instances in a private subnet in multiple Availability Zones for use by the Opcenter servers as the data store.Step 3
The NAT gateways configured in multiple Availability Zones allow the application and database servers to reach the internet. The RDP Bastion server, hosted on Amazon EC2 in multiple Availability Zones, allows access to servers in the private subnet.Step 4
The ALB serves as the entry point to access the MES application.Step 5
Route 53 in a private hosted zone is used for routing to the ALB.Step 6
AWS Backup centralizes and automates data protection for all Amazon EC2 instances.Step 7
Amazon S3 stores files for the Opcenter Connect MOM application.Step 8
CloudWatch monitors the health of the workload and the infrastructure. CloudTrail collects audit logs for these workloads.Step 9
The network connectivity to the on-premises manufacturing and enterprise networks is enabled by connecting the customer gateway and VPN gateway through Site-to-Site VPN or Direct Connect.Step 10
To enable the visibility of manufacturing operations, the industrial machines in the shop floor tier can connect and send data to the MES application through the OPC UA communication servers. Operators in the shop floor tier orchestrate the production process by accessing the MES application through browser clients.Local printers and devices are connected through local clients (laptops, PCs). The integration with the ERP application in the enterprise tier can connect with the MES application through file folders and FTP transfers. Other office users at the on-premises location can access the MES application through a web browser, enabling wider visibility into the manufacturing process.
-
AWS Managed Services
-
This architecture diagram shows how AWS Managed Services deploy Siemens Opcenter Execution applications across multiple Availability Zones within an AWS Region for high availability and fault tolerance.
Click to enlarge
Step 1
For this highly available architecture with the AWS Managed Services option, the Opcenter Execution Foundation/Discrete/Process (OC EX FN/DS/PR) application is deployed on Amazon EC2 in a private subnet. It is deployed with the supporting Opcenter Connect Manufacturing Operations Management (OC CN MOM) and licensing applications on another Amazon EC2 instance.These core applications are deployed in multiple Availability Zones for high availability. Non-critical applications, such as the Opcenter Execution Foundation Overall Equipment Efficiency (OC EX FN OEE) application, are deployed on an Amazon EC2 instance in a single Availability Zone.
Step 2
Amazon RDS for SQL Server is deployed in a high availability configuration in a private subnet for use by Opcenter servers as the data store. If OC EX FN OEE is deployed, then RDS Custom for SQL Server should be deployed instead.
Step 3
The NAT gateway configured in multiple Availability Zones allows applications and database servers to reach the internet.Step 4
The ALB serves as the entry point to access the MES application.Step 5
Route 53 in a private hosted zone is used for routing to the ALB.Step 6
AWS Backup centralizes and automates data protection for all Amazon EC2 instances.Step 7
Amazon S3 stores files for the Opcenter Connect MOM application.Step 8
CloudWatch monitors the health of the workload and the infrastructure. CloudTrail collects audit logs for these workloads.Step 9
AWS Systems Manager is used to manage and access Opcenter application servers in the private subnet.Step 10
The network connectivity to the on-premises manufacturing and enterprise networks is enabled by connecting the customer gateway and VPN gateway through Site-to-Site VPN or Direct Connect.Step 11
To enable the visibility of manufacturing operations, the industrial machines in the shop floor tier can connect and send data to the MES application through the OPC UA communication servers. Operators in the shop floor tier orchestrate the production process by accessing the MES application through browser clients.Local printers and devices are connected through local clients (laptops, PCs). The integration with the ERP application in the enterprise tier can connect with the MES application through file folders and FTP transfers. Other office users at the on-premises location can access the MES application through a web browser, enabling wider visibility into the manufacturing process.
Step 1
For this highly available architecture with the AWS Managed Services option, the Opcenter Execution Foundation/Discrete/Process (OC EX FN/DS/PR) application is deployed on Amazon EC2 in a private subnet. It is deployed with the supporting Opcenter Connect Manufacturing Operations Management (OC CN MOM) and licensing applications on another Amazon EC2 instance.These core applications are deployed in multiple Availability Zones for high availability. Non-critical applications, such as the Opcenter Execution Foundation Overall Equipment Efficiency (OC EX FN OEE) application, are deployed on an Amazon EC2 instance in a single Availability Zone.
Step 2
Amazon RDS for SQL Server is deployed in a high availability configuration in a private subnet for use by Opcenter servers as the data store. If OC EX FN OEE is deployed, then RDS Custom for SQL Server should be deployed instead.
Step 3
The NAT gateway configured in multiple Availability Zones allows applications and database servers to reach the internet.Step 4
The ALB serves as the entry point to access the MES application.Step 5
Route 53 in a private hosted zone is used for routing to the ALB.Step 6
AWS Backup centralizes and automates data protection for all Amazon EC2 instances.Step 7
Amazon S3 stores files for the Opcenter Connect MOM application.Step 8
CloudWatch monitors the health of the workload and the infrastructure. CloudTrail collects audit logs for these workloads.Step 9
AWS Systems Manager is used to manage and access Opcenter application servers in the private subnet.Step 10
The network connectivity to the on-premises manufacturing and enterprise networks is enabled by connecting the customer gateway and VPN gateway through Site-to-Site VPN or Direct Connect.Step 11
To enable the visibility of manufacturing operations, the industrial machines in the shop floor tier can connect and send data to the MES application through the OPC UA communication servers. Operators in the shop floor tier orchestrate the production process by accessing the MES application through browser clients.Local printers and devices are connected through local clients (laptops, PCs). The integration with the ERP application in the enterprise tier can connect with the MES application through file folders and FTP transfers. Other office users at the on-premises location can access the MES application through a web browser, enabling wider visibility into the manufacturing process.
-
AWS Outposts
-
This architecture diagram shows how the AWS Outposts service deploys Siemens Opcenter Execution applications on-premises at a designated location, establishing a secure and low-latency connection to the designated AWS Region.
Click to enlarge
Step 1
For this AWS Outposts option, Outposts is deployed on-premises, and connectivity to the AWS Region is established through an edge router connecting to the Outposts service anchor through the public internet or Direct Connect.
Step 2
The OC EX application is deployed on an Amazon EC2 instance in a private subnet on Outposts. It is deployed with the supporting OC MOM and licensing applications on another Amazon EC2 instance.Another supporting application of Opcenter Execution Foundation Overall Equipment Efficiency (OC EX FN OEE) is deployed on a separate Amazon EC2 instance.
Step 3
The Microsoft SQL Server database is deployed on Amazon EC2 in a private subnet on Outposts for use by the Opcenter servers as the data store.Step 4
A proxy server is deployed on Amazon EC2 instances in a private subnet on Outposts to allow access to the Opcenter application servers and the MES application.Step 5
Amazon S3 on Outposts is used as file storage for the Opcenter Connect MOM application.Step 6
The local gateway on Outposts is used for network connectivity to the enterprise and shop floor tiers, so applications (like ERP) can connect with the MES application.The plant operators can connect to the MES application through browser clients. Industrial machines can connect and send data to the MES through OP CUA servers. Other devices are connected through local UI clients (laptops, PCs).
Step 7
The RDP Bastion server is deployed on an Amazon EC2 instance in a public subnet in an AWS Region. This allows the server access to the servers in the private subnet on Outposts.Step 8
AWS Backup is used to centralize and automate data protection for all Amazon EC2 instances on Outposts. Backups are stored in secured vaults in an AWS Region to restore instances in case of disaster recovery.
Step 9
An Amazon S3 bucket in the Region is used as a backup for the Amazon S3 bucket on Outposts.Step 10
CloudWatch is used to monitor the health of the workloads running on Outposts and in AWS Regions. CloudTrail is used to collect audit logs for these workloads.Step 1
For this AWS Outposts option, Outposts is deployed on-premises, and connectivity to the AWS Region is established through an edge router connecting to the Outposts service anchor through the public internet or Direct Connect.
Step 2
The primary Opcenter Execution Foundation/Discrete/ Process (OC EX FN/DS/PR) application is deployed on an Amazon EC2 instance in a private subnet on Outposts. It is deployed with the supporting Opcenter Connect Manufacturing Operations Management (OC CN MOM) and licensing applications on another Amazon EC2 instance.Another supporting application of Opcenter Execution Foundation Overall Equipment Efficiency (OC EX FN OEE) is deployed on a separate Amazon EC2 instance.
Step 3
The Microsoft SQL Server database is deployed on Amazon EC2 in a private subnet on Outposts for use by the Opcenter servers as the data store.Step 4
A proxy server is deployed on Amazon EC2 instances in a private subnet on Outposts to allow access to the Opcenter application servers and the MES application.Step 5
Amazon S3 on Outposts is used as file storage for the Opcenter Connect MOM application.Step 6
The local gateway on Outposts is used for network connectivity to the enterprise and shop floor tiers, so applications (like ERP) can connect with the MES application.The plant operators can connect to the MES application through browser clients. Industrial machines can connect and send data to the MES through OP CUA servers. Other devices are connected through local UI clients (laptops, PCs).
Step 7
The RDP Bastion server is deployed on an Amazon EC2 instance in a public subnet in an AWS Region. This allows the server access to the servers in the private subnet on Outposts.Step 8
AWS Backup is used to centralize and automate data protection for all Amazon EC2 instances on Outposts. Backups are stored in secured vaults in an AWS Region to restore instances in case of disaster recovery.
Step 9
An Amazon S3 bucket in the Region is used as a backup for the Amazon S3 bucket on Outposts.Step 10
CloudWatch is used to monitor the health of the workloads running on Outposts and in AWS Regions. CloudTrail is used to collect audit logs for these workloads.
Well-Architected Pillars
The AWS Well-Architected Framework helps you understand the pros and cons of the decisions you make when building systems in the cloud. The six pillars of the Framework allow you to learn architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems. Using the AWS Well-Architected Tool, available at no charge in the AWS Management Console, you can review your workloads against these best practices by answering a set of questions for each pillar.
The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.
-
Operational ExcellenceRead the Operational Excellence whitepaper
CloudWatch collects logs, metrics, and events, providing you with a centralized view of your environment. Configure CloudWatch alarms to proactively notify you of any deviations from normal operations, so you can respond and maintain optimal performance.
-
SecurityRead the Security whitepaper
The ALB allows your Amazon EC2 instances to reside in private subnets, shielding them from direct internet exposure. And the Amazon EC2 security groups help ensure that only legitimate network traffic can reach your application and database instances.
-
ReliabilityRead the Reliability whitepaper
AWS Backup enables centralized and automated data protection, allowing you to restore your environment in the event of a disaster. Also, the ALB distributes client requests across healthy Amazon EC2 instances for high availability and fault tolerance.
-
Performance EfficiencyRead the Performance Efficiency whitepaper
The ALB distributes the workload across multiple Amazon EC2 instances, enabling horizontal scalability. CloudWatch provides long-term usage metrics, so you can make informed decisions and fine-tune your environment for optimal performance.
-
Cost OptimizationRead the Cost Optimization whitepaper
CloudWatch offers long-term usage metrics, allowing you to right-size your Amazon EC2 and RDS for SQL Server database instances for cost efficiency. Systems Manager allows you to manage and access your Amazon EC2 instances without the need for additional bastion hosts, reducing your overall infrastructure costs.
-
SustainabilityRead the Sustainability whitepaper
CloudWatch provides long-term usage data for you to make informed decisions about instance sizing, resource utilization, and the adoption of AWS managed services, ensuring the sustainable operation of your environment.
Implementation Resources
A detailed guide is provided to experiment and use within your AWS account. Each stage of building the Guidance, including deployment, usage, and cleanup, is examined to prepare it for deployment.
The sample code is a starting point. It is industry validated, prescriptive but not definitive, and a peek under the hood to help you begin.
Related Content
[Title]
Disclaimer
The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.
References to third-party services or organizations in this Guidance do not imply an endorsement, sponsorship, or affiliation between Amazon or AWS and the third party. Guidance from AWS is a technical starting point, and you can customize your integration with third-party services when you deploy the architecture.