ch as Nestlé and Unilever expect 100% system availability. Therefore, machine builder Big Drum Engineering sees demand-oriented maintenance and fast troubleshooting via remote service as key to this increasingly critical success factor. In providing these, the company places great emphasis on safety and security.Big Drum Engineering develops, constructs, and installs filling machines for the worldwide ice cream and general foods industry. Any downtime here can quickly lead to huge losses. If an ice cream filling process is interrupted for longer periods of time, this can have serious consequences. “With the exception of the Sahara, our systems are used in almost every region of the world and on every continent. To ensure 100% availability of our systems, we have developed a particularly effective and secure remote service infrastructure,” reports Andreas Itter, Sales & Marketing Manager at Big Drum Engineering.
Ongoing monitoring of machine parameters
The machine manufacturer adapts to trends set by major companies in the food industry. For 100% system availability, a permanent online connection is expected as a prerequisite for better service standards, preventive maintenance, and higher security levels. “Large customers such as Nestlé and Unilever expect us to deliver services in accordance with total productive maintenance (TPM). The demand from other companies has also increased strongly in this area,” said Andreas Itter. This requires constant monitoring of the machines, the transmission of key parameters to the machine manufacturer’s headquarters, and on-going control of data by service technicians.
The machine manufacturer has relied on remote service for ten years. All systems with programmable logic controllers from Allen-Bradley are routinely equipped with a remote service module. Meanwhile, there are over 100 of these systems in use. “Over the past few months, we have seen a much stronger acceptance and significantly higher demand for remote services,” reports Andreas Itter. Big Drum’s service department is staffed 24x7 and can immediately react to any disturbance. For secure online connectivity, the machine manufacturer relies on the mGuard connectivity solution from Innominate, a subsidiary of the Phoenix Contact Group. It can be flexibly configured to allow for the provision of machine-specific and customer-specific services.
A recent trend in the sector is need-based maintenance. Some machine components are subject to greater wear than others. It is necessary to keep a closer eye on them, with a particular focus on continual monitoring of the servo drives. Sensors register various factors, including the temperature of the servo motors, and data can be continuously transmitted to the machine manufacturer. If predefined tolerance values are exceeded, an automatic e-mail can be sent with a warning message to the service team. Rising temperatures of the servo motor are an early indication to the service technician of possible problems due to wear. With a timely inspection of the servo motor, downtime can be prevented, thus avoiding any downtime of the entire system.
More services through the connectivity platform
Already during start-up, the systems’ continuous online connection is a great advantage. Frequently, 100% functionality of the new system can only be verified on-site under real production conditions, e.g., because the system control software with customer-specific settings is being taken over from an existing system. Through the continuous online connection, specialists can accompany the start-up remotely. During the following warranty phase, service technicians can introduce other optimizations based on the online machine log, and immediately handle problems. In the final service phase, remote service allows ongoing monitoring of machine parameters and troubleshooting. This enables deviations in filling volume, compliance with predefined opening and closing times of the valves, or machine-specific cycle times to be permanently monitored.
What’s more, plant operators frequently expect stored technical drawings or lists of spare parts to be accessible directly from the machine’s control panel. Because spare parts from external manufacturers have repeatedly led to system failures, Big Drum intends to further expand this service area, allowing spare parts to be ordered directly from the control panel in the future. This will simplify and accelerate any necessary replacements, while also ensuring the use of original spare parts.
Improved system availability through remote service
Secure broadband IP/VPN connections are used for online monitoring. These are significantly more reliable and stable compared with the previous modem connections. They also cover ever-increasing data volumes and expanded services. “We have had very good experiences with the mGuard solution. The technology is very reliable, it ensures the highest security standard, and Innominate’s service is very good,” says Andreas Itter, who gives high marks across the board for the mGuard solution. He emphasizes the permanent availability of his contact person at Innominate. The company had had negative experiences in the past with other manufacturers in this regard.
"The remote service has further increased system availability, and we have been able to reduce fault-clearance times by 70%. With access to remote data, we can not only troubleshoot faster, but are also significantly less expensive for our customers due to the elimination of high travel costs,” says Andreas Itter, summarizing the benefits. With online service, even machine operators in conflict areas can be supported while service staff is not available on-site due to political riots.
Increased customer acceptance
Andreas Itter reports that many customers’ IT departments were initially reluctant upon hearing that interventions would come from outside the corporate network. But acceptance has improved with the verifiably secure connectivity solution. The industrial security specialist Innominate has been highly convincing in this area. The mGuard contains security features that were developed specifically for the field of industrial systems. An Internet connection to the machine manufacturer only materializes when an employee manually switches a VPN key switch (remote access OFF/ON) to “ON”.
Secure IP/VPN connections
Several functions have been integrated into the mGuard to protect IP data connections. These include a VPN-enabled Ethernet router and a configurable firewall with dynamic packet filter. Service technicians connect to plant operators via a virtual private network (VPN). The mGuard takes on the role of the VPN gateway in this process. Service technicians are thus connected to the plant network in a common network via the Internet. Confidentiality and authenticity are safeguarded through the use of cryptographic protocols. A hardware-accelerated encryption via 3DES (168 bits) or AES (128, 192, 256 bits) and the IP Security Protocol (IPsec) are used in this process.
With the integrated firewall, the Big Drum system can be sealed off from the production network of the customer. The configurable stateful packet inspection firewall protects against any unauthorized access. The dynamic packet filter scans for new connection attempts based on their addresses and ports of origin and destination, blocking any unwanted traffic. The parameters of authorized connections are stored in a connection tracking table until they are terminated and all corresponding (response) packets are automatically recognized and accepted.
Text box: CIFS Integrity Monitoring provides security
mGuard CIFS Integrity Monitoring is an optional mGuard firmware module offering an industry-suitable alternative to antivirus software. Without continuous supply of current virus patterns, this module can detect whether a Windows-based system (controller, control unit, PC) has been attacked and/or manipulated by malware. It consists of two components, CIFS Integrity Checking and the CIFS Antivirus Scan Connector, which can either be used individually or together. CIFS Integrity Checking screens Windows network drives to see whether executable files (e.g. *.exe, *.dll) have been modified in comparison to the reference status. The CIFS Antivirus Scan Connector enables an external virus scan on the drives of systems “behind” the mGuard, which would otherwise not be accessible from the outside (e.g. industrial PCs in production cells) and which cannot use locally installed antivirus software.
CIFS Integrity Monitoring thus provides improved protection based on the protocol family CIFS/SMB (Common Internet File System/Server Message Blocks) for file shares frequently used for data exchange within the environment. These are common gateways for malware that have been exploited e.g. by Stuxnet and the Conficker worm for their dissemination. In addition, CIFS Integrity Monitoring prevents damages from zero-day attacks – from malware that is already circulated on the day a new vulnerability is recognized, i.e., for which malware signatures have not yet been created.
About Big Drum Engineering
Big Drum Engineering develops, constructs, and installs filling machines for the worldwide ice cream and general foods industry. Big Drum Engineering machines fill creamy and liquid products in containers from 50 ml to 5 l with an output of up to 50,000 units per hour.
