The components of industrial control system (ICS) can be roughly divided into two categories according to their location: control center equipment and remote site equipment.
The control center equipment is located in the system control center, including human machine interface (HMI), engineer workstation and historian.
Remote site equipment is a kind of equipment which is resident in the production site and directly connected to actuators and sensors. Its main function is to supervise and control the physical process.
Although field devices usually do not interact with people directly, they are more likely to be attacked and damaged because the production site is not as secure as the control center.
Human machine interface (HMI), sometimes called SCADA system, is a system that allows the operator to monitor and control the process.
Human machine interface (HMI) program is usually a pure software application program running on a general purpose computer, which generally runs in Microsoft Windows operating system environment. Common HMI programs in industrial field include Wonderware, WinCC of Siemens, RSView of Rockwell and Areva E-terra.
Figure 1: Schneider HMI HMIDT551
Historian is a database server that records the state history of process control system. In some cases, if the function of historian is powerful enough, it can also be used as HMI of control system. Historian, a history server, usually runs on mainstream operating systems and common hardware devices, and usually has image backup in the enterprise network.
Remote station equipment includes PLC, RTU, IED and relay. Although the functions of these devices are quite different, they can be roughly combined according to their location and similarity.
In addition, the hardware structures used in these devices are similar, generally providing analog or digital I / O and control functions. They read data directly from sensors and send operating instructions to actuators. In some cases, they are connected with other field devices.
Figure 2: A cartoon of SCADA system structure.
In this article, the equipment is simplified. In fact, these devices mentioned above (PLC, RTU, IED and electronic relay) perform a certain function subset in the object relationship model (ORM) of control system.
For example, RTU is usually SCADA system, which only provides the function of field I / O control. Sampling is carried out by field I / O sensor. In individual cases, RTU will generate trigger for actuator.
Figure 3: Industrial control system
The electronic relay will always perform the sampling and triggering functions. RTU will generate status data field points and sometimes process command data field points. The relay will generate status data field points, but it is unlikely to process the data field points of the command. RTU generally has no local control function, but relay has this function. In addition to communication with sensors, actuators and upper control functions, PLC also has important local control functions. These functions seem similar, but they are very different in ORM.
The common commercial PC running HMI communicates with field devices such as PLC through standard network protocol (such as Ethernet). Engineer station and historical database are also common commercial PC or server, which communicate with field equipment through standard network protocol. Field bus and other industrial control protocols based on Ethernet are used to connect field devices to other field devices. Some field devices use RS232 or RS485 standard serial bus communication protocol to connect with intelligent devices. Some field devices are directly connected with sensors, I / O devices and machine devices.
PLC is a field device that can be directly connected to sensors and actuators or other field devices. PLC is controlled locally by logic program (the format is generally defined according to IEC 61131-3 standard), and can receive control command and query request from HMI through control system communication protocol. PLC can be modular or combined into compact fixed shape, but the two types basically use the same underlying components.
Figure 4: Schneider PLC 170DNT11000
