AUD17 – Versions- und Änderungsmanagement,
Audit trails und Disaster Recovery in
Produktionsanlagen mit
Agenda
Q&A
AssetCentre Components
AssetCentre Overview
Introduction
Practical Demonstrations
Common Plant Conversations
Its running; so it is probably fine. We might have downloaded the wrong program to this machineOur Security Risk Profile…What is that?
We think we lost a version of the program for that machine.
Minor changes to stay Operational tend to cause major
problems later If only we could get info from our critical devices so we would know if something is out of spec We are not sure if we
have every asset’s configuration program
Archive
Centralized, versioned, secure configuration storage Data repository built on MSSQL
Files & Folders (i.e. .acd, .mer, .doc, .xls, .xml, etc..)
Binder, collection of files/folders managed as a single entity (i.e. Zip file)
Disaster Recovery
Automatically back-up system devices
Compare current programs to archive and generate difference reports
Logs
Audits: Track authorized user changes (i.e., user check-out & check-in a file) Events: Tracks system activities (i.e., emailed report XYZ.pdf to user ABC@.com) Built on FactoryTalk Audit & Diagnostics
Reporting
Produce reports via Logs (audits/events) Schedule a report or “run now”
Archive: Version Control/Source Control
Archive functions are accessible via the Archive Plug-In
Check Out
Check In
Undo Check Out
Get
Pin
Label
Archive: FactoryTalk AssetCentre Binder
•
Ability to manage a collection of files and/or folders as a single entity
•
Set filters to include and/or exclude content
•
Set a Key File, used to launch a specific program (i.e., FactoryTalk View
Studio) when issuing the “open” command
Check In
Content via
filters
Filters can be
changed when
Binder is
“Check out”
View Version
Filters
Content
Archive: Archive-to-Archive Compare
Archive-to-Archive Compare:
Disaster Recovery
Scheduled automatic backup of plant-floor asset configuration
Optionally compares the backup configuration against an archived version
Latest or specific version Pinned version
Create new version when difference detected
Disaster Recovery Options
Rockwell Automation devices
Logix5000 architecture, SLC-500,
PLC-5
PanelView Plus, Standard and
Enhanced
Drives
Remote Computers
Files and folders (leveraging binders)
Generic FTP Devices
Files and folders (leveraging binders)
Siemens S7
400 and 300 family processors Protocol TCP/IP
Siemens S5
100 family processors Protocol TCP/IP
Fanuc Robots
RJ3 and RJ3i controller
Fanuc CNCs
Supported with FASConnect v1.4
Motoman Robots
XRC and NX-100 controller
ABB Robots
Extend: Custom Device Plug-In
Extend device backup support by creating
custom device plug-in to access 3
rdparty devices
AssetCentre interacts (start) with custom
application(s) by passing command line
arguments if required and retrieves the backup
file(s) automatically at scheduled intervals and
stores files archive/logs
AssetCentre compares uploaded file(s) against
archived copy regarding new, deleted or changed
content
FactoryTalk
AssetCentre
New In Rel. 6
Tamper Detection
AssetCentre detects changes in real time!
Continuous monitoring of Logix controller for changes Detect Rogue changes in real time!
On Detect, AssetCentre logs activities and create a report Report can be configured to be sent on email
Track User Actions: Audits / Events
Serves as a central repository for audit information in real-time from Rockwell Automation devices and FactoryTalk applications (e.g. Studio 5000 Logix Designer, View SE)
Audit / Event messages include logged time, time of occurrence (when), user name (who), device, computer name (where) and action taken (what)
Excellent central point for troubleshooting and diagnostics of all FactoryTalk components
Searching & Reporting
Conduct scheduled and on-demand searches
Create reports from Events, Audits and Archive
information
Facilitates scheduled and on-demand reporting Report on traceability information from Events &
Audits as well as Source Control information
Excellent troubleshooting and diagnostic tool
Examples
Search for any program modification by
shift by line or both
Search archive history to determine what
files a user has modified during last month
Search audit log at the end of every shift
for any I/O forces
Set specific security policies by asset in the Asset View
FactoryTalk AssetCentre Authentication
Common
Configure Security Create Children Delete
AssetCentre
Check Out / Check In Get
Process Device Support – Device Configuration
and Calibration Management
Device configuration
Acting as a host system, or frame
application (DTM frame).
Supports a wide variety of process
instruments and buses through plug-in drivers (Devivce DTMs) from device manufacturers.
Instrument calibration management
You can efficiently manage calibration data
associated with your process instruments.
ProCalV5 from Prime Technologies Inc. Scheduling
Records, Standards and Certificate
management
Process Device Configuration &
Calibration Management
Process Device Configuration (PDC)
Acting as a host system, or frame
application, FactoryTalk AssetCentre gives you the ability to work with multiple vendors’ devices in one common platform, reducing overall maintenance and field time.
Calibration Management
You can efficiently manage calibration data
FDT/DTM Standard for Process Device
Configuration
• Remote access to the Process Device configurations data and diagnostics
• FDT (Field Device Tool) Open Standard
– FDT Frame (Asset Management System) – DTM (Device Tool Manager)
• CommDTM • DeviceDTM
DTM Frame
CommDTM
DeviceDTM
Asset Management Tool (Instrumentation Configuration Tool)
FactoryTalk AssetCentre Components
FactoryTalk AssetCentre Server
Governs the system’s operations
Microsoft SQL Server 2012 or 2008 R2
Hosts FactoryTalk AssetCentre
databases
FactoryTalk AssetCentre Client
Permits users to configure and use
the system, view logged events and perform other associated tasks
FactoryTalk AssetCentre Agent
Expanded
Scalable Architecture
Additional AssetCentre Agents can be added to handle larger systems with higher asset count
AssetCentre Scheduler automatically load-balances tasks across Agents
Multi Independent Agent Groups
(9515-ASTAGCAP4)
Agent Groups provide the ability to
categorize Agents, allowing them
to be configured independently of
one another
Help with multiple operating
systems, network architecture
support and application version
requirements
Licensing
PLANT 1 PLANT 2 Asset1 Asset2 Asset3 Asset4 Asset5 Asset6 Agent Group 2 Agent 2 FTD 1 Agent 4 FTD 1 AssetCentre Server New In Rel. 6Modular Approach
Easy to build initial solution
AssetCentre Server includes
Archive (Check in/out) Events & Audits
Security 10 Assets
Easy to add capabilities
Disaster Recovery Agent Groups
Process Device Configuration Calibration Management
Delivering Value from Change
Management
L
U
E
Archive Archive Logs Logs Disaster Recovery Disaster Recovery Reporting Reporting Authentication Authentication PREVENTION CONTROL ACCOUNTABILITY DETECTION PROACTIVEDemo
Version control /