The Device Chronicle interviews Ivano Guerra, IoT Software Manager at Soilmec.
Soilmec is a leading global provider of off-highway drilling and foundation equipment. Notably, Soilmec used one of its pieces of equipment to help support the straightening of the Tower of Pisa. Ivano Guerra is the automation and IoT expert at Soilmec and has a long and distinguished career at the group of companies that Soilmec has been part of since 1999. He has witnessed the evolution of the digitalization of field equipment from basic automation and connectivity to IoT connectivity, telemetry, and machine data use in recent years.
Ivano explains why it is essential to have data connectivity to the machines:
Each customer has to sign an agreement to connect its own machine to the cloud fleet management platform, and the customer may also access all DMS-Manager machines data and features by signing a SaaS contract.
In 2008 Ivano started working directly in Soilmec, building the connected capabilities in drilling machines for ground engineering. An HMI computer was installed inside each machine’s cabin, to control the machine’s functions, and a GSM router was added to allow remote management. A fleet management system has been developed to monitor these machines in real-time, manage data transfers, do remote assistance, or perform remote software updates. Soilmec developed an in-house homegrown solution to do this first: 200 machines were initially connected to the homegrown solution. Still, then in 2017, a strategic decision was made to switch over to the PTC Thingworx IoT platform, and they chose the MQTT protocol to transport machine data over the internet. This was an entirely new architecture.
Ivano and his team have focused intensely on security. In the connectivity router, firewall and security is configured based on new protocol specifications. The router is developed by systems integrator NetModule . It is based on an embedded Linux OS. Soilmec does not do the embedded LinuxOS management and build-up in-house. NetModule handles this as a partner to Soilmec and made some customization on it, for giving an up-to-date and secure device. The Soilmec team will configure and set up the router device, in particular all network security parameters, but also GPS settings for machine location. Latest routers can allow a tablet to be connected to the HMI via WiFi hotspot that can optionally be activated. All routers use a GSM connection that was GPRS/EDGE in 2008 up to 4G today and 5G support coming in the next version. More than 700 machines are connected to the cloud platform each year, and over 1200 have been connected since 2008, but some may not need connectivity, and some have old communication routers that will need upgrades to support the latest GSM technologies.
For router security, Ivano and his team are looking to move away from using public IP addresses on routers but rather route all the GSM traffic over private networks. Ivano says this approach would be a private APN for SIM card connection that will route edge traffic through a private network that will be even more secure than now. “This will hide the traffic data and especially device exposure to the internet, so attacks will be challenging, much more difficult to get an attack straight to the device because it won’t be visible to the public internet.”
Soilmec has also already started ISO 27001 security certification, this will be also another step to an even better security.
Traffic data size has also to be controlled. Soilmec is working with a new cellular operator and a portal based on Cisco to track data traffic volumes and make optimizations. Ivano observes, “The data use can be intensive as video streaming is used for a remote maintenance application as customers could use this for many hours per day.” Ivano and his team came up with an intelligent optimization to reduce data traffic costs by switching off the remote maintenance sessions when it was no longer in use by the customer: “Once the data is seen, sessions are automatically switched off if the remote application was no longer in use by a technician after a certain period, let’s say, 5 minutes. This allowed us to save many GB of unnecessary traffic over a 4G connection.”
Ivano notes that the data traffic speed is increasing over 4G, and the use of bandwidth for remote control was not limited in the past. Now a traffic shaper is used to assign the right bandwidth to each network service. Binary data is compressed by up to 70% for transfer.
The embedded hardware for the communication module is updated regularly and certified to fit the use case by Soilmec. The HMI is developed by CrossControl and has a Yocto OS, ARM processor, and a Codesys PLC run time where the application is run. The Yocto OS takes some configuration changes from the SoilMec team. Ivano explains that different parameters need to be set up, such as network configuration, startup services, PLC runtime configuration, and when configuration is tested and approved the features are locked up to the next system upgrade, or swapping out the HMI if the hardware is getting out of date or not fitting a new use case.
The Soilmec team can update configurations on the GSM router remotely: Ivano explains that the Soilmec team has developed a Python application to regularly monitor the more recent routers installed on Soilmec rigs to check their configuration, and if needed it will update the security settings automatically. This is important to keep newtork security always up to date. Netmodule still handles the firmware updates of the routers.
Ivano concludes by saying that a costly task is updating the software that controls the machine – the HMI and the PLC. There are some safety considerations. The software has to follow safety rules because it controls machine movements and so the safety must be verified.
A software update cannot be run automatically but it needs a trained technician to perform it. Soilmec provides the technician with a USB key for the update. The operator then updates the machine, verifies the operation has been completed correctly, and confirms that all the safety configurations have been set correctly before he can approve the software update.
Ivano adds that it would be possible to perform an update remotely, but still a technician must be present locally to confirm that they did the upgrade correctly in line with safety requirements.
We wish Ivano and his colleagues well as they continue to evolve their machine data and remote connectivity strategy and rollout.