Under the hood of GE’s industrial Internet

Article By : Rick Merritt

EE Times gets a virtual look under the hood of GE's designs geared for an industrial Internet of Things.

Even the smartest of smart grids today are rather dull with the smarts limited to metering. Yet getting utilities and even factories to plug into Web services is an uphill battle. GE now claims it is the first to make such connections.

The portfolio of new systems represent a milestone of blending PC and industrial-control technologies in a secure product, said Carpenter, general manager of control platforms in GE's automation and controls group. He gave EE Times a virtual look under the hood of the designs geared for an industrial Internet of Things.

The controllers are "no longer limited to looking down to the physical sensors," said Carpenter. "They are now able to 'look up' in a secure and authenticated way to information beyond the reach of typical control systems" to access to Web data and apps other control systems lack, he said.

The "looking up" involves capturing Web data on anything from weather forecasts to stock market swings. The systems can suggest changes to factory controls based on the data and predictions from home-grown and third-party apps such as GE's Predix software which runs in the systems on Linux or Windows.

The connected control systems can save time and money by raising productivity and lowering maintenance, GE claims. Under the hood, they use virtualisation to create separate OS and network images. Some virtual machines are dedicated to running traditional factory control processes, others handle Web searches and guest apps.

"One of the hardest things was getting a reliable mix of criticality with half the system deterministic — it always looks the same way — and another half running a guest OS," said Carpenter. "In the early days we had some interesting occurrences when we would boot one side and it would have impacts on other," kinks which engineers have now worked out, he added.

GE built the systems using a range of dual- and quad core x86 processors from AMD and Intel. They are mounted on standard ComExpress boards sourced from its own division that sells merchant single-board computers. Previously the GE automation group built its own proprietary x86 boards.

"Where it may have been 5-7 years between processor changes in the past, we can now release a new controller with new processor every 18-24 months" using ComExpress boards, he said.

The systems are also GE's first to use time-synchronised networks, using the IEEE 1588v2 protocol implemented in an FPGA. The approach lets the systems create and run separate virtual network connections.

"We take one high-performance LAN and make it look like two or three LANs with separate guaranteed service levels — this eliminate kilometers of wiring by combining multiple functions on one set of virtually separated networks," Carpenter said.

[GE  Industrial Internet Control System]
Figure 1: GE systems now add Web links and third-party apps to traditional industrial controllers.

Prior control systems simply walled control systems off from any outside connections. GE had to rethink security given the new systems' links to the Internet and third-party apps. The new systems use a hardware root of trust to enable a secure boot and authentication of all connections, techniques well established in general-purpose computing.

"We've changed from airgap to defence-in-depth," said Carpenter. "In the past most controllers were on isolated networks with access controlled through routers, but our assumption is that's not good enough to protect attack from within," he added.

GE's so-called IICS RX3i CPE400 and IICS Mark VIe UCSC systems continue to support traditional industrial interfaces including Profinet, IONet, Foundation Field Bus, Modbus, and others. Some systems use a cellular option to exchange data using OPC Unified Architecture, a secure protocol that evolved from the prior OPC DA/HAD.

This article was originally published by EE Times.

Leave a comment