My customer purchased equipment that has Allen Bradley CompactLogix 5370 (1769-L30ER) to monitor and control the equipment. The AB is connected to an ethernet switch and vendor provided a Window 11 Pro computer with two ethernet cards, the computer is connected to the ethernet switch. The computer has LabVIEW for the HMI and has KEPServerEX installed.
The end result I am working on is the customer wants to be able to have event notifications and remote viewing and the capability to add sensors, valve, etc. for the new equipment. The AB controller doesn’t not have any available IO channels and I am not authorized to modify the vendor’s system anyway.
Option 1: Install groov Server for Windows on the Windows 11 PC, configure KEPServerEX, configure groovView to see the AB tags for event notifications and remote viewing. Then add a PAC R1 to the network to support additional IO channels. Connect the computer primary ethernet port to the business network.
Option 2: Install groovEPIC controller, use the secondary ethernet port to connect to the ethernet switch, configure KEPServerEX, configure groovView to see the AB tags, add IO modules to the groovEPIC to support additional IO channels. Connect the EPIC primary ethernet port to business network.
What option do you think I should use? Or do you have a better method for my end result?
My limited experience with KEPServerEX leads me to think that it’s a bit heavy for this job.
I wonder if there is more you are looking to do than just getting data out of a single AB PLC?
Have you used Ignition Edge before?
An EPIC PR2 with the Ignition AB driver would be a very simple ‘no touch’ use case here. @greichert Chime in here if you would.
The PR2 includes groov View.
It also has 4, 8 or 16 channels of I/O modules for any extra signals you’d like to pick up.
Just need to Read Only from AB. The AB is not on the business network, on a private switch. I see Opto22 offers Allen-Bradley DF1 Integration Kit for PAC Control, would that be an option?
The EPIC PR1 has Ignition 7, will AB drivers work with it? Trying to save some $.
The DF1 toolkit is designed to talk through the RS232 serial port of the Opto Controller, to the programming port on an old SLC model PLC. The DF1 driver is implemented in the strategy code. It almost always requires a deep understanding of the protocol in order to be successful with it as the various AB models have slightly different characteristics for DF1 - at least that is what I have discovered. Also your PLC might not even have a DF1 port.
The Ignition Edge approach can save you so much time and effort and provide a long term and supported solution. It runs fine in the PR1 and PR2. Also there are lots of ways to connect to the Edge that are shown in various videos.
Out of the box, the EPICs are set to connect to the untrusted network on Eth1. (All ports closed but 443)
The trusted network (your AB and not much else, by the sounds) would be on Eth0. (A few common industrial automation ports open).
You have total control of the firewall if you want to flip that around, you can.
Normally I connect all my PAC R1 and PR1 eth0 to our business network so I can access them from any computer at work. The AB is isolated from our network only so it can communicate with the Win11 computer with LabView HMI. It’s a standalone network the vendor setup.
Hi Beno, could you clarify this comment a little for me? I am VERY new here, but I was under the assumption this was the other way around from the training video and from the way an Epic connects for PAC Control strategy download out of the box. My conflict: https://training.opto22.com/path/epic-hardware/connecting-to-a-network-and-turning-on-the-processor/1031155 Also, thank you for pouring your heart and soul into this space, very much appreciated!
I looked at the training you linked to and did not see anything unexpected.
Eth1 is the untrusted network, your IT or cell modem etc.
Eth0 is the trusted or OT network.
You can see why in the out of the box firewall settings…
See how Eth1 is blocked pretty much across the board. (Ignore my adventures with shell - that’s an optional add on licence)
No MMP, no PAC Control etc.
All you can do from Eht1 is log into the device via https. That will give you the groov Manage log-in screen. If you don’t give the users your admin password, best they can do is view groov View and perhaps a Node-RED dashboard. Thats it.
If they fire up PAC Control on their PC, Eth1 will not allow a connection to the PAC Control engine on the EPIC as Eht1 blocks access to it.
As I said, you are more than welcome to adjust each rule in the firewall and swap or move access around, but its just a case of changing where you plug each network into. The firewall sets the access.
There is not any hardware rules or limitations about which port does what.
You have full control. We just set things up like this to get our customers off to a smooth start.
Feel free to ask further questions if I have misunderstood the keys to the training link etc.
