November/December 2010

Wireless/Networking Special Section

HMI in the Cloud: The secret SaaS

Fast Forward

  • A software gateway example is when you use HMI services (monitor, alarm, and control) to share the Internet connection from your HMI server with multiple cloud nodes.
  • A cloud node mimics HMI-server project screens (objects and tag values) in any
    device that has a standard browser.
  • The three S's in "HMI in the Cloud" computing are security, simplicity, and speed.
By Ramal Murali

Traditional business computing involves hardware, operating system, application software, and infrastructure. All this complexity may require facilities and expert staff to install, configure, and maintain. The modern business computing concept involves outsourcing the headache of ownership to someone else; the focus is on what needs to be done, not on the infrastructure and other non-essential details of how to get it done. With this focus, there are two important aspects of the customer task-selection of applications of interest and selection of companies who provide such application functionality to be accessed over the Internet.

wire2Since a cloud is used to represent the Internet in the network diagrams representing modern computing, the term "cloud computing" is used when an Internet connection is utilized to access the application functionality of interest from "cloud vendors."

The SPI framework is the most accepted classification in cloud computing: The 'S' stands for Software as a Service (SaaS); the 'P' stands for Platform as a Service (PaaS); and the 'I' stands for Infrastructure as a Service (IaaS).

This article presents ideas on how SaaS is an essential ingredient to make Human Machine Interface "(HMI) in the Cloud" a reality. In Software Horizons' implementation of GoToMyHMI, some elements of infrastructure and specialized platform are inter-woven with SaaS to meet the goal of providing an "HMI in the Cloud." It is thinking that is out of the box and in the cloud.

The important elements in the design and implementation of a traditional HMI are as follows: A designer is used to create your HMI project (Tag Database, Screen Objects, etc.). The project is then deployed on the target platform to be rendered by the runtime software installed on that platform for the benefit of users (operators and managers).

HMI server connection for Internet access

Most traditional HMI runtime servers can also support remote runtime clients (installed on a Windows Platform) over the Internet; however, the focus here is browser-based cloud nodes as opposed to runtime clients.

Connection to the Internet requires two things:

  • DNS server to resolve the domain name you are trying to access into the equivalent IP address
  • Gateway where your network connects to the Internet

A gateway or a router facilitates communication among hosts that are not on the same logical network (e.g., IP-subnet). The router receives packets of data on an interface and uses a routing table (logical network locations) to route them to their destination. The function of a gateway can be performed by hardware, as in the case of routers, or software.

HMI-gateway in the cloud

An example of a software gateway is when you use HMI services (monitor, alarm, and control) in order to share the Internet connection from your HMI Server A with multiple cloud nodes. (Cloud node means a suitable hardware platform running a standard web browser session, where the authorized user logs in to access the HMI services.) In this example, GoToMyHMI gateway not only relays information across networks, it also performs the "conversion of protocols" (i.e., HMI project screens and data to browser screen display and data). It also performs Node Access Translation to deliver the HMI packets to its destination (from/to HMI server to/from cloud nodes). Such a gateway provides multiple cloud nodes independent access to the HMI server simultaneously.

Cloud node vs. client node

A cloud node mimics your HMI-server project screens (objects and tag values) in any device that has a standard browser. It allows you to monitor any screen objects, view and acknowledge alarms, and allow control (entry of discrete and analog data values) through appropriate screen objects.

A client node is a Windows platform (usually a PC) with a fully licensed HMI runtime installed and running the same project as the HMI server, but using the server as the data source. It has the capability of running a project different from the server's project, as it can acquire object tag information from controllers using the server as a proxy to access such controller tags. A client node makes a direct connection over the Internet to the HMI server for information exchange between client and server.

Three S's in "HMI in the Cloud" computing

Security: When it comes to security, the system is only as strong as the weakest link in the chain. Three factors that figure in most security considerations are authentication, authorization, and auditing.

With authentication, one can be confident of the identity of the sender and the integrity of the message. A certified secure site can be trusted as it is secured with a Web Server Certificate, and all browser connections and transactions are protected with SSL (up to 256-bit Secure Sockets Layer encryption). When you access the web site using any standard browser (smartphone, tablets, laptop PC, etc.) your browser establishes a secure link, which is indicated in your browser session with a "lock" icon and the protocol https: in the pathname.

Authorization usually involves user name and password. All remote browser access to your HMI servers (behind your firewall) is controlled by your policy. Your admin can setup designated ports to access HMI-server behind the firewall, as well as user access in accordance with company policy.

Auditing useful logged information on user access enables assigning responsibility for user actions. The goal is to have an "HMI in the Cloud" that is secure enough for everyday use and easy enough for the user, while exhibiting acceptable performance and reliability characteristics.

Simplicity: Ease of use and intuitiveness of the user interface are essential for user acceptance. Building a complex fortress chock full of functionality is futile if user acceptance is lacking.

Establishing cloud access to HMI-server is as easy as 1-2-3:

  • Install and develop HMI server in the traditional way.
  • Establish cloud ser­vice business arrangement with cloud vendor.
  • Setup user access security policy.

You are ready to go. Use any standard browser on any device-no downloads, no tedious installs. Login and you have the HMI in your hands where you are. Switch screens, view alarms and acknowledge them, and even perform remote control data entry as permissible. You may even use a web camera to confirm your actions took in the factory or the field using web-cam views.

Speed: Get your HMI screens in the browser updated in seconds, typically five seconds. Control actions usually take place much faster (one second) as can be verified by web-cam views. Of course, the speed depends on Internet connection speeds, latency, and network traffic. 

Receive alarm notifications instantly by e-mail wherever you are. Click on the link provided in e-mail for your HMI screen alarm view. Take prompt action from where you are, without tedious side trips to assess the situation before taking action.

Because internet traffic and latency are not predictable, "HMI in the Cloud" should not be used in life-threatening or critical emergency applications.

Other factors

Bandwidth requirements: High-speed Internet upload bandwidth in the range of 5 Mbps is available from cable companies at reasonable cost. Faster the screen update speeds desired, the higher the bandwidth required.

Service Level Agreements (SLA) for availability and performance are available from Internet service providers.

Cost: "HMI in the Cloud" computing models are amenable to "pay as you go" low subscription cost (per user, per month).


Ramal Murali is president of Software Horizons Inc. He has over 20 years experience and holds a bachelor's degree in electrical engineering, a master's degree in applied electronics, and a Ph.D. in applied mathematics from Harvard University.