Pekka Jarvinen Motion System Drives Västerås, Sweden, pekka.jarvinen@se.abb.com
Electric drives have come a long way since the days when their sole purpose was to deliver power from source to consumer. Advances in the computational power of processors, the growing capacity of memories, and faster interfaces allow them to do a lot more than just drive the rotation of an electric motor. Indeed, the increased performance of the processing units in today’s drives can be used to analyze a steadily increasing amount of information from the systems they are connected to, ranging from more accurate load-related torque estimates to detailed information regarding the electrical grid that the inverter is connected to.
Best possible sensor
In an automation system, the drive is typically the only component that has full knowledge of the components it is connected to. It measures three-phase current and voltage in high resolution and is sometimes equipped with additional sensing capacity such as an encoder and thermal sensors.
When it comes to motors, the complex matheatical models that are needed for the normal operation of a drive constantly calculate accurate torque and speed values and perform grid-positive and negative sequence decompositions and harmonic analyses for their grid-facing interfaces. In short, the drive is, in all probability, the best possible sensor available in a system – and all at no extra charge! The challenge, however, is how to collect, transform and move all the information to where it is needed.
As noted, drives are connected to multiple surrounding systems →01. Locally, they are connected to other automation devices, sensors or commissioning and monitoring tools, and are increasingly involved in providing information that supports remote maintenance, data analysis, and just-in-time service. However, as more and more interfaces are opened up to enable connectivity features, cyber security is becoming a key factor.
With this in mind, ABB is about to introduce a next generation control platform for all its premium drives →02. The platform has been designed from the ground up to support critical security features such as authentication and encryption of firmware, files and applications, and secure connectivity. Furthermore, the new platform is backwards compatible with ABB’s current generation of drives, making its introduction simple and familiar.
Added alongside all of the platform’s pre-existing features, there are now two dual-port Ethernet interfaces one of which can support all Ethernet-based field bus protocols. The processor is now a state-of-the-art system-on-a-chip from AMD featuring a powerful cluster of ARM cores and a field-programmable gate array (FPGA) paired with a powerful, fast memory. In addition, the control platform features multiple hardware upgrades and is now harmonized over ABB’s entire portfolio of premium drives to further simplify the handling of spare parts.
Cryptographic keys
With a view to ensuring the platform’s security, asymmetric and symmetric cryptographic keys are stored in a secure enclave within the device during its manufacturing stage. Asymmetric keys (RSA-4096) are used to validate and confirm that the firmware executing in the device is an authentic ABB firmware release, thus assuring the user that no malicious modifications have been performed to the drive. Encryption keys (AES-256-GCM), on the other hand, protect both the end user’s and ABB’s IP, thus ensuring that valuable data cannot be stolen.
When operating in the IoT domain, one key insight is that the cost of moving and storing data must increase in proportion with the distance it moves away from the device. For example, if all the real-time data of a single drive were moved outside of the drive, the bandwidth required to do this would be of the order of hundreds of megabits per second. As the number of drives increases in an installation, the bandwidth and storage requirements do as well. Moving and storing all this data to the cloud would be economically unfeasible. Traditional compression could be used to reduce the amount of data; however, by utilizing domain knowledge, there is an even more sophisticated way to do this while simultaneously adding value to the data stream.
Real-time applications that require accuracies below the microsecond level and never miss a single execution cycle over the entire lifetime of a product typically run on specialized systems known as real-time operating systems (RTOS). The advantage of an RTOS is that all execution cycles are deterministic and accurate. However, the disadvantage is that tools such as high-level programming languages and algorithms from desktop or web development cannot be used since they often rely on asynchronous and non-constrained execution.
To solve this problem ABB is introducing an embedded edge device →03 with a Linux platform specifically designed for executing asynchronous applications while simultaneously enhancing associated cyber security functions, thus further enabling users to utilize their domain knowledge of the automation system to reduce the amount of data.
The edge device is connected directly to the processing unit of the drive and features the same communication libraries as does ABB’s drive commissioning tool, Drive Composer. This allows the device to access any function or data available in the drive. While Ethernet is the connection mechanism that offers the fastest performance, the device is nevertheless compatible with ABB’s older generation of drives, such as ACS800 and ACS600, which use DDCS optic fiber links. Furthermore, by using its panel port, it is also compatible with drives that are not equipped with Ethernet. For connectivity to the cloud or local servers the device features both an Ethernet interface and an LTE modem. A bluetooth modem is also included for connecting to wireless sensors. Both the edge device and control unit feature the same processing core, with the sizes of their memories and their clock frequencies carefully tailored to their respective use cases.
Containerized software environment
The edge device features a fully containerized software environment that allows secure separation of applications and their independent updates. This means that even if a breach of an application occurs, it will not compromise the entire system. When the edge device rolls off ABB’s production line, it contains only a secure Linux distribution, a boostrapped device management solution, and drivers for its hardware interfaces. Applications that are needed for a specific use case are then loaded to the device ensuring that only functions required by the installation are present, thus minimizing the cyber security attack surface. For example, when connecting to ABB’s drives, an application capable of interfacing with the drive would be loaded, along with a database application for storing data from the drive. Finally, a cloud interface application for moving the data to a desired cloud backend would be added. If additional features, such as connecting to ABB’s smart sensor, are required later associated applications can be added securely and remotely from ABB’s device management interface.
Empowering users
The edge gateway enables partners and customers to create additional value quickly and easily. Now that real-time and asynchronous operations have been separated, users with a data science or application development background can develop applications using familiar technologies such as Python programming, and even use state-of-the-art machine learning technologies like TensorFlow, while still being able to harness all the data available in the drive. For example, an OEM winch manufacturer could utilize the drive to collect a high-resolution torque profile chronology of the motor connected to the winch, and then embed a model of an aging rope in the edge device. The resulting metric covering performance during aging could then be transmitted to the OEM’s own service system, allowing the OEM’s end customer’s winch to be serviced at optimized intervals.
Augmented programmability
The concept of the programmable environment has also been extended down to the real-time world of the drive control unit itself. For example, it is now possible for the first time to allow direct extension of the drive firmware via a software development kit. The kit allows development of latency-free applications directly in the drive using technologies such as Matlab Simulink or even C++ programming.
The user can first simulate an application in a PC environment using ABB’s Virtual Drive →04. The application can then be directly programmed to the drive without needing to restart. The applications, while constrained by strict execution timing and cyclic execution, augment the programmability already enabled by the edge gateway. For instance, an application within the drive could calculate a sliding window fast fourier transform over high-speed signals and then transmit the spectrum along with other needed characteristics of the fast signal to the edge device, thus vastly reducing the amount of data. The edge device could then inject the data into a specifically trained machine learning model, which would detect errors in system behavior and send notifications to the cloud on demand
The programmable environment in the control unit can also be used independently. It is possible, for example, to replace the drive’s speed or DC voltage controller with a different application-specific version of the controller or to add an application that performs specific torque injection to achieve active damping of resonances.
With its new drive control platform, ABB is taking the digital future seriously. Cyber security has been built into the system from the very first millisecond of device service to the product’s end of life. The authenticity of all software is verified before execution. And all sensitive IP has been encrypted and critical communication interfaces have been secured. Thanks to these features, ABB’s partners and customers can focus on value creation using these innovative tools without worrying about malware, cyber-attacks, or the complexity of writing firmware-level software.
