[go: up one dir, main page]

WO2002005509A2 - Architecture de reseau de recouvrement d'equipement - Google Patents

Architecture de reseau de recouvrement d'equipement Download PDF

Info

Publication number
WO2002005509A2
WO2002005509A2 PCT/US2001/041116 US0141116W WO0205509A2 WO 2002005509 A2 WO2002005509 A2 WO 2002005509A2 US 0141116 W US0141116 W US 0141116W WO 0205509 A2 WO0205509 A2 WO 0205509A2
Authority
WO
WIPO (PCT)
Prior art keywords
equipment
piece
application
computer
protocol
Prior art date
Application number
PCT/US2001/041116
Other languages
English (en)
Other versions
WO2002005509A3 (fr
Inventor
Keith E. Bennett
Richard E. Loose, Jr.
Jean-Yves Bancilhon
Original Assignee
Symphony Systems
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Symphony Systems filed Critical Symphony Systems
Priority to AU2001279263A priority Critical patent/AU2001279263A1/en
Publication of WO2002005509A2 publication Critical patent/WO2002005509A2/fr
Publication of WO2002005509A3 publication Critical patent/WO2002005509A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0226Mapping or translating multiple network management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0213Standardised network management protocols, e.g. simple network management protocol [SNMP]

Definitions

  • This invention relates generally to equipment monitoring and/or control, and more particularly to supplementing an equipment control system with an equipment overlay network.
  • FIG. 1 A one variation of an equipment control system 101 couples the equipment 107, 109 directly to a control computer 103.
  • FIG. IB illustrates another equipment control system 111 that couples equipment 119, 121 to a controller 117.
  • the controller 117 may be further connected to a control computer 113 as shown in FIG. IB.
  • the computer/controller hosts various software equipment applications 103, 115 that determine the status of the equipment by sending information requests to the equipment and receiving the status information in return.
  • an equipment application may also issue commands to change the operation of the equipment.
  • Equipment applications require an "equipment driver" for each kind of equipment.
  • an automated process system utilizes programmable logic controllers to control a plant.
  • equipment communicates by a protocol specific to each type of equipment, and a different driver must be created for each type of equipment for each application.
  • Developing the device drivers is both time-consuming and expensive, and limits the application market.
  • the telecommunications industry has partially addressed this issue by requiring implementation of SNMP (Simple Network Management Protocol) on all equipment ⁇ thus making SNMP a "native" equipment protocol — so that SNMP applications can control the equipment.
  • Brookside Software has created a solution for monitoring equipment health using a "pass-through" architecture that allows both a Brookside application and a host application to communicate with the equipment, but does not open up access to the equipment to other applications.
  • controllers When the controllers understand multiple different equipment protocols, the use of the controller can isolate an equipment application from the unique characteristics of the underlying equipment.
  • an equipment control system configured with controllers does not completely ease the burden of creating new applications because an application must be able to interface with each type of available controller and changes must be made to each installed controller to support any new functions required by the new application.
  • multiple applications may need concurrent access to the equipment, a capability that is not provided by the prior art equipment monitoring and control systems.
  • An equipment overlay network architecture defines a network that allows access to equipment in a facility by an application that uses a protocol not native to the equipment.
  • the equipment overlay network architecture includes an equipment server logically located between the equipment and the application that converts between the non-native protocol of the application and the protocol native to the equipment.
  • the equipment server is also coupled into an equipment control system controlled by a host computer to pass through messages in the native protocol from applications executing on the host computer. Furthermore, the equipment server manages concurrent access for multiple requests for the equipment.
  • the equipment server can be external to the equipment or can be embedded in the equipment.
  • the equipment overlay network architecture also includes a physical network through which the application exchanges messages with the equipment server.
  • the equipment overlay network architecture logically provides a non-native protocol layer on top of an existing equipment control system.
  • the equipment overlay network architecture enables access to the equipment by entities physically external to the facility.
  • the equipment overlay network architecture defines a network that provides shared access to equipment in a facility by multiple applications without disrupting the existing infrastructure in the facility and without requiring customized interfacing and adaptation to that infrastructure. Furthermore, the architecture allows applications to access equipment through protocols and interfaces not native to the equipment. The external access enables the various vendors and suppliers that provide, service and maintain the equipment to collaborate electronically to quickly resolve problems and increase the productivity of the equipment.
  • FIGs. 1 A and IB are diagrams of embodiments of prior art equipment control systems
  • FIG. 2A is a diagram of one embodiment of an operating environment suitable for practicing the present invention.
  • FIG. 2B is a diagram of one embodiment of a computer system suitable for use in the operating environment of FIG. 2A;
  • FIG. 3 A is a diagram of one embodiment of an equipment overlay network architecture according to the present invention.
  • FIG. 3B is a diagram of one embodiment of an equipment server for the equipment overlay network architecture of FIG. 3A;
  • FIGs. 4A-C are flowcharts of one embodiment of methods performed by the equipment server of FIG. 3B; and FIG. 5 is a diagram of a security hierarchy used in a particular implementation of the invention.
  • FIGs. 2A and 2B are intended to provide an overview of computer hardware and other operating components suitable for implementing the invention, but is not intended to limit the applicable environments.
  • One of skill in the art will immediately appreciate that the invention can be practiced with other computer system configurations, including hand-held devices, server appliances, multiprocessor systems, microprocessor-based or programmable consumer electronics, network PCs, minicomputers, mainframe computers, and the like.
  • the invention can also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network.
  • FIG. 2A shows several computer systems that are coupled together through a network 203, such as the Internet.
  • the term "Internet” as used herein refers to a network of networks which uses certain protocols, such as the TCP/IP protocol, and possibly other protocols such as the hypertext transfer protocol (HTTP) for hypertext markup language (HTML) documents that make up the World Wide Web (web).
  • HTTP hypertext transfer protocol
  • HTML hypertext markup language
  • the physical connections of the Internet and the protocols and communication procedures of the Internet are well known to those of skill in the art.
  • Access to the Internet 203 is typically provided by Internet service providers (ISP), such as the ISP 205, and application service providers, such as ASP 207.
  • ISP Internet service providers
  • ASP 207 application service providers
  • client computer systems 221, 225, 235, and 237 obtain access to the Internet through the service providers, such as ISP 205 and ASP 207. Access to the Internet allows users of the client computer systems to exchange information, receive and send e-mails, and view documents, such as documents which have been prepared in the HTML format. These documents are often provided by web servers, such as web server 209 which is considered to be "on" the Internet. Often these web servers are provided by the ISPs, such as ISP 205, although a computer system can be set up and connected to the Internet without that system being also an ISP as is well known in the art.
  • the web server 209 is typically at least one computer system which operates as a server computer system and is configured to operate with the protocols of the World Wide Web and is coupled to the Internet.
  • the web server 209 can be part of an ISP or ASP which provides access to the Internet for client systems.
  • the web server 209 is shown coupled to the server computer system 211 which itself is coupled to web content 220, which can be considered a form of a media database. It will be appreciated that while two computer systems 209 and 211 are shown in FIG. 2A, the web server system 209 and the server computer system 211 can be one computer system having different software components providing the web server functionality and the server functionality provided by the server computer system 211 which will be described further below.
  • Client computer systems 221, 225, 235, and 237 can each, with the appropriate web browsing software, view HTML pages provided by the web server 209.
  • the ISP 205 provides Internet connectivity to the client computer system 221 through the modem interface 223 which can be considered part of the client computer system 221.
  • the client computer system can be a personal computer system, a handheld device, a network computer, a Web TN system, or other such computer system.
  • the ASP 207 provides Internet connectivity for client systems 225, 235, and 237, although as shown in FIG. 2, the connections are not the same for these three computer systems.
  • Client computer system 225 is coupled through a modem interface 227 while client computer systems 235 and 237 are part of a LAN. While FIG.
  • each of these interfaces can be an analog modem, ISDN modem, cable modem, satellite transmission interface (e.g. "Direct PC"), or other interfaces for coupling a computer system to other computer systems.
  • Client computer systems 235 and 237 are coupled to a LAN 233 through network interfaces 239 and 241, which can be Ethernet network or other network interfaces.
  • the LAN 233 is also coupled to a gateway computer system 231 which can provide firewall and other Internet related services for the local area network.
  • This gateway computer system 231 is coupled to the ASP 207 to provide Internet connectivity to the client computer systems 235 and 237.
  • the gateway computer system 231 can be a conventional server computer system.
  • the web server system 209 can be a conventional server computer system.
  • a server computer system 243 can be directly coupled to the LAN 233 through a network interface 245 to provide files 247 and other services to the clients 235, 237, without the need to connect to the Internet through the gateway system 231.
  • the invention is not so limited and the equipment overlay network architecture is equally applicable to Virtual Private Networks (VPNs), proprietary networks, and secure networks that can be separate from, or layered onto, the Internet.
  • VPNs Virtual Private Networks
  • secure networks that can be separate from, or layered onto, the Internet.
  • the invention encompasses various communication, document and data protocols in addition to those described above.
  • FIG. 2B shows one example of a conventional computer system that can be used as a client computer system or a server computer system or as a web server system. It will also be appreciated that such a computer system can be used to perform many of the functions of an Internet service provider, such as ISP 205.
  • the computer system 251 interfaces to external systems through the modem or network interface 253. It will be appreciated that the modem or network interface 253 can be considered to be part of the computer system 251.
  • This interface 253 can be an analog modem, ISDN modem, cable modem, token ring interface, satellite transmission interface (e.g. "Direct PC"), or other interfaces for coupling a computer system to other computer systems.
  • the computer system 251 includes a processor 255, which can be a conventional microprocessor such as an Intel Pentium microprocessor or Motorola Power PC microprocessor.
  • Memory 259 is coupled to the processor 255 by a bus 257.
  • Memory 259 can be dynamic random access memory (DRAM) and can also include static RAM (SRAM).
  • the bus 257 couples the processor 255 to the memory 259 and also to non-volatile storage 265 and to display controller 261 and to the input/output (I/O) controller 267.
  • the display controller 261 controls in the conventional manner a display on a display device 263 which can be a cathode ray tube (CRT) or liquid crystal display.
  • CTR cathode ray tube
  • the input/output devices 269 can include a keyboard, disk drives, printers, a scanner, and other input and output devices, including a mouse or other pointing device.
  • the display controller 261 and the I/O controller 267 can be implemented with conventional well known technology.
  • a digital image input device 262 can be a digital camera which is coupled to an I O controller 267 in order to allow images from the digital camera to be input into the computer system 251.
  • the non-volatile storage 265 is often a magnetic hard disk, an optical disk, or another form of storage for large amounts of data. Some of this data is often written, by a direct memory access process, into memory 259 during execution of software in the computer system 251.
  • computer-readable medium includes any type of storage device that is accessible by the processor 255 and also encompasses a carrier wave that encodes a data signal.
  • computer system 251 is one example of many possible computer systems which have different architectures. For example, personal computers based on an Intel microprocessor often have multiple buses, one of which can be considered to be a peripheral bus.
  • Network computers are another type of computer system that can be used with the present invention. Network computers do not usually include a hard disk or other mass storage, and the executable programs are loaded from a network connection into the memory 259 for execution by the processor 255.
  • a Web TV system which is known in the art, is also considered to be a computer system according to the present invention, but it may lack some of the features shown in FIG. 2B, such as certain input or output devices.
  • a typical computer system will usually include at least a processor, memory, and a bus coupling the memory to the processor.
  • the computer system 251 is controlled by operating system software which includes a file management system, such as a disk operating system, which is part of the operating system software.
  • a file management system such as a disk operating system
  • One example of an operating system software with its associated file management system software is the operating system known as Windows '95 ® from Microsoft Corporation of Redmond, Washington, and its associated file management system.
  • the file management system is typically stored in the non-volatile storage 265 and causes the processor 255 to execute the various acts required by the operating system to input and output data and to store data in memory, including storing files on the non-volatile storage 265.
  • FIG. 3A illustrates an equipment facility 301, such as a semiconductor fabrication plant, that physically connects a host computer 305 to an equipment controller 307 in an equipment control system 303.
  • An equipment application 319 executing on the host computer 305 typically communicates to the equipment controller 307 using messages formatted to a protocol specific to the architecture of the equipment control system 303, referred to hereinafter as "the control protocol.”
  • the underlying transport protocol of the physical connections in the equipment control system 303 may also be a standard protocol such as TCP/IP or RS-232.
  • Each connection in the facility 301 that transmits messages formatted according to the control protocol of the equipment control system 303 is illustrated in FIG. 3A as a thick arrow.
  • the equipment controller 307 is coupled to various pieces of equipment 311, 313 to monitor, and optionally control, the equipment as determined by equipment controller algorithms or as requested by the application 319.
  • the equipment controller 307 relays equipment status information back to the application 319.
  • the controller 307 may also control the operation of the equipment 311, 313 as directed by the application program 319.
  • the equipment 311, 313 generally understands only a specific or "native" application protocol which may be a standard protocol, such as SECS (Semiconductor Equipment Communications Standard), OPC (OLE for Process Control) or SNMP (Simple Network Monitoring Protocol), or a protocol proprietary to the equipment manufacturer, and is illustrated in FIG. 3A as a single line arrow.
  • the native protocol may be based on either digital or analog signals.
  • Equipment controller 309 is also coupled to the equipment control system 303, but instead of being coupled directly to the pieces of equipment 315, 314, 317 it controls, the controller 309 is coupled to equipment servers 323, 325, each of which is a general purpose computer or specialized interface hardware executing equipment server software described in the next section. Each equipment server 323, 325 is responsible for passing messages between the equipment 315, 314, 317 and the controller 309 in the native protocol.
  • the equipment servers can communicate with the equipment controllers using the control protocol of the equipment control system 303, shown as a phantom arrow linking the equipment server 323 and the equipment controller 309.
  • the equipment servers 323, 325 are also capable of sending and receiving messages formatted in at least one non-native application protocol, such as HOP (Internet Inter-ORB Protocol), XML (Extensible Markup Language), or a proprietary protocol through an equipment overlay network 321. Connections using the non-native application protocols of the equipment overlay network 321 are illustrated in FIG. 3A as double line arrows. While the equipment servers 323, 325 are coupled to existing equipment to enable the equipment to communicate with the equipment overlay network 321, new equipment may integrate the functions of the equipment server into the equipment, illustrated as server/equipment combination 327 in FIG. 3 A. The server/equipment combination 327 connects to the equipment overlay network and to the equipment control system 303.
  • non-native application protocol such as HOP (Internet Inter-ORB Protocol), XML (Extensible Markup Language), or a proprietary protocol through an equipment overlay network 321. Connections using the non-native application protocols of the equipment overlay network 321 are illustrated in FIG. 3A as double line arrows.
  • server/equipment combination 327 is coupled directly into the equipment control system 303, it communicates in the control protocol.
  • the server/equipment combination 327 may be coupled to an equipment controller to communicate in the native protocol of the equipment (shown as a phantom arrow linking the server/equipment combination 327 and the equipment controller 309).
  • the equipment overlay network 321 is a separate, physical network from the equipment control system 303.
  • the equipment overlay network 321 is a logical protocol layer executing on top of an existing physical equipment control system.
  • the equipment overlay network 321 and the components connected to it define the architecture of the present invention. It will be appreciated that the control protocol of the equipment control system 303 could be later replaced with one or more of the non-native protocols used by the equipment overlay network 321 without affecting the architecture of the equipment overlay network.
  • the server/equipment combination 327 can be connected into a new network having the characteristics of the equipment overlay network 321 described herein when no previous equipment control system 303 exists.
  • an application 329, 331, 333 that uses one of the non-native application protocols can communicate with the equipment servers 323, 325 to access the equipment 315, 314, 317 through the equipment overlay network 321, even though the application does not understand the native application protocol used by the equipment.
  • the equipment servers 323, 325 convert the request message from the non-native application protocol format into the native protocol format and transmit the converted request to the equipment 315, 314, 317.
  • the equipment servers 323, 325 When the equipment servers 323, 325 receive the requested information from the equipment 315, 314, 317, the equipment servers 323, 325 convert the data message into the appropriate non-native application protocol format and send the converted message to the corresponding applications 329, 331, 333. When the equipment so provides, the equipment servers 323, 325 also convert control messages sent by the applications 329, 331, 333 to the equipment 315, 314, 317, allowing the applications 329, 331, 333 to control the equipment in addition to the applications 319 and the equipment controllers 307, 309.
  • the applications 329, 331, 333 execute on one or more computers in the manufacturing facility 301 that are coupled into the equipment overlay network 321. Additionally, applications executing on external computers, such as those operated by a manufacturer 355 of the equipment, a supplier 359 of consumables used by the equipment, or a services provider 363, such as a third-party software vendor, can remotely monitor and optionally, control the equipment 315, 314, 317 through the ' equipment overlay network 321.
  • the equipment overlay network 321 is coupled to a services coordinator computer 351 through a communications link 353.
  • the communications link 353 can be a point-to-point, dedicated connection or can be through a public wide-area network (WAN) such as the Internet or a VPN.
  • FIG. 3A also shows an optional firewall 335 logically coupled between the communications link 353 and the equipment overlay network 321 to protect the integrity of the facility 301 when the communications link is a public WAN.
  • the consumables supplier 359, equipment manufacturer 355, and services provider 363 connect to the services coordinator 351 through various types of communications links, such as a Tl or DSL connection to the Internet 361, a direct dial- up connection 357, or a secured network 363 such as an intranet or VPN.
  • the services coordinator 351 performs authentication on the consumables supplier 359 and equipment manufacturer 355 before passing their messages to the equipment overlay network 321. If so configured, the equipment servers 323, 325 also evaluate the messages from the consumables supplier 359 and equipment manufacturer 355 against their access control parameters, providing yet another layer of security.
  • Applications on the external computers for the consumables supplier 359, equipment manufacturer 355 and services provider 363 can issue requests and commands that are then processed by the equipment servers 323, 325 and relayed to the equipment 315, 314, 317.
  • the external computers cause applications 329, 331, 333 to act on their behalf.
  • the consumables supplier 359 can request that application 329 perform a series of operations to determine the amount of various consumables remaining on equipment 315 and return all the amounts in a single message.
  • APIs application program interfaces
  • XML XML
  • Java applets can provide the necessary external access to the applications 329, 331, 333, and are considered within the scope of the invention.
  • the consumables supplier 359 can monitor the level of consumables, the consumables supplier 359 can alert the appropriate person at the facility when supplies are low. Using the embodiment shown in FIG. 3A, the consumable can then be reordered through the services coordinator 351, which passes the order through to the consumables supplier 359. In another embodiment, an order can be automatically generated in response to the message from the consumables supplier 359 and sent to the services coordinator 351, which can check it for accuracy, etc., before passing it through. Similarly, by allowing the equipment manufacturer 355 access and control over the equipment, the equipment manufacturer 355 can run diagnostics tests and adjust the operation of the equipment for maximum efficiency.
  • the services coordinator 351 not only enables the consumables supplier 359 and equipment manufacturer 355 access to the equipment so they can provide better service to the facility, but it also acts as a distribution channel for new or updated applications for the equipment. For example, an application update is uploaded from the services provider 363 to the services coordinator 351.
  • the services coordinator 351 can check the software for viruses or other problems before downloading the application to the various facilities that subscribe to an update service for the application.
  • the consumables supplier 359, equipment manufacturer 355 and services provider 363 may be regarded as business partners of the services coordinator 351, and that the services coordinator 351 may require compensation from its business partners for providing the services described above and other related services on their behalf.
  • Various compensation methodologies can be employed by the services coordinator 351 based on the type of service provided, the frequency of the service, the number of facilities subscribing to the service, etc.
  • the equipment servers 323, 325 are physical devices external from the existing equipment 315, 314, 317 and are coupled to the equipment through the existing connection for the equipment control system 303. Because the equipment servers 323, 325 provide the functions described above, they can be used to retrofit existing equipment into the equipment overlay network 321. Additionally, the equipment server software that provides the functions is envisioned as being incorporated into new equipment as illustrated by the server/equipment combination 327 in FIG. 3A. One of skill will appreciate that the functions of the equipment server can also be performed by dedicated firmware.
  • Equipment on one controller can continue to be "natively" coupled to the controller as described above for controller 307 and equipment 311, 313, while equipment on another controller, such as controller 309, is coupled to the controller through equipment servers.
  • equipment on another controller such as controller 309
  • one piece of equipment can be retrofitted with an equipment server while another piece of equipment on the same controller can remain natively coupled to the controller.
  • Equipment server 370 is logically located between applications 390 and equipment 399, and incorporates seven functions: an application interface 371, a services module 372, a communications multiplexor 373, an authentication function 375, an access control function 377, an arbitration function 379, and an equipment interface 381.
  • the application interface 371 and the equipment interface 381 operate in concert to convert between native and non-native protocols.
  • the application interface 371 is responsible for communicating with the applications 390 and contains one or more non-native application protocol modules, which may be a standard protocol module 383 or a proprietary protocol module 385 or a combination as shown in FIG. 3B.
  • the application interface 371 can also contain a native protocol module 386 in addition to the non-native protocol modules.
  • the application interface 371 processes inbound messages from application A 391 using a standard protocol module 383 and those from application B 393 and application C 395 using a proprietary protocol module 385.
  • the protocol modules unpack the contents of the inbound message for further processing by the other functions in the equipment server 370.
  • the message will be converted into a command in the native protocol by the equipment interface 381 after the further processing is complete.
  • the protocol modules in the application interface 371 also package data returned from the equipment 399 in response to a request from an application 390 into an outbound message formatted with the appropriate non-native protocol.
  • the content of a message from application D 397 is unpacked by the native protocol module 386.
  • the equipment server 370 also processes notification messages originating from the equipment 399 (such as alarm, event, and trace notifications) using the native protocol 387 or 389.
  • the appropriate native protocol in the equipment interface 381 unpacks the contents of the outbound message for further processing by the other functions of the equipment server 370.
  • the notification message may then be passed directly to the communications multiplexor 373 for transmission to one or more applications through the application interface 371, or passed to the services module 372 for further processing.
  • the communications multiplexor 373 and the services module 372 are described further below.
  • FIG. 3B also illustrates two software components, a Java Bean 394 in application B 393 and an ActiveX control 396 in application C 395.
  • Such software components are written by the application developer or generated by a development system associated with the present invention as generalized interfaces to the equipment server.
  • the appropriate component is embedded in an application to provide the necessary communication with the equipment server, eliminating the necessity of creating a specific interface for each application.
  • the equipment server 370 provides various general functions commonly required by the applications 390, such as tracing, limits monitoring, caching, spooling, alarm and event management and equipment subsystem management, through the services module 372.
  • the services module 372 sends one or more commands to the equipment to carry out the function. If the inbound message is not requesting one of the generalized services, the message contents are passed immediately to the communications multiplexor 373.
  • the services module 372 may also provide general services needed by outbound messages, such as a name service to notify applications that the equipment has come on-line and can be used. Further functions can be incorporated into the services module 372 that provide data to the equipment when requested, such as a recipe for wafer production.
  • Requests for concurrent access to the equipment 399 are managed by the communications multiplexor 373 to permit the sharing of a single piece of equipment among multiple applications.
  • the communications multiplexor 373 ensures that all commands from the applications 390 are communicated to the equipment 399 and that all messages from the equipment 399 are addressed to the appropriate application(s) 390.
  • the equipment server 370 provides two types of security for the equipment: authentication and access control.
  • the authentication function 375 verifies the legitimacy of the inbound message using conventional authentication methodologies.
  • the access control function 377 controls access to the equipment 399 from the applications 390.
  • the access control function 377 may be parameterized so that a facility administrator can choose the appropriate level of security desired.
  • the equipment server 370 can deny access to equipment 399 by application, user, equipment resource, time, or a combination of these parameters.
  • a particular implementation of the access control function that provides for a finer granularity of security is described further below in conjunction with FIG. 5.
  • the arbitration function 379 arbitrates between requests and commands sent to the equipment 399 from the applications 390 to prevent multiple conflicting or unacceptable requests from being received simultaneously by the equipment. In addition, the arbitration function 379 arbitrates between conflicting commands by either ordering the commands appropriately, by submitting only one command to the equipment and returning an error to the applications that issued the other commands, or through the use of wait queues. A detailed description of an implementation of the arbitration function 379 is provided further below.
  • the equipment interface 381 communicates to the equipment 399. As described above, the equipment interface 381 converts inbound messages in a non-native protocol into the appropriate equipment command. As illustrated in FIG. 3B, the equipment interface 381 contains two native equipment protocol modules, native protocol 1 387 and native protocol 2 389. More than one native protocol module may be needed when different types of equipment are controlled by the equipment server 370. Alternatively, one piece of equipment may be able to communication in more than one native protocol. The appropriate native protocol module unpacks the message returned by the equipment 381 and passes the contents back to the other functions in the equipment server 370. The message is then converted as necessary by the application interface 371.
  • An alternate minimal embodiment of the equipment server 370 provides only three functions: the application interface 371, the communications multiplexor 373, and the equipment interface 381. Other embodiments combine the minimal functions and the remaining functions in various combinations.
  • the network overly architecture enables equipment to be concurrently accessed by multiple applications using native and non-native application protocols.
  • the equipment overlay network architecture further allows access to the equipment to be shared across facility, organizational and geographic boundaries. While the invention is not limited to implementation in any particular type of facility, for sake of clarity a simplified manufacturing equipment control system has been used to illustrate the operations of the equipment overlay network architecture.
  • FIGs. 4A-C represent the acts to be performed by an equipment server 323, 325 or by a server/equipment combination 327 in handling messages in both native and non- native protocols.
  • FIG. 4 A illustrates one embodiment of an interface process that handles messages from an application through the equipment overlay network.
  • FIG. 4B illustrates one embodiment of an interface process that handles messages from an application through the equipment control system.
  • FIG. 4C illustrates one embodiment of an interface process that handles messages from the equipment. Multiple instances of the methods illustrated in FIGs. 4A-C may be active to handle multiple messages, and the instances of one method or those of different methods may performed in parallel by the equipment server hardware when necessary.
  • the interface method 400 extracts the data from the message for analysis (block 403) and saves the context of message (block 404).
  • the context is used to generate a correct protocol header in the response, e.g. including a message identifier for the original message, when responding to the message.
  • An appropriate authentication algorithm is performed on the message and the message is discarded if it cannot be validated (block 405).
  • the data is a request for access to the equipment that is not permitted under the security parameters (block 406), the message is discarded.
  • an error message can be returned to the application program that sent the message that cannot be authenticated or is denied access.
  • the services module may also log the error or take some other action.
  • the method 400 determines whether the data request is subject to arbitration (block 407) because other applications are concurrently accessing the equipment. If so, an arbitration process is performed at block 409. In one embodiment, the arbitration process determines if there is contention between the message and other applications. A message that is in contention with other application is either queued for later processing, or denied access to the equipment. A message that is denied access (block 411) is discarded and an error message can optionally be returned to the sending application. As described above, the error also may be passed to the services module for additional processing. If there is no contention with other messages, or when a message is released from a queue, the message is passed to a protocol conversion process (block 413) that converts the message to the native protocol of the equipment.
  • a protocol conversion process block 413 that converts the message to the native protocol of the equipment.
  • the method 400 waits until a communications channel to the equipment becomes available (block 414) and then sends the converted message to the equipment (block 415). Because authentication, access control and arbitration are optional functions for the equipment server, alternate embodiments of the overlay network interface method 400 do not execute one or more of the processes represented by blocks 405, 406, 407, 409 and 411.
  • a similar interface method 420 is provided to receive messages through the equipment control system in the native protocol as shown in FIG. 4B.
  • the data is extracted (block 423) and saved (block 424). Any required security (authentication and access control) and/or arbitration analysis is performed at blocks 425, 426 and 427-431, respectively.
  • the arbitration process at block 429 is the same as performed at block 409 in FIG. 4A. Assuming the message is allowed access to the equipment, it is passed directly to the equipment without conversion (block 433) since it is already in the native protocol of the equipment when a communications channel is available (block 432).
  • the acts comprising a method 440 that provides an interface to the equipment is described.
  • the interface method 440 extracts the data from the message (block 443) and sends a copy of the message to the general services (block 445) for further processing as described above.
  • the method 440 converts the message from the native protocol of the equipment to the non-native protocol corresponding to the application to which the message is addressed (block 447).
  • a communications channel to the application is available (block 449)
  • the converted messaged is transmitted to the application on the equipment overlay network (block 451).
  • Equipment that does allow multiple applications front panel access to the equipment does not adequately address contention control issues that cause interference among applications. For example, if one application tells the equipment to move a robot arm forward at the same time as another application requests the equipment to move the robot arm backward, the outcome is indeterminate.
  • Software applications that require contention control include systems to log trending data to a database, send alarms on unusual conditions of a piece of equipment, and run diagnostics on the equipment.
  • the arbitration function in a Symphony System equipment server allows applications to request exclusive access to the resource, thereby eliminating the problem of applications interfering with each other. Additionally, applications may share a resource when doing so will not adversely impact usability or operation. For example, two applications might safely both request simultaneous access to an equipment temperature reading resource. Provisions are made to allow applications to wait for a resource to free up. Furthermore, an application is allowed to take control of a resource if the application has sufficient priority.
  • Resources represent a set of controls or indicators of an element that advertises its resources.
  • a resource may represent a property, command, trigger, event handler, or event generator. All resources are mutually exclusive. Applications may request a set of resources, where the request is granted only if all the resources are available. Resource contention is particularly useful where the resources are distributed across a computer network. For example, a piece of manufacturing equipment could have a set of resources such as controls and indicators that could simultaneously be accessed by the equipment operator, the floor foreman, and the front office management.
  • An application requests some type of access to a resource. Assuming appropriate privilege, the equipment server may grant the access, subject to contention control. Access may be implicitly requested when an application, such as a remote front panel application, is instantiated or the application may request access explicitly in response to some event. For example, a master "disable" button could request exclusive access to the "go" command.
  • the types of access that may be granted are (1) read, (2) write, (3) exclusive read, and (4) exclusive write.
  • the "read” and “exclusive read” access privileges are independent from the "write” and "exclusive write” privileges. Multiple applications may be granted “read” and or “write” privileges, but if an application is granted exclusive access for reading, no other applications may have either exclusive read access or read access. Similarly, if an application is granted exclusive write access, no other applications may have either exclusive write access or write access.
  • the equipment server will perform one of two actions: (1) if the requesting application has a higher priority than the current owner of the resource, the current owner will be "bumped", that is to say access privileges will be forcibly taken away from the current owner, and given to higher priority application, or (2) if the requesting application is of equal or lower priority, the requesting application will be placed on a wait queue.
  • Each resource has a wait queue associated with each of the four types of access: (1) read queue, (2) write queue, (3) exclusive read queue, and (4) exclusive write queue.
  • the read and write queues are of unlimited depth.
  • the exclusive read and exclusive write queues are one deep, that is there can be at most one application on an exclusive queue.
  • the equipment server When an application releases a resource from its exclusive use by the application, the equipment server performs one of two actions: (1) if the exclusive queue has an application of higher priority that any and all applications on the non-exclusive queue, exclusive access is granted to the application on the exclusive queue, and the application is removed from the exclusive queue, or (2) if the exclusive queue is empty or is of lower priority than any application on the non-exclusive queue, non-exclusive access is granted to all applications on the non-exclusive access and they are all removed from the nonexclusive queue.
  • An application may request multiple resource in either of the following two ways: (1) claim all available resources, or (2) claim multiple resource only if all resources are available.
  • each resource is requested independently, subject to the contention process described above.
  • option 2 if all the resources are available, access is granted to each of the resources. If any resource is not available, the application is placed on the wait queues for the unavailable resources, but access is not granted to the available resources in order to avoid potential deadlock on the resources.
  • the request is re-evaluated in the same manner as the original request.
  • the contention model and algorithms provide an effective and innovative solution allowing access to a set of resources.
  • the priority based scheme allows maximal use of the resource while still allowing a sufficiently privileged application to gain access at any time.
  • the queuing structure adds high ease-of-use, allowing applications to gain access as soon as a resource is freed, relieving the application of the need to poll periodically to determine if the resource is available.
  • the access control function in a Symphony Systems equipment server is based on a security model that segments the equipment into a hierarchy of subsystems, and provides fine-grained access control at each subsystem level. For example, a piece of equipment might be divided into subsystems as shown in FIG. 5. Each logical node in the hierarchy has its own access control, so that one application could have access to Equipment.Chamber. Temperature, but no access to Equipment.Power.Gain.
  • Each non end-node in the hierarchy represents a directory of sub nodes (subsystems).
  • Each end-node may represent a sensor that can be read, a control that may be set, a software setting that effects processing, a function to be executed on the equipment, enabling and or subscribing to an equipment alarm or equipment event.
  • the access control may or may not be cumulative in protecting access to the equipment.
  • access control may be implemented that restricts access to Equipment.Chamber and to any sub-nodes, or may be implemented where each end node contains complete information about its access.
  • the access control information for a level is stored in an access control list.
  • the access control list specifies read access, write access, administrative access, access to alarms, access to events, permission to execute functions on the equipment, or permission to modify the access control list for the node, or a combination thereof.
  • a monitoring application might have read-only access to the entire equipment, while a feedback control mechanism would have read and write access to a single equipment subsystem.
  • the security provision of the hierarchy may be used for direct access to the subsystems and end-nodes, as well as for aggregated access to the nodes through services provided by the equipment server, such as: ⁇ Limits monitoring, where a client application specifies the limits of the value of a node, and asks to be notified if the node becomes outside of the limits. The ability to monitor the limits of the node would depend on access rights to the node.
  • Access to sets of variables where a single request for a set of (possibly consistent) values of nodes is made.
  • the access request is subject to the access permitted to each reference node. If access is not permitted to every referenced node, the request could either be rejected in its entirety, or be partially fulfilled by returned results for which the client application does have access.
  • Each equipment manufacturer could create an unchangeable segmentation model for its equipment, thus aiding in supportability of the equipment.
  • the equipment manufacture or a third-party could create a segmentation model that is changeable by the end-user of the equipment to provide additional flexibility.
  • the equipment manufacturer may set access control for particular nodes to prevent modification of the access control parameters or topology, thus enabling some nodes of the equipment to be accessible only by the equipment manufacturer, while permitting configuration of the access control lists of other nodes. For example, sensitive equipment parameters might only be accessible by the equipment manufacturer.
  • An equipment overlay network architecture has been described that permits access to equipment by application written in a protocol that is not native to the equipment.
  • the equipment overlay network architecture also enables access to the equipment from entities outside the facility where the facility is physically located. Because the equipment overlay network architecture allows multiple application shared access to the equipment, it also provided security and contention resolution to ensure the integrity of the equipment.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Communication Control (AREA)

Abstract

L'invention concerne une architecture de réseau de recouvrement d'équipement définissant un réseau qui permet d'accéder à un équipement dans un endroit au moyen d'une application qui utilise un protocole non natif à l'équipement. L'architecture de réseau de recouvrement d'équipement comprend un serveur d'équipement, logiquement disposé entre l'équipement et l'application, qui convertit le protocole non natif de l'application en protocole natif de l'équipement. Le serveur d'équipement est aussi couplé à un système de commande d'équipement commandé par un hôte.
PCT/US2001/041116 2000-07-06 2001-06-22 Architecture de reseau de recouvrement d'equipement WO2002005509A2 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001279263A AU2001279263A1 (en) 2000-07-06 2001-06-22 Equipment overlay network architecture

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US61196700A 2000-07-06 2000-07-06
US09/611,967 2000-07-06

Publications (2)

Publication Number Publication Date
WO2002005509A2 true WO2002005509A2 (fr) 2002-01-17
WO2002005509A3 WO2002005509A3 (fr) 2002-09-12

Family

ID=24451133

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/041116 WO2002005509A2 (fr) 2000-07-06 2001-06-22 Architecture de reseau de recouvrement d'equipement

Country Status (2)

Country Link
AU (1) AU2001279263A1 (fr)
WO (1) WO2002005509A2 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1944692A1 (fr) * 2006-12-29 2008-07-16 Lenze Drive Systems GmbH Système d'automatisation avec des connexiones du réseau exclusives
CN112255974A (zh) * 2020-09-04 2021-01-22 南京蹑波物联网科技有限公司 一种基于物联网智能家具控制的通信协调系统及其工作方法

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5805442A (en) * 1996-05-30 1998-09-08 Control Technology Corporation Distributed interface architecture for programmable industrial control systems
JP2002512758A (ja) * 1997-05-19 2002-04-23 コアクティブ ネットワークス インコーポレイテッド ワールド・ワイド・ウェブを用いて制御ネットワークと直接入出力装置をネットワークで結ぶためのサーバ・システムと方法

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1944692A1 (fr) * 2006-12-29 2008-07-16 Lenze Drive Systems GmbH Système d'automatisation avec des connexiones du réseau exclusives
CN112255974A (zh) * 2020-09-04 2021-01-22 南京蹑波物联网科技有限公司 一种基于物联网智能家具控制的通信协调系统及其工作方法
CN112255974B (zh) * 2020-09-04 2022-01-25 南京蹑波物联网科技有限公司 一种基于物联网智能家具控制的通信协调系统及其工作方法

Also Published As

Publication number Publication date
WO2002005509A3 (fr) 2002-09-12
AU2001279263A1 (en) 2002-01-21

Similar Documents

Publication Publication Date Title
US20020007422A1 (en) Providing equipment access to supply chain members
US8108543B2 (en) Retrieving data from a server
US10038720B2 (en) Master security policy server
US7707587B2 (en) Scheduler supporting web service invocation
US7254601B2 (en) Method and apparatus for managing intelligent assets in a distributed environment
US7304982B2 (en) Method and system for message routing based on privacy policies
US7490139B2 (en) Embedded business apparatus including web server function
US7882131B2 (en) Web service providing apparatus, web service requesting apparatus, and method of the same
JPH11511874A (ja) リモート・サーバの単純で安全な管理を提供するための装置および方法
EP2359255B1 (fr) Procédé et appareil pour contrôler l'accès à des ressources dans un service d'interface utilisateur distante
WO2006116866A1 (fr) Publication, souscription, et/ou distribution de donnees formatees et/ou a controle de qualite modulable comportant une formation dynamique de reseau
EP2023579B1 (fr) Système de services Internet extensibles
US7752438B2 (en) Secure resource access
US20090327454A1 (en) Service flow processing apparatus and method
US20050049837A1 (en) Remote printer management via email
JP2002532777A (ja) オブジェクト指向リアルタイム・プロセス制御システムのためのタイムアウト・オブジェクト、およびその操作の方法
US6658491B1 (en) System and method for constructing an ole process control compliant data server from a noncompliant user application
GB2412983A (en) A system for managing the usage of a device
JP2004246747A (ja) 既存サービスのラッピング方法および装置
WO2002005509A2 (fr) Architecture de reseau de recouvrement d'equipement
US20080148279A1 (en) Web services device profile on a multi-service device: device and facility manager
KR20040101537A (ko) 기존의 시스템 관리 제품들 또는 소프트웨어 솔루션들과인터페이스하는 시스템 및 방법
US20060064468A1 (en) Web services interface and object access framework
CN102918811B (zh) 双向通信系统和用于该系统的服务器装置
McCormack et al. Seamless computing with WebSubmit

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSANT TO RULE 69(1) EPC

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP