Skip to main content Scroll Top
Research Lines / NICS Lab Industrial Testbed

NICS LAB INDUSTRIAL TESTBED​

NICS LAB INDUSTRIAL TESTBED

Description

NICS Lab is equipped with an industrial testbed which supports numerous research activities on industrial security. This infrastructure comprises various elements commonly present in industrial environments, encompassing both proprietary and Open Source. These are organized in a modular manner, enabling multiple configurations and use cases within the same infrastructure. 

This infrastructure supports the creation and deployment of different industrial scenarios which simulate multiple use cases simultaneously. These range from models with real sensors and actuators to fully virtualized environments, including hybrid configurations that combine both approaches, real and virtualized. This duality present in NICS’s infrastructure enables the implementation and deployment of Digital Twins (DT).

This industrial testing environment consists of multiple rack-type frames with devices distributed across them, including Industrial Internet of Things (IIoT) devices and cyber-physical systems. The assets which conform the testbed are listed below.

Hardware

Programmable Logic Controllers (PLCs)

A Programable Logic Controller (PLC) is an industrial device designed to automate processes by reading input signals, executing programmed logic, and controlling outputs. They are used in machinery, production lines, and industrial control systems for its robustness and reliability.
NICS Lab’s infrastructure counts with:
– Siemens SIMATIC S7-1516F, with communication module CM PTP RS422/485 HF, CM PTP RS-232 BA and CP 1543-1 Industrial Ethernet
– Siemens SIMATIC S7-400H (412-5H), with communication module CP 443-1 OPC UA and CP 443-1 Advanced
– Omron NX1P2-1140DT, with master module IO-Link NX ILM400
– Omron NX102-1220
– Schneider Modicon M580
– Schneider Modicon M251
– Siemens SIMATIC S7-1200, with communication module CP1243-8 IRC (Telecontrol), CP1242-7 V2 (GSM/GPRS), and master module IO-Link
– Siemens 230RCE, with communication module CMR 2020 (remote communication) y CMR 2040 (LTE/4G)

Remote Terminal Units (RTUs) and distributed peripheral systems

Industrial PCs (IPCs) are computers designed for use in harsh or specialized environments such as manufacturing plants, energy facilities, or transportation systems. They control machinery, perform process automation, data acquisition, and real-time monitoring. They are typically used with programmable logic controllers (PLCs), sensors, and SCADA systems.
General-purpose IPCs, in contrast, are less specialized. They provide computing power for tasks such as data logging, edge computing, or communication gateways. They are used when flexibility is needed across different applications rather than a fixed, highly customized function.
Both types are software tailored to industrial applications. Usage involves integration into automation networks, configuration of I/O interfaces, and deployment of control or monitoring software.
NICS Lab’s infrastructure incorporates:
– Siemens SIMATIC IPC847E (rack type)
– Siemens SIMATIC IPC227E, Siemens MindConnect Nano y SIMATIC IPC127E (nanobox type)
– Lenovo ThinkServer TS140
– Lenovo ThinkCentre M57

Industrial PCs/servers (IPCs) and general-purpose IPCs

Industrial PCs (IPCs) are computers designed for use in harsh or specialized environments such as manufacturing plants, energy facilities, or transportation systems. They control machinery, perform process automation, data acquisition, and real-time monitoring. They are typically used with programmable logic controllers (PLCs), sensors, and SCADA systems.
General-purpose IPCs, in contrast, are less specialized. They provide computing power for tasks such as data logging, edge computing, or communication gateways. They are used when flexibility is needed across different applications rather than a fixed, highly customized function.
Both types are software tailored to industrial applications. Usage involves integration into automation networks, configuration of I/O interfaces, and deployment of control or monitoring software.
NICS Lab’s infrastructure incorporates:
– Siemens SIMATIC IPC847E (rack type)
– Siemens SIMATIC IPC227E, Siemens MindConnect Nano y SIMATIC IPC127E (nanobox type)
– Lenovo ThinkServer TS140
– Lenovo ThinkCentre M57

Human-Machine Interfaces (HMIs)

Human-Machine Interface (HMI) are systems that connect human operators to machines, processes, or devices. They provide input methods (buttons, touchscreens, keyboards) and output displays (screens, indicators, alarms) to allow control and monitoring.
NICS Lab’s infrastructure counts with:
– Omron Sysmac NA5-15W101B, 15.4-inch
– Schneider Mangelis GTO, 12-inch
– Schneider Mangelis GTU, 12-inch
– Siemens SIMATIC HMI TP1500 Comfort Panel, 15-inch
– Siemens SIMATIC HMI TP700 Comfort Panel, 7-inch
– Siemens SIMATIC HMI KTP700 Basic, 7-inch

Communication switches, routers, and firewalls

Communication switches, routers, and firewalls are network devices that manage and secure data flow. Switches connect multiple devices within a local network, routers link different networks and direct traffic, and firewalls filter data to block unauthorized access. In industrial environments they ensure reliable communication between machines, systems, and control centers while protecting critical infrastructure from cyber threats.
NICS Lab’s infrastructure includes:
– Managed industrial switch Siemens SCALANCE XR524-8C
– Managed industrial switch Siemens SCALANCE XM408-8C
– Managed industrial switch Siemens SCALANCE XC20
– Unmanaged industrial switches Siemens SCALANCE XC108
– Industrial routers Siemens SCALANCE S615
– Industrial security Siemens SCALANCE SC636-2C
– Switch 3G Siemens SCALANCE M874-3
– Test access port for telegram extraction Siemens SCALANCE TAP104
– Coupler Siemens SIMATIC PN/PN for deterministic data exchange between devices SIMATIC ET200
– General propose managed switch TP-Link TL-SG1024DE

Communication gateways between different protocols

Communication gateways between different protocols are devices or software systems that translate, route, and manage data traffic between networks or devices using incompatible communication protocols. They ensure interoperability by converting messages, addressing schemes, and timing formats, enabling seamless data exchange across heterogeneous systems.
NICS Lab’s infrastructure incorporates:
– Siemens SIMATIC PN/CAN Link, from PROFINET to CAN/CANOPEN network
– Siemens SIMATIC PN/BACnet Link, from PROFINET to BACnet/IP network
– Siemens SIMATIC IE/PB LINK PN IO, from industrial Ethernet to PROFIBUS
– Anybus X-gateway, from EtherNet/IP Adapter to PROFINET-IO Device
– Anybus X-gateway, from EtherCAT Slave to PROFINET-IO Device
– Anybus X-gateway, from Modbus TCP to PROFINET-IO Device Slave
– Anybus X-gateway, from Modbus TCP to PROFINET-IO Device Master
– IBH Link UA (OPC UA)

IoT gateways

IoT gateways are specialized communication gateways that connect IoT devices to larger networks or the cloud. They aggregate, preprocess, and translate data from various IoT protocols (e.g., MQTT, CoAP, Modbus) into standard formats for analytics, storage, or control systems. They also provide security, device management, and sometimes edge computing capabilities.
NICS Lab’s infrastructure counts with:
– Siemens SIMATIC IOT2050
– Siemens SIMATIC Cloud Connect 7 (CC 712 IoT)
– Siemens SIMATIC IOT2040

Wireless access points and communication

Wireless access points enable devices to connect to a network without cables, while wireless communication transmits data over radio signals. In industrial environments, they provide flexible connectivity for mobile equipment, remote sensors, and monitoring systems, reducing wiring complexity and supporting real-time data exchange across the facility.
NICS Lab’s infrastructure counts with:
– Access points Siemens SCALANCE W774-1 and wireless clients Siemens SCALANCE W734-1
– Access points Nivis VersaRouter 910, wirelwaa sensor Nivis VersaSensor 220 and wireless Nivis VersaLoop 10 (WirelessHART)
– Access point Nivis VersaRouter 900 and wireless sensor Nivis VersaSensor 210 (ISA 100.11a)
– Wireless getaway Zolertia Firefly y wireless sensor Telos B (IEEE 802.15.4)

General-purpose development boards

General-purpose development boards are hardware platforms used to prototype and develop
electronic or software projects. In industrial settings, they allow engineers to test automation systems, sensors, or IoT applications quickly, providing flexibility for custom solutions, rapiditeration, and integration with other industrial devices.
NICS Lab’s infrastructure includes:
– Intel Galileo Gen1
– Raspberry Pi 3 B+, with communication module netHAT and touch scream 7-inch
– Arduino UNO and Arduino MEGA 2560

Field Devices

Field devices are instruments or equipment installed in industrial or operational environments to monitor, measure, or control physical processes.
NICS Lab’s infrastructure counts with:
– Industrial control kits composed of low-voltage SIRIUS components with IO-Link
– Modular Siemens SINAMIC G120 frequency converter systems
– Siemens SIMATIC RF600 (RF615R) RFID readers in the UHF band
– Siemens SIMATIC RF200 (RF210R) RFID readers for IO-Link
– Siemens SIMATIC RFID RF200 (RF240R) RFID readers
– Siemens SIMATIC MV540HR optical reader
– Temperature sensor with IO-Link connectivity
– Generic electronic control panel

Training Mock-ups

Training mock-ups are physical or digital models used for instructional purposes. They replicate real systems, devices, or interfaces, allowing users to practice operations, troubleshooting, or procedures safely without affecting actual equipment.
NICS Lab’s infrastructure incorporates:
– Fischertechnik Robot 3D – 24V
– Fischertechnik Indexed Line – 24V
– Fischertechnik Training FactoryIndustry 4.0 – 24V

 

Software

Supervisory Control And Data Acquisition (SCADA) system

SCADA systems are software and / or hardware platforms used to monitor, control, and analyze industrial processes. They collect real-time data from sensors and devices, provide visualization and alerts, and enable centralized control, improving efficiency, safety, and decision-making in industrial environments.
NICS Lab’s infrastructure includes:
– Siemens WinCC Runtime Professional

Software to support Digital Twins

A Digital Twin (DT) is a virtual replica of a physical system, process, or asset. It simulates real-time behavior using data from sensors and IoT devices, allowing monitoring, analysis, and optimization. In industrial environments, DTs help to predict failures, improve efficiency, and support decision-making without interfering with the actual operations.
NICS Lab’s infrastructure incorporates:
– Siemens S7-PLCSIM Advanced
– Siemens SIMATIC ODK
– Siemens NX MCD
– Siemens SIMIT Simulation
– Factory I/O Ultimate Edition
– PLC-Lab Pro
– Realvirtual.io Proffesional, with Realvirtual.io Simulation

Software for management, configuration and programming industrials mechanics

This type of software enables centralized control, monitoring, and optimization of mechanical systems. It allows engineers to configure devices, program automated tasks, and analyze performance data efficiently. Such software acts as the interface between hardware components and operational workflows, ensuring seamless integration and precise control, and provides a foundation to present the specific components offered by a given provider.
NICS Lab’s infrastructure counts with assets from several manufactures:
Omron:
– SYSMAC-SE201L
Schneider:
– SOMACHINE
– Control Expert 14.0 XL
Siemens:
– TIA Portal Multiuser Engineering
– STEP 7 Professional
– SINAMICS Startdrive
– WinCC Professional/Advanced
– SINAUT S7 Telecontrol Server
– SINEC NMS
– SIMATIC RFID
– SIMATIC Ident
– SIMATIC Energy Manager PRO

 

HARDWARE

Programmable Logic Controllers (PLCs)

A Programable Logic Controller (PLC) is an industrial device designed to automate processes by reading input signals, executing programmed logic, and controlling outputs. They are used in machinery, production lines, and industrial control systems for its robustness and reliability.
NICS Lab’s infrastructure counts with:
- Siemens SIMATIC S7-1516F, with communication module CM PTP RS422/485 HF, CM PTP RS-232 BA and CP 1543-1 Industrial Ethernet
- Siemens SIMATIC S7-400H (412-5H), with communication module CP 443-1 OPC UA and CP 443-1 Advanced
- Omron NX1P2-1140DT, with master module IO-Link NX ILM400
- Omron NX102-1220
- Schneider Modicon M580
- Schneider Modicon M251
- Siemens SIMATIC S7-1200, with communication module CP1243-8 IRC (Telecontrol), CP1242-7 V2 (GSM/GPRS), and master module IO-Link
- Siemens 230RCE, with communication module CMR 2020 (remote communication) y CMR 2040 (LTE/4G)

Remote Terminal Units (RTUs) and distributed peripheral systems

Industrial PCs (IPCs) are computers designed for use in harsh or specialized environments such as manufacturing plants, energy facilities, or transportation systems. They control machinery, perform process automation, data acquisition, and real-time monitoring. They are typically used with programmable logic controllers (PLCs), sensors, and SCADA systems.
General-purpose IPCs, in contrast, are less specialized. They provide computing power for tasks such as data logging, edge computing, or communication gateways. They are used when flexibility is needed across different applications rather than a fixed, highly customized function. Both types are software tailored to industrial applications. Usage involves integration into automation networks, configuration of I/O interfaces, and deployment of control or monitoring software.
NICS Lab’s infrastructure incorporates:
- Siemens SIMATIC IPC847E (rack type)
- Siemens SIMATIC IPC227E, Siemens MindConnect Nano y SIMATIC IPC127E (nanobox type)
- Lenovo ThinkServer TS140
- Lenovo ThinkCentre M57

Industrial PCs/servers (IPCs) and general-purpose IPCs

Industrial PCs (IPCs) are computers designed for use in harsh or specialized environments such as manufacturing plants, energy facilities, or transportation systems. They control machinery, perform process automation, data acquisition, and real-time monitoring. They are typically used with programmable logic controllers (PLCs), sensors, and SCADA systems.
General-purpose IPCs, in contrast, are less specialized. They provide computing power for tasks such as data logging, edge computing, or communication gateways. They are used when flexibility is needed across different applications rather than a fixed, highly customized function.
Both types are software tailored to industrial applications. Usage involves integration into automation networks, configuration of I/O interfaces, and deployment of control or monitoring software.
NICS Lab’s infrastructure incorporates:
- Siemens SIMATIC IPC847E (rack type)
- Siemens SIMATIC IPC227E, Siemens MindConnect Nano y SIMATIC IPC127E (nanobox type)
- Lenovo ThinkServer TS140
- Lenovo ThinkCentre M57

Human-Machine Interfaces (HMIs)

Human-Machine Interface (HMI) are systems that connect human operators to machines, processes, or devices. They provide input methods (buttons, touchscreens, keyboards) and output displays (screens, indicators, alarms) to allow control and monitoring.
NICS Lab’s infrastructure counts with:
- Omron Sysmac NA5-15W101B, 15.4-inch
- Schneider Mangelis GTO, 12-inch
- Schneider Mangelis GTU, 12-inch
- Siemens SIMATIC HMI TP1500 Comfort Panel, 15-inch
- Siemens SIMATIC HMI TP700 Comfort Panel, 7-inch
- Siemens SIMATIC HMI KTP700 Basic, 7-inch

Communication switches, routers, and firewalls

Communication switches, routers, and firewalls are network devices that manage and secure data flow. Switches connect multiple devices within a local network, routers link different networks and direct traffic, and firewalls filter data to block unauthorized access. In industrial environments they ensure reliable communication between machines, systems, and control centers while protecting critical infrastructure from cyber threats.
NICS Lab’s infrastructure includes:
- Managed industrial switch Siemens SCALANCE XR524-8C
- Managed industrial switch Siemens SCALANCE XM408-8C
- Managed industrial switch Siemens SCALANCE XC20
- Unmanaged industrial switches Siemens SCALANCE XC108
- Industrial routers Siemens SCALANCE S615
- Industrial security Siemens SCALANCE SC636-2C
- Switch 3G Siemens SCALANCE M874-3
- Test access port for telegram extraction Siemens SCALANCE TAP104
- Coupler Siemens SIMATIC PN/PN for deterministic data exchange between devices SIMATIC ET200
- General propose managed switch TP-Link TL-SG1024DE

Communication gateways between different protocols

Communication gateways between different protocols are devices or software systems that translate, route, and manage data traffic between networks or devices using incompatible communication protocols. They ensure interoperability by converting messages, addressing schemes, and timing formats, enabling seamless data exchange across heterogeneous systems.
NICS Lab’s infrastructure incorporates:
- Siemens SIMATIC PN/CAN Link, from PROFINET to CAN/CANOPEN network
- Siemens SIMATIC PN/BACnet Link, from PROFINET to BACnet/IP network
- Siemens SIMATIC IE/PB LINK PN IO, from industrial Ethernet to PROFIBUS
- Anybus X-gateway, from EtherNet/IP Adapter to PROFINET-IO Device
- Anybus X-gateway, from EtherCAT Slave to PROFINET-IO Device
- Anybus X-gateway, from Modbus TCP to PROFINET-IO Device Slave
- Anybus X-gateway, from Modbus TCP to PROFINET-IO Device Master
- IBH Link UA (OPC UA)

IoT gateways

IoT gateways are specialized communication gateways that connect IoT devices to larger networks or the cloud. They aggregate, preprocess, and translate data from various IoT protocols (e.g., MQTT, CoAP, Modbus) into standard formats for analytics, storage, or control systems. They also provide security, device management, and sometimes edge computing capabilities.
NICS Lab’s infrastructure counts with:
- Siemens SIMATIC IOT2050
- Siemens SIMATIC Cloud Connect 7 (CC 712 IoT)
- Siemens SIMATIC IOT2040

Wireless access points and communication

Wireless access points enable devices to connect to a network without cables, while wireless communication transmits data over radio signals. In industrial environments, they provide flexible connectivity for mobile equipment, remote sensors, and monitoring systems, reducing wiring complexity and supporting real-time data exchange across the facility.
NICS Lab’s infrastructure counts with:
- Access points Siemens SCALANCE W774-1 and wireless clients Siemens SCALANCE W734-1
- Access points Nivis VersaRouter 910, wirelwaa sensor Nivis VersaSensor 220 and wireless Nivis VersaLoop 10 (WirelessHART)
- Access point Nivis VersaRouter 900 and wireless sensor Nivis VersaSensor 210 (ISA 100.11a)
- Wireless getaway Zolertia Firefly y wireless sensor Telos B (IEEE 802.15.4)

General-purpose development boards

General-purpose development boards are hardware platforms used to prototype and develop electronic or software projects. In industrial settings, they allow engineers to test automation systems, sensors, or IoT applications quickly, providing flexibility for custom solutions, rapiditeration, and integration with other industrial devices.
NICS Lab’s infrastructure includes:
- Intel Galileo Gen1
- Raspberry Pi 3 B+, with communication module netHAT and touch scream 7-inch
- Arduino UNO and Arduino MEGA 2560

Field Devices

Field devices are instruments or equipment installed in industrial or operational environments to monitor, measure, or control physical processes.
NICS Lab’s infrastructure counts with: - Industrial control kits composed of low-voltage SIRIUS components with IO-Link
- Modular Siemens SINAMIC G120 frequency converter systems
- Siemens SIMATIC RF600 (RF615R) RFID readers in the UHF band
- Siemens SIMATIC RF200 (RF210R) RFID readers for IO-Link
- Siemens SIMATIC RFID RF200 (RF240R) RFID readers
- Siemens SIMATIC MV540HR optical reader
- Temperature sensor with IO-Link connectivity
- Generic electronic control panel

Training Mock-ups

Training mock-ups are physical or digital models used for instructional purposes. They replicate real systems, devices, or interfaces, allowing users to practice operations, troubleshooting, or procedures safely without affecting actual equipment.
NICS Lab’s infrastructure incorporates:
- Fischertechnik Robot 3D - 24V
- Fischertechnik Indexed Line – 24V
- Fischertechnik Training FactoryIndustry 4.0 – 24V

SOFTWARE

Supervisory Control And Data Acquisition (SCADA) system

SCADA systems are software and / or hardware platforms used to monitor, control, and analyze industrial processes. They collect real-time data from sensors and devices, provide visualization and alerts, and enable centralized control, improving efficiency, safety, and decision-making in industrial environments.
NICS Lab’s infrastructure includes:
- Siemens WinCC Runtime Professional

Software to support Digital Twins

A Digital Twin (DT) is a virtual replica of a physical system, process, or asset. It simulates real-time behavior using data from sensors and IoT devices, allowing monitoring, analysis, and optimization. In industrial environments, DTs help to predict failures, improve efficiency, and support decision-making without interfering with the actual operations.
NICS Lab’s infrastructure incorporates:
- Siemens S7-PLCSIM Advanced
- Siemens SIMATIC ODK
- Siemens NX MCD
- Siemens SIMIT Simulation
- Factory I/O Ultimate Edition
- PLC-Lab Pro Edu
- Realvirtual.io Proffesional, with Realvirtual.io Simulation

Software for management, configuration and programming industrials mechanics

This type of software enables centralized control, monitoring, and optimization of mechanical systems. It allows engineers to configure devices, program automated tasks, and analyze performance data efficiently. Such software acts as the interface between hardware components and operational workflows, ensuring seamless integration and precise control, and provides a foundation to present the specific components offered by a given provider.
NICS Lab’s infrastructure counts with assets from several manufactures:
Omron:
- SYSMAC-SE201L
Schneider:
- SOMACHINE
- Control Expert 14.0 XL
Siemens:
- TIA Portal Multiuser Engineering
- STEP 7 Professional
- SINAMICS Startdrive
- WinCC Professional/Advanced
- SINAUT S7 Telecontrol Server
- SINEC NMS
- SIMATIC RFID
- SIMATIC Ident
- SIMATIC Energy Manager PRO

use case

Energy Generation

Description

The developed use case aims to replicate an industrial system in an energy generation scenario. This system enables the intelligent, sustainable, and efficient generation of renewable energy. To achieve this objective, the environment manages the electrical energy produced by renewable sources such as wind, solar, and hydraulic power, while also controlling the injection of energy into the high-voltage power grid for subsequent transmission and distribution.

The infrastructure of this use case consists of elements commonly required for the generation of electrical energy from renewable sources:

  • Wind turbines, for electricity generation from wind.
  • Solar panels, for electricity generation from solar radiation.
  • Hydraulic turbines, combined with two tanks at different elevations, for electricity generation from the water head between the tanks.

Additionally, this use case integrates several transmission control centers, inverters, and other electronic components that enable the generation and transfer of electrical energy to the grid. These include level sensors, electronic valves, water pumps, relays, and current sensors.

To ensure proper system operation, this use case also incorporates climate control systems, along with temperature and humidity sensors distributed throughout the system. These sensors monitor the operating conditions of the existing machinery.

Architecture

The architecture of I4Testbed that implements the electricity generation system is shown on the next scheme:

UC_energy_generation
Assets

SCADA | Software

SCADA system based on own development carried out in Python and running on a Linux operating system. This SCADA is responsible of monitoring the overall status of the entire industrial environment, as well as enabling autonomous operation thanks to weather forecast information received from sources outside the industrial environment (corporate server located in the IT department). In addition, it also allows operators to control the industrial environment manually if necessary.

To make this possible, the SCADA system connects to the three PLCs in the industrial environment (using ModbusTCP and EtherNet/IP protocols) and to the corporate server in the IT department (using the OPC UA protocol).

PLC | Raspberry Pi

PLC based on a Raspberry Pi 3 Model B development board and Python own developed software. This PLC is responsible for controlling both the connection/disconnection of the different generation plants (solar, wind and hydraulic) and the discharge of the electricity generated by them into the electricity grid, once it has been transformed to high voltage in transformer stations. It is also responsible for monitoring the environmental conditions in which both the generation plants and the transformer stations operate, and for issuing warnings if certain thresholds are exceeded or even shutting down the entire industrial environment if necessary.

To carry out this task, this PLC communicates remotely with various devices in the industrial environment via the ModbusTCP protocol. It also has an electronic control panel connected locally via the GPIO on the development board on which it is based. 

Reference Raspberry Pi 3 Model B: https://www.raspberrypi.com/products/raspberry-pi-3-model-b/

HMI | Raspberry Pi + Touch Display

HMI based on a Raspberry Pi 3 Model B development board together with an official 7″ Touch Display and own developed software in Python. The function of this HMI is to receive the information processed by the PLC to which it is connected and display the operating status (connection/ disconnection, temperature and humidity) of the various generation plants and transformer stations in the system. To do this, it uses ModbusTCP as its communication protocol.

Reference Raspberry Pi 3 Model B: https://www.raspberrypi.com/products/raspberry-pi-3-model-b/

Reference Touch Display: https://www.raspberrypi.org/products/raspberry-pi-touch-display/

HMI | SIMATIC KTP700

Commercial HMI from Siemens, model SIMATIC KTP700 Basic. Within the use case, this HMI is used to display the operating status of the pumped storage hydroelectric power station in greater detail. It also allows interaction with the PLC that controls the hydroelectric power plant, in order to modify its operating mode (automatic, manual or emergency stop). It uses the Siemens S7 protocol to communicate with the PLC.

Reference SIMATIC KTP700: https://sieportal.siemens.com/es-ww/products-services/detail/6AV2123-2GB03-0AX0?tree=CatalogTree

PLC | SIMATIC S7-1200 + SM 1278 IO-Link

Commercial Siemens PLC, consisting of a SIMATIC S7-1200 in its specific variant with CPU 1212C, AC/DC/Relays and 8DI/6DO/2AI, and a Signal Module 1278 IO-Link connected. This PLC is responsible for controlling the operation of the entire reversible hydroelectric power station. To accomplish this, the PLC receives information from the various level sensors deployed in the water tanks and triggers the activation/deactivation of the various pumps and water valves in the system based on the amount of energy that must be generated or can be consumed at any given time, which it receives from the SCADA. It is also responsible for monitoring the environmental conditions in which the pumped storage hydroelectric power station is operating and maintaining them within a suitable range so that the power station can continue to operate normally.

To carry out its task, this PLC has several sensors/actuators connected directly (one of then using IO-Link protocol), and several others connected remotely via ModbusTCP and PROFINET protocols. It also communicates with the HMI via Siemens’ S7 protocol and with the SCADA via the ModbusTCP protocol.

Reference SIMATIC S7-1200: https://sieportal.siemens.com/es-ww/products-services/detail/6ES7212-1BE40-0XB0?tree=CatalogTree#overview

Reference SM 1278 IO-Link: https://sieportal.siemens.com/es-ww/products-services/detail/6ES7278-4BD32-0XB0?tree=CatalogTree

OPC UA Gateway | IBH Link UA

IBH brand commercial communication gateway, Link UA model. This gateway is used to transmit information about the operating status of the pumped operated in the hydroelectric power plant from the PLC responsible for controlling it to the corporate server located in the IT department.

The gateway receives information from the PLC via the S7 protocol and sends it to the corporate server via the OPC UA protocol.

Reference IBH Link UA: https://www.ibhsoftec.com/IBH-Link-UA-Eng

PLC | Software

PLC based on an own software developed in Python and running on a Linux operating system. This PLC monitors the environmental conditions in which the various transformers are operating and maintains them within an appropriate range so that the power station can continue to function normally.

This PLC communicates using ModbusTCP with the IoT gateway and the Distributed I/O System and with the SCADA system using Ethernet/IP.

Distributed I/O System | Intel Galileo

Distributed I/O systems based on Intel Galileo Gen1 development boards (for the hardware) and own Python development (for the software). These Distributed I/O systems act as intermediaries between the PLC and remote field devices (sensors and actuators) that do not have their own communication capabilities. Specifically, in this use case, these elements allow the readings from the various current sensors deployed throughout the system to be obtained and the status of the various electronic switches related to the generation and discharge of electricity to the grid to be modified. They leverage the ModbusTCP protocol to communicate with the PLC.

Reference Intel Galileo: https://www.nics.uma.es/wp-content/developments/industrial_testbed/Intel_Galileo_Datasheet.pdf

WHART AP | Nivis Versa Router 910

Access point for communication using the WirelessHART wireless protocol based on the Versa Router 910 device from the manufacturer Nivis. It is used as a communication gateway between the different WirelessHART wireless sensors in the system (which would be deployed in the different transformer stations) and the corresponding PLC that is responsible for handling this information. The protocol used for communication with the PLC is ModbusTCP.

Reference Nivis Versa Router 910: https://nics.uma.es/wp-content/developments/industrial_testbed/Nivis_VR910_Datasheet.pdf

ISA AP | Nivis Versa Router 900

Access point for communication using the ISA 100.11A wireless protocol based on the Versa Router 900 device from the manufacturer Nivis. It is used as a gateway between the various ISA 100.11A wireless sensors in the system (which would be deployed in wind and solar power generation plants) and the corresponding PLC that manages this information. The protocol used for communication with the PLC is ModbusTCP.

Reference Nivis Versa Router 900: https://nics.uma.es/wp-content/developments/industrial_testbed/Nivis_VR900_Datasheet.pdf

Distributed I/O System | RevPi Core + RevPi DIO

Distributed I/O system based on the commercial product called Revolution Pi from the company KUNBUS. It is composed of the base component called RevPi Core 3 with the expansion module called RevPi DIO. This Distributed I/O system acts as an intermediary between the remote sensors and actuators (without their own communication capacity) located in the upper water tank and the PLC located next to the lower tank. It communicates with the PLC through ModbusTCP protocol.

Reference Revolution Pi Core 3: https://revolutionpi.com/en/products/revpi-core

https://revolutionpi.com/fileadmin/downloads/legacy/Datasheet_RevPi_Core_RevPi_Core3.pdf 

Reference Revolution Pi DIO: https://revolutionpi.com/fileadmin/downloads/datasheets/Datasheet_RevPi_DIO.pdf

Distributed I/O System | Raspberry Pi + netHAT + Relay Hat

Distributed I/O system based on a Raspberry Pi 3 Model B development board and proprietary software developed with Python. The hardware has been completed with a netHAT expansion board from Hilscher to enable certain communications and a Relay Hat expansion board from Waveshare used to activate the actual actuators. This distributed I/O system acts as an intermediary between the air conditioning system located in the hydroelectric power plant’s water pumping room (actual mini-fan in our deployment) and the PLC responsible for controlling the environmental conditions. It uses the PROFINET protocol to communicate with the PLC.

Reference Raspberry Pi 3 Model B: https://www.raspberrypi.com/products/raspberry-pi-3-model-b/

Reference netHAT: https://www.nics.uma.es/wp-content/developments/industrial_testbed/netHAT_User_Manual.pdf

Reference Relay Hat: https://www.waveshare.com/RPi-Relay-Board.htm

Distributed I/O System | Arduino + Ethernet Shield + Relay Shield

Distributed I/O system based on an Arduino UNO R3 development board and own software development in Arduino code/sketch. The hardware has been completed with an Arduino Ethernet Shield 2 expansion board used in communications and an Arduino 4 Relays Shield expansion board for activating the actual actuators. This Distributed I/O system acts as an intermediary between the air conditioning systems located in the various transformer stations (actual mini-fans in our deployment) and the PLC responsible for controlling their environmental conditions. It uses the ModbusTCP protocol to communicate with the PLC.

Reference Arduino uno r3: https://docs.arduino.cc/hardware/uno-rev3/

Reference Ethernet Shield: https://store.arduino.cc/products/arduino-ethernet-shield-2

Reference Relay Shield: https://store.arduino.cc/products/arduino-4-relays-shield

IOT Gateway | SIMATIC IOT2040 + Zolertia Firefly

Commercial IoT gateway from Siemens, model SIMATIC IoT2040, with a Zolertia Firefly development board and own development software based on Node-RED have been added. This IoT gateway is used for communication between the various IEEE 802.15.4 wireless sensors in the system (which would be deployed in the different transformer stations) and the corresponding PLC that is responsible for handling this information. The protocol used for communication with the PLC is ModbusTCP.

Reference SIMATIC IOT2040: https://sieportal.siemens.com/es-es/products-services/detail/6ES7647-0AA00-1YA2?tree=CatalogTree

Reference Zolertia Firefly: https://www.nics.uma.es/wp-content/developments/industrial_testbed/Zolertia_Firefly_Datasheet.pdf

Wireless Sensor | Nivis Versa Sensor 220

Commercial wireless sensors from the Nivis brand, model Versa Sensor 220, with support for information transmission via the WirelessHART protocol. These sensors would be deployed in the various transformer stations, where they would be responsible for measuring the atmospheric conditions (temperature and humidity) and communicating this information to the corresponding access point via the WirelessHART protocol.

Reference Versa Sensor (Node) 220: https://nics.uma.es/wp-content/developments/industrial_testbed/Nivis_VS220_Datasheet.pdf

Wireless Sensor | Nivis Versa Sensor 210

Commercial wireless sensors from the Nivis brand, model Versa Sensor 210, with support for information transmission via the ISA 100.11A protocol. These actual sensors would be deployed in both the wind power plant and the solar power plant and are responsible for measuring the atmospheric conditions (temperature and humidity) in those plants and communicating that information to the corresponding access point via the ISA 100.11A protocol.

Reference Versa Sensor (Node) 210: https://nics.uma.es/wp-content/developments/industrial_testbed/Nivis_VN210_Datasheet.pdf 

Temperature Transmitter | TA2115

Commercial temperature transmitter from IFM, model TA2115, used to measure the ambient temperature and located in the water pumping room of the hydroelectric power station. It uses the IO-Link protocol to connect to the PLC and transmit data.

Reference Temperature sensor TA2115: https://www.ifm.com/es/es/product/TA2115

Wireless sensor | Telos B

Wireless sensors based on Crossbow’s TelosB development platform and own developed software in nesC. These real sensors transmit information to the IoT gateway via the IEEE 802.15.4 protocol and would be deployed (with others sensors based on the Tmote Sky platform) in the various transformer stations, where they are responsible for measuring the atmospheric conditions (temperature and humidity) there.    

Reference Telos B: https://www.nics.uma.es/wp-content/developments/industrial_testbed/TelosB_Datasheet.pdf

Wireless sensor | Tmote Sky

Wireless sensors based on MoteIV’s Tmote Sky development platform and own developed software in nesC. These real sensors transmit information to the IoT gateway via the IEEE 802.15.4 protocol and would be deployed (with others sensors based on the TelosB platform) in the various transformer stations, where they are responsible for measuring the atmospheric conditions (temperature and humidity) there.

Reference Tmote Sky: https://www.nics.uma.es/wp-content/developments/industrial_testbed/Tmote_Sky_Datasheet.pdf

I/O Device | Electronic Control Panel

Own development of an Electronic Control Panel, it consist of three lights of different colours (green, yellow and red), a Relay Hat expansion board from the manufacturer Waveshare (for activating these lights) and an emergency button that allows the industrial environment to be shut down in case of need. This Electronic Control Panel is connected directly to the PLC.

Reference Relay Hat: https://www.waveshare.com/RPi-Relay-Board.htm

Simulation Gateway | Arduino

Simulation gateway based on the Arduino Mega 2560 development board together with various own developed PCBs and multiple signal relays for the hardware part. And self-developed software based on Python and Arduino code/sketch. The function of this gateway is to enable interaction between the various distributed I/O systems and physical PLCs that use virtual sensors/actuators and the simulation environment itself, in which these sensors/actuators (as well as the rest of the industrial environment) are virtualized.

This simulation gateway has a direct connection to the various distributed I/O systems and physical PLCs, and communicates with the simulation environment via a serial communication channel.

Reference Arduino Mega 2560: https://store.arduino.cc/products/arduino-mega-2560-rev3

Simulation Environment | Virtual Wind turbines, Solar panels, Hydraulic turbines

Simulation environment based on own development carried out in Python and running on a Linux operating system. This simulation environment is responsible of simulating the operation of the entire virtualized part of the industrial environment that forms part of this use case. More specifically, it is responsible of simulating the real-time operation of the various power generation plants (wind, solar, and hydroelectric), based on the operating status received from the various virtual actuators, and for generating the status to be returned for the various virtual sensors.

It should be noted that all the virtual sensors and actuators that form part of the use case are connected directly and electrically (via the simulation gateway) between the simulation environment and the corresponding distributed I/O system or PLC that controls it. These are not simple high-level simulations (at the software level) carried out and executed within the distributed I/O systems or PLCs that manage them.