Three Good Reasons to Install Thin Clients: Manageability, Security, and Cost-Effectiveness
Computerized systems are increasingly used in automation systems despite the continued increase of cybersecurity threats and patching requirements for the Windows operating system to protect against those threats. A large install base of computers across the plant floor used in the automation process can be costly and time consuming to effectively manage and secure.
In a complex world, sometimes less complex is better. With hardware and software advancements, the norm has become pushing out complex control to users using individual computers rather than using a terminal connected to a mainframe as was often the case when computerized controls first made their appearance in manufacturing and utility processes. However, managing and maintaining individual computers across the plant floor can become increasingly costly as the number of computers increase and the cybersecurity threats facing each one become more severe. Availability, time, mitigating risk, and cost all add up to a need to shift toward thin client architecture.
Organizations are showing a growing interest in control resources that promote a solution that minimizes IT threats and problems and allows companies to focus on business. Thin clients are devices that connect to servers to run remotely displayed operator interfaces or other software. They have few, if any, moving parts and no locally stored programs. Instead, software is stored on one or more centralized server and displayed on the thin client. On each thin client, operators access only the programs and data they need to do their jobs. Thin clients are manageable, secure, and cost effective.
An architecture of thin clients translates to a more manageable system. Replacing a thin client takes minutes rather than hours. Software does not have to be installed and configured on the new computer. The device gets plugged into the system and the process can continue uninterrupted. All of the computation takes place on servers located in controlled, safe environments.
“If thin client hardware fails out on the plant floor it is a very easy replacement,” explains Keith Mandachit, P.E., Engineering Manager at Huffman Engineering, Inc. “You replace the thin client hardware and you are back up and running literally in minutes. There’s nothing to install, nothing to do other than to replace the computer. You don’t have to take down the process, you just get back onto the network.”
Software updates are also easier, says Mandachit. Windows updates are managed at the server level and all of the terminals, or Thin Clients, do not need to be updated. Only the server software is updated, and the IT work is centralized to the server location.
“Let’s say you have 20 individual operator workstations, then you have 20 machines to maintain, keep updated, install software and patches, and all that stuff. That takes time and effort to do.” Says Steve Beck, P.E., Senior Engineer at Huffman Engineering, Inc. “With thin clients, only a few servers need to be updated and maintained instead of each operator workstation, and if you have redundant servers this can be done with zero downtime. It simplifies a lot of maintenance and upkeep tasks.”
Centralized backup of desktops and client access devices simplify administrator workload. Everything being centrally located means infrastructure can run more efficiently. Simplifying the workload allows for more time and attention to maintaining monitoring of individual processes or machines. When individual thin clients do need to be replaced, they can be easily swapped. All of the data is stored on the server, meaning nothing is lost if a thin client is destroyed or stolen.
This simplification of the system can make the operators job easier as well. The operator can concentrate troubleshooting the production machine or process, bypassing having to troubleshoot a computer. Servers are often more robust than standard computers and the process or operation failure is less likely caused by a computer glitch than a smaller, less powerful computer or controller on the plant floor.
Locking down a thin client can be much easier because it can be configured to only let the thin client display a selected application. If a user is able to get out of the application, they would only be shown a black screen instead of a desktop like a standard computer would show. With a properly configured thin client, users cannot install unauthorized or use the available USB ports. This protects companies and utilities from malware attacks and data breach, and so protects valuable intellectual properties.
“Additional features in thin clients add a level of security. Limiting operators on the floor to their HMI software for doing their job prevents them from accessing information not necessary to the task at hand. You can implement restrictions to other components through administration of thin clients,” Says Beck.
In the event of a malware attack, keeping up-to-date backups of the thin client servers, an entire facility could be restored in a matter of minutes. This would be much faster than it would take to rebuild each HMI on the floor. This is still true even if current backups of each HMI had been maintained.
Improved Productivity and Cost Savings
Thin clients typically have no moving parts and low computing demands making them cheaper than a standard computer for the same level of performance. With the lower computing demand a thin client consumes less electricity individual computers use, resulting in cost savings from lower power consumption while they reduce the carbon footprint. Because there are fewer moving parts, the life span of the thin clients is longer than the personal computer counterparts. Over time, the cost savings add up.
Lower maintenance costs provide an even bigger cost savings. With the centralized architecture, there are fewer machines to patch, maintain, and backup than there would be in a traditional computer workstation deployment. A thin client architecture also makes it much easier to work remotely without having to be in front of the computer out on the floor.
“There is software,” said Mandachit, “ThinManager™, a third-party enhancement to thin client technology, that offers enhanced capabilities. For instance, I could sit at my desk and mirror what is happening on the plant floor. If someone is saying there is an issue, I can watch to see if it is operator error or if something is really wrong.”
Thin client software like ThinManager™ can provide some perks to productivity. For example, an HMI thin client on the floor can be configured to display different software when a certain user logs in or scans a connected badge reader. For example, when a maintenance tech logs in, the thin client could show the PLC programming software already online with the process or a work order relevant to that equipment. ThinManager™ also includes the ability to use locational data to allow someone to operate from an iPad or tablet but only when they are near the physical equipment.
Looking out for Our Customers
Manageable, secure, and cost-effective thin clients enable operators and management to react quickly when the operator interface fails. Monitoring the process is easier for management and IT. Safety from outside attacks due to unauthorized computer activity is mitigated by having a centralized point of control and terminals that are just interfaces for recipe selection and reporting displays. And, because thin client architecture uses lower cost parts that use less energy and less management, the systems are cost effective for the customer.