Proactive remote services from Innominate

Huge MAN diesel engines drive container and freight ships or cruise liners. Often, several of these engines are in use simultaneously. With extensive electronics and software, they are becoming increasingly flexible and powerful - but when it comes to operation and maintenance, they are also more complex. In order to achieve maximum availability and power as well as reducing operating costs, the ship operators are happy to access MAN expertise online. If a malfunction occurs, a capable and, above all, fast source of help via remote access is particularly sought after, as the ships are often a long way from harbors and may be difficult to reach.

Regarding the advantages of online support, Martin Diessner, Head of Software Development in the system automation field at MAN Diesel & Turbo, says: "By using remote access, we can detect a symptom of damage quickly through the operating data and can provide help directly online or make sure the right specialist with suitable replacement parts is on the way. Previously, without the diagnostics via remote access, the correct replacement part was often not available on site. The consequence of this was high costs and dissatisfied customers."

MAN Diesel & Turbo has worked with remote access to systems for around 15 years and currently uses remote maintenance in around 300 installations with several hundreds of engines and system parts. In the system lifecycle, support is also required at the beginning during start-up. The service technicians on site can make the most of expert knowledge from the test laboratory or engineering team. As the experts' time and knowledge is valuable and their available time is strictly measured, using them for on-site start-up is sometimes simply too expensive. When it comes to developing new technologies, at least 6000 operating hours in the field must be achieved. Operating data is collected at the MAN control centre via automated remote data transmission. It is then analysed and help is provided where necessary.

Even when it comes to troubleshooting, remote access has become an essential service channel. This starts with easy maintenance tasks, for example if the operating team is unsure whether an incorrect setting has led to error messages or if a component has to be changed. Here, the remote retrieval of data provides reliable analysis quickly. Beforehand, if there was a serious malfunction, the Head Engineer could only be contacted by telephone. Online access is at times key for more complex engines with more engine operating values or software parameters.

High levels of acceptance for the online service

Martin Diessner reports. "As the online service helps to increase the availability of the engines and to reduce downtimes, acceptance levels are very high. In the course of this, it is above all the large customer enterprises that question whether all necessary operational safety and security standards are adhered to. For this reason, MAN Diesel & Turbo uses the MGUARD solution from Innominate, a Phoenix Contact Group company. After a lengthy selection process, MGUARD was chosen as the most suitable remote connectivity solution for industrial demands, because it was able to fulfill all security and operating requirements.

"Other solutions were discounted, above all those from the office world, because they did not fulfill significant industrial requirements. Various points were essential: a 24V power supply, the option to install in the control cabinet, resistance to temperatures, and the ability to withstand harsh environments."

In the case of the security check, the integrated VPN and firewall functionality was the most important criterion. Simple operability and configurability are vital for use worldwide, as often there is no IT technician on site. Summarising the reasons for the decision, Martin Diessner comments: "The high standard of security, robustness, and suitability for industrial applications were decisive factors. Finally, knowing that a global player such as Phoenix Contact has the long-term ability to deliver was important."

He confirms that the technology has really proven itself out in the harsh sea environment, saying: "We haven't yet had a single breakdown." He also praises Innominate's service: "We were able to check test systems extensively and received information promptly regarding changes and innovations. The training sessions are highly professional and our contacts react very quickly in the event of queries. The collaboration has ticked all of the boxes."

High standard of security

Ship operators with an IT control centre and their own ship network are particularly critical, according to MAN's experience, if unknown VPN routers with firewall are to be integrated into the network. The MGUARDs with IPsec use a recognised standard, which increases levels of trust, according to Martin Diessner. Finally, two further features are always impressive. With the integrated firewall, the MAN system is sealed off from the electrical system and an Internet connection is only established if the VPN switch on board (remote access OFF/ON) is manually set to Connect (see text box "Secure IP/VPN connections as standard").

Even if the MGUARDs do not fail, connection problems can still occur, perhaps because the ship operator has changed provider or has altered other settings. For this reason, MAN determines a set of rules for each system. If an individually defined "Period of disconnection" is exceeded, the service receives a warning message and becomes active. Martin Dießner reports: "Thanks to the improved technology, we are in a position to proactively improve our online service on an ongoing basis. More and more customers now not only expect us to quickly eliminate malfunctions, but also expect us to prevent these by taking early action."

Customers can choose a suitable option from a range of services - from troubleshooting on demand, right through to condition-based maintenance. If failures can be prevented in good time and the availability of engines can be increased, then this really counts for the customers. Thanks to ongoing evaluation of the engine operating values, the service specialists in South Germany can detect whether all components in the diesel ship are working according to plan. A continuous, secure data link to the ship is required for this.

In the middle of the ocean, a satellite connection is the only option for communication. In the past, this was really expensive. However, since then, affordable flat rates have become available and the quality of the connection brings no significant disadvantages (in comparison to DSL). As costs go down, the demand for proactive support services is also increasing. Availability of the Internet worldwide, higher bandwidths, and affordable mobile connections are the decisive trends for the future, from Martin Diessner's perspective.

Data transmitted from more than 200 sensors

More than 200 sensors record the measured values of an engine in 1-second intervals. The data is then collected on board, compressed, and transmitted regularly to the control centre.

The aim is to be able to control maintenance work as needed and to prevent uncontrolled switch-offs. From the data on oil pressure, cooling water temperature, storage temperature, engine speed, charge air pressure through to lubrication oil temperature, deviations from the standard values can be established and potential trends detected. For example, a change to the pressure could be an early warning that the filters are clogged and need to be replaced. However, these changes must be detected promptly and interpreted correctly. This requires experience and expert knowledge. According to Martin Diessner, an increasing amount of evaluation is already taking place using automated closed-loop control circuits. Data is correlated for this, threshold values are defined, and in the case of deviations, measures are initiated.

The online service product range is advantageous both to MAN and to ship and power plant operators. Operators receive regular service reports including notes regarding essential maintenance tasks. Downtimes are reduced and customers are better connected thanks to long-term service contracts. Thanks to the extended online service, MAN is able to reduce travel costs and time and optimise on-site deployments, thereby also saving the customer additional time.

To protect the IP data links, numerous functions are integrated into MGUARD. These include a VPN-capable Ethernet router and a configurable firewall with dynamic packet filter. Service technicians are connected to system operators via a Virtual Private Network (VPN). MGUARD performs the role of the VPN gateway. In this way, service technicians and system networks are connected to a common network via the Internet. Cryptographic protocols are used to ensure confidentiality and authenticity. A hardware-based encryption is used via 3DES (168 bit) or AES (128, 192, 256 bit) and the IP security protocol (IPsec).

For network security, the FL MGUARD includes a configurable Stateful Packet Inspection Firewall for protection against unauthorised access. The dynamic packet filter inspects new attempts to connect using the source and destination addresses and ports and blocks undesired data traffic. The parameters of a legitimately initiated connection are kept in a connection tracking table until their termination and all further corresponding (response) packets are automatically detected and accepted.

To ensure high availability, optional additional redundancy functions are available. Two MGUARDs of the same design can be combined into one redundant pair. In the event of a device failure, the backup device automatically takes over the firewall and VPN functions from the failed active device.

To learn more about MGUARD please visit www.innominate.com.