CloudWatch collects logs, metrics, and events, providing you with a centralized view of your environment. Configure CloudWatch alarms to proactively notify you of any deviations from normal operations, so you can respond and maintain optimal performance.
Overview
This Guidance illustrates four architecture design options for deploying Siemens Opcenter Execution, a manufacturing execution system (MES) used to orchestrate and monitor production processes. First, the minimal architecture deploys the primary Opcenter Execution application and supporting components. Second, for high availability, the core applications can be deployed across multiple Availability Zones (AZs), while non-critical applications remain in a single Zone. Third, AWS Managed Services can be used to automate the deployment and management of these applications across AZs. Finally, an AWS Outposts option is available, where Outposts is deployed on-premises, establishing a secure connection to the AWS Region. These diverse options enable manufacturers to choose the deployment model that best suits their requirements for proximity, availability, scalability, and integration with AWS Cloud services.
How it works
Overview
This architecture diagram is a broad overview showing the minimal deployment of Siemens Opcenter Execution Foundation on AWS, a manufacturing execution system (MES) designed for orchestration of visibility, control, and optimization of production and processes.
Download the architecture diagram
Step 1
Siemens Opcenter Execution is a manufacturing execution system (MES) used to orchestrate and monitor production processes. For this minimal architecture option, the primary Opcenter Execution Foundation/Discrete/Process (OC EX FN/DS/PR) application is deployed on Amazon Elastic Compute Cloud (Amazon EC2) in a private subnet. It is deployed with the supporting Opcenter Connect Manufacturing Operations Management (OC CN MOM) and licensing applications on another Amazon EC2 instance. Another supporting application of Opcenter Execution Foundation Overall Equipment Efficiency (OC EX FN OEE) is deployed on a separate Amazon EC2 instance.
Step 2
A Microsoft SQL Server database is deployed on Amazon EC2 in a private subnet for use by Opcenter servers as the primary data store.
Step 3
A NAT gateway in the public subnet allows application and database servers to reach the internet, while a RDP Bastion server hosted on Amazon EC2 allows access to servers in the private subnet.
Step 4
The Application Load Balancer (ALB) serves as an entry point to access the MES application.
Step 5
Amazon Route 53 in a private hosted zone is used for routing to the ALB.
Step 6
AWS Backup centralizes and automates data protection for all Amazon EC2 instances.
Step 7
Amazon Simple Storage Service (Amazon S3) stores files for the Opcenter Connect MOM application.
Step 8
Amazon CloudWatch monitors the health of the workload and the infrastructure. AWS CloudTrail collects the audit logs for these workloads.
Step 9
The network connectivity to the on-premises manufacturing and enterprise network is enabled by connecting the customer gateway and the VPN gateway through AWS Site-to-Site VPN or AWS Direct Connect.
Step 10
To enable the visibility of manufacturing operations, the industrial machines in the shop floor tier can connect and send data to the MES application through the Open Platform Communications-Unified Architecture (OPC UA) communication servers. Operators in the shop floor tier orchestrate the production process by accessing the MES application through browser clients. Local printers and devices are connected through local clients (laptops, PCs). The integration with the enterprise resource planning (ERP) application in the enterprise tier can connect with the MES application through file folders and FTP transfers. Other office users at the on-premises location can access the MES application through a web browser, enabling wider visibility into the manufacturing process.
High Availability
This architecture diagram shows core, critical OEE applications deployed in multiple availability zones for high availability.
Download the architecture diagram
Step 1
For this highly available architecture option, the Opcenter Execution Foundation/Discrete/Process (OC EX FN/DS/PR) application is deployed on Amazon EC2 in a private subnet. It is deployed with the supporting Opcenter Connect Manufacturing Operations Management (OC CN MOM) and licensing applications on another Amazon EC2 instance. These core applications are deployed in multiple Availability Zones for high availability. Non-critical applications, such as the Opcenter Execution Foundation Overall Equipment Efficiency (OC EX FN OEE) application, are deployed on an Amazon EC2 instance in a single Availability Zone.
Step 2
The Microsoft SQL Server database is deployed in a high availability configuration on Amazon EC2 instances in a private subnet in multiple Availability Zones for use by the Opcenter servers as the data store.
Step 3
The NAT gateways configured in multiple Availability Zones allow the application and database servers to reach the internet. The RDP Bastion server, hosted on Amazon EC2 in multiple Availability Zones, allows access to servers in the private subnet.
Step 4
The ALB serves as the entry point to access the MES application.
Step 5
Route 53 in a private hosted zone is used for routing to the ALB.
Step 6
AWS Backup centralizes and automates data protection for all Amazon EC2 instances.
Step 7
Amazon S3 stores files for the Opcenter Connect MOM application.
Step 8
CloudWatch monitors the health of the workload and the infrastructure. CloudTrail collects audit logs for these workloads.
Step 9
The network connectivity to the on-premises manufacturing and enterprise networks is enabled by connecting the customer gateway and VPN gateway through Site-to-Site VPN or Direct Connect.
Step 10
To enable the visibility of manufacturing operations, the industrial machines in the shop floor tier can connect and send data to the MES application through the OPC UA communication servers. Operators in the shop floor tier orchestrate the production process by accessing the MES application through browser clients. Local printers and devices are connected through local clients (laptops, PCs). The integration with the ERP application in the enterprise tier can connect with the MES application through file folders and FTP transfers. Other office users at the on-premises location can access the MES application through a web browser, enabling wider visibility into the manufacturing process.
AWS Managed Services
This architecture diagram shows how AWS Managed Services can be configured to deploy OEE applications in multiple availability zones for high availability.
Download the architecture diagram
Step 1
For this highly available architecture with the AWS Managed Services option, the Opcenter Execution Foundation/Discrete/Process (OC EX FN/DS/PR) application is deployed on Amazon EC2 in a private subnet. It is deployed with the supporting Opcenter Connect Manufacturing Operations Management (OC CN MOM) and licensing applications on another Amazon EC2 instance. These core applications are deployed in multiple Availability Zones for high availability. Non-critical applications, such as the Opcenter Execution Foundation Overall Equipment Efficiency (OC EX FN OEE) application, are deployed on an Amazon EC2 instance in a single Availability Zone.
Step 2
Amazon RDS for SQL Server is deployed in a high availability configuration in a private subnet for use by Opcenter servers as the data store. If OC EX FN OEE is deployed, then RDS Custom for SQL Server should be deployed instead.
Step 3
The NAT gateway configured in multiple Availability Zones allows applications and database servers to reach the internet.
Step 4
The ALB serves as the entry point to access the MES application.
Step 5
Route 53 in a private hosted zone is used for routing to the ALB.
Step 6
AWS Backup centralizes and automates data protection for all Amazon EC2 instances.
Step 7
Amazon S3 stores files for the Opcenter Connect MOM application.
Step 8
CloudWatch monitors the health of the workload and the infrastructure. CloudTrail collects audit logs for these workloads.
Step 9
AWS Systems Manager is used to manage and access Opcenter application servers in the private subnet.
Step 10
The network connectivity to the on-premises manufacturing and enterprise networks is enabled by connecting the customer gateway and VPN gateway through Site-to-Site VPN or Direct Connect.
Step 11
To enable the visibility of manufacturing operations, the industrial machines in the shop floor tier can connect and send data to the MES application through the OPC UA communication servers. Operators in the shop floor tier orchestrate the production process by accessing the MES application through browser clients. Local printers and devices are connected through local clients (laptops, PCs). The integration with the ERP application in the enterprise tier can connect with the MES application through file folders and FTP transfers. Other office users at the on-premises location can access the MES application through a web browser, enabling wider visibility into the manufacturing process.
AWS Outposts
This architecture diagram shows how AWS Outposts is deployed on-premises, and connectivity to the AWS Region is established through an edge router connecting the Outposts service.
Download the architecture diagram
Step 1
For this AWS Outposts option, Outposts is deployed on-premises, and connectivity to the AWS Region is established through an edge router connecting to the Outposts service anchor through the public internet or Direct Connect.
Step 2
The primary Opcenter Execution Foundation/Discrete/Process (OC EX FN/DS/PR) application is deployed on Amazon EC2 instance in a private subnet on Outposts. It is deployed with the supporting Opcenter Connect Manufacturing Operations Management (OC CN MOM) and licensing applications on another Amazon EC2 instance. Another supporting application of Opcenter Execution Foundation Overall Equipment Efficiency (OC EX FN OEE) is deployed on a separate Amazon EC2 instance.
Step 3
The Microsoft SQL Server database is deployed on Amazon EC2 in a private subnet on Outposts for use by the Opcenter servers as the data store.
Step 4
A proxy server is deployed on Amazon EC2 instances in a private subnet on Outposts to allow access to the Opcenter application servers and the MES application.
Step 5
Amazon S3 on Outposts is used as file storage for the Opcenter Connect MOM application.
Step 6
The local gateway on Outposts is used for network connectivity to the enterprise and shop floor tiers, so applications (like ERP) can connect with the MES application. The plant operators can connect to the MES application through browser clients. Industrial machines can connect and send data to the MES through OP CUA servers. Other devices are connected through local UI clients (laptops, PCs).
Step 7
The RDP Bastion server is deployed on an Amazon EC2 instance in a public subnet in an AWS Region. This allows the server access to the servers in the private subnet on Outposts.
Step 8
AWS Backup is used to centralize and automate data protection for all Amazon EC2 instances on Outposts. Backups are stored in secured vaults in an AWS Region to restore instances in case of disaster recovery.
Step 9
An Amazon S3 bucket in the Region is used as a backup for the Amazon S3 bucket on Outposts.
Step 10
CloudWatch is used to monitor the health of the workloads running on Outposts and in AWS Regions. CloudTrail is used to collect audit logs for these workloads.
Well-Architected Pillars
The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.
Operational Excellence
Security
The ALB allows your Amazon EC2 instances to reside in private subnets, shielding them from direct internet exposure. And the Amazon EC2 security groups help ensure that only legitimate network traffic can reach your application and database instances.
Reliability
AWS Backup enables centralized and automated data protection, allowing you to restore your environment in the event of a disaster. Also, the ALB distributes client requests across healthy Amazon EC2 instances for high availability and fault tolerance.
Performance Efficiency
The ALB distributes the workload across multiple Amazon EC2 instances, enabling horizontal scalability. CloudWatch provides long-term usage metrics, so you can make informed decisions and fine-tune your environment for optimal performance.
Cost Optimization
CloudWatch offers long-term usage metrics, allowing you to right-size your Amazon EC2 and RDS for SQL Server database instances for cost efficiency. Systems Manager allows you to manage and access your Amazon EC2 instances without the need for additional bastion hosts, reducing your overall infrastructure costs.
Sustainability
CloudWatch provides long-term usage data for you to make informed decisions about instance sizing, resource utilization, and the adoption of AWS managed services, ensuring the sustainable operation of your environment.