• Overview 
• Multiscreening 
• Operating and monitoring
• Authorization system
• AuditTrail 
• Alarms 
• Trending
• Logging
• Remote alarms and maintenance
• Systema and self-monitoring
• System diagnostics 
• Recipes
• Data backups
• Language switching

Overview
The operator screen

KDE configuration

• Grouping of operator station-specific KDE desktop and KDE menus to enable or disable access to selected system components.
• The task bar and start menu are used to start additional programs for analyzing current system information and historical data.
• Menu items with expressive tooltips show information about the respective program.
• Virtual keyboard for touch screen solutions or "first aid" if the keyboard fails.
• With the necessary access rights, the entire operator interface can be started via VNC (virtual network computing), e.g. on a Microsoft Windows NT/2000/XP/Vista computer running a VNC viewer or Web browser (Java).
• Without additional configuration work or functional limitations, you can operate and monitor, start historical analyses of alarms and trend curves, check out logs, or open diagnostic tools.

Multiscreening

• Multiscreening makes it possible to connect several screens to one operator station. Depending on the graphics card, 1, 2, 3, or 4 screens can be controlled from a single operator station.
• A different process diagram or even the AlarmMonitor can be shown and operated on each of these screens.

Operating and monitoring
DisplayCenter

• The DisplayCenter is the central application for process control. In the process diagram, the operator sees all current process states can intervene interactively depending on his authorization level.
• The overall appearance (menu bar, toolbar, image tree) can be configured differently for each operator. This means that each operator only sees what he can operate.
• Quick activation of the most recently used process diagrams using the forward and back keys (like a Web browser).
• Selection of the last 11 active process diagrams directly from a menu.
• All operator actions are coordinated using the rights system and securely logged with the integrated Audit Trail (21 CFR Part 11, GAMP4).
• Adaptation of functions as well as the look and feel to the company-specific operating philosophy (user-friendly migration of old process control systems while retaining system availability).

Process diagram tree

• The process diagram tree shows all configured process diagrams with their names and descriptions. The diagrams can be directly selected here.
• Searching for a certain process diagram or device is possible from the diagram tree using an integrated full-text search.
• Each operator is able to create process diagrams in the diagram tree at runtime as favorites (like a Web browser). This makes it possible for an operator to quickly open process diagrams that are used frequently.

Process diagram

• Tooltips can be created for each device in the engineering phase. These tooltips are shown when the operator places the mouse over the corresponding object. Tooltips can contain both diagram and process values.
• For the process diagrams, any picture format (.bmp, .jpg, .png, etc.) can be used as a background image.
• Opening Web sites (system messages, Audit Trail, logs, system and project documentation), playing video sequences, and remote controlling the entire computer can be integrated directly in the process diagram.

Authorization system
Security login

• An individually designed operator profile can be created for each operator during the engineering phase. The system supports an unlimited number of operator profiles and operators.
• The operator can log into an operator station using the keyboard, card reader, finger print (biometric systems), inductive systems, and password. The login server handles the assignment of the configured operator profile.
• It's also possible to integrate existing chip (ID) cards used by a company.
• Different process diagrams, devices, and alarms are shown on the operator interface depending on the operator who is currently logged in.
• An operator can be allowed or prevented from logging in depending on different criteria, e.g. the system status.
• If an operator is logged in and doesn't perform any operators for a certain amount of time, the login server can log him back out automatically. This operator idle time prevents another operator from using this login name at that workstation.
• The integrated Audit Trail (21 CFR Part 11, GAMP4) logs all operator actions and provides important information (who, what, when, where) that can be accessed over the Web.

Audit Trail
Logging all operator actions

The Audit Trail provides a complete record of all operator actions in the process control system. Following the requirements of the FDA and GAMP forum (21 CFR Part 11 and GAMP4, respectively), the Audit Trail records the following actions:

• Login and logout actions
• Any process diagram switches
• Opening and closing operating templates (faceplates)
• Operator actions in the process control system
• Blocking and enabling alarms
• Replacement value input for logs
• System and self-monitoring as well as system events (e.g. switching to redundant systems)
• etc.

All of these items also apply to remote maintenance access, general remote control, and access via VNC (Microsoft Windows computer).

Each entry is logged with the following:

• Date and time (when)
• Performed action (what) - When operators act in the process control system, both the old and new values are recorded.
• Name of the operator (who)
• Location of the action (where)
   
• The Audit Trail is always started automatically, and it doesn't require configuration.
• Authorization to access data recorded by the Audit Trail is defined during the engineering phase using the APROL authorization system.
• All data can be imported in Microsoft Office applications (HTML, CSV format), printed out, or saved as a PDF document without needing additional programs.

Alarms
Multilevel alarm concept

The alarm concept is divided into four classes:

• Messages are important events that should be logged to the message / alarm archive, but that don't need to be considered in online alarm processing.
• Alarms that don't need acknowledgement are events that should be output immediately as alarms. They are displayed in the AlarmMonitor as long as the condition causing the alarm is active. If the condition causing the alarm changes, the entry is immediately removed from the AlarmMonitor and saved to the message / alarm archive.
• Alarms that require acknowledgement are treated like the alarms above by the system. However, they are only removed from the AlarmMonitor and stored in the message / alarm archive once they have been acknowledged and are no longer outstanding.
• Alarms that require text acknowledgement need the operator to enter a text to acknowledge the alarm. The entry is only removed from the AlarmMonitor and stored in the message / alarm archive if the alarm signal is no longer outstanding and the operator has acknowledged the alarm.

Alarm handling

Alarms can be acknowledged with the mouse, the keyboard, or function keys. All, all visible, selected, or individual alarms can be acknowledged at one time.

• All important information is recorded for each alarm (name of the operator, all alarm master data, arrival and acknowledgement times, and comments).
• Any process data can also be recorded with each alarm.

AlarmMonitor
 

• The AlarmMonitor shows the operator all alarms that have been enabled for him with the authorization system. An acoustic signal indicates new disturbances. The authorization for acknowledging and locking these alarms can be granted selectively in the engineering phase.
• The alarm display can be sorted and filtered according to various criteria.
• The AlarmMonitor always shows the operator the number of outstanding, acknowledged, and unacknowledged alarms.
• In addition to being displayed in the AlarmMonitor, alarms can also be output to an online alarm printer or forwarded to a pager, mobile telephone, or telephone system.
• The functions, look, and feel of the AlarmMonitor can be configured, making it possible to adapt it to any company's operating philosophy.
• The AlarmMonitor can be positioned anywhere in a separate window or integrated permanently in the DisplayCenter.
• On an operator station with multiscreening, it's possible to open the AlarmMonitor on the second monitor without covering up important information in the process diagrams. Alarm system
• How alarms are displayed in the AlarmMonitor can be defined in the engineering phase.
• Differentiating colors for acknowledged and unacknowledged alarms in addition to outstanding and inactive alarms.
• Multi-line display of alarms as well as the possibility of configuring alarm lines into several lines.
• Possibility to display different AlarmMonitors on one operator interface to monitor several automation islands from a central location.

Diagram for alarm / intervention text

• Each alarm has an accompanying process diagram. This diagram can be opened directly from the alarm entry in the AlarmMonitor.
• An intervention text can be output as additional help when an alarm occurs. This intervention text becomes an assistant to the operator by providing text, pictures, videos, or even live camera images.
• The intervention text can also contain SOPs (standard operating procedures) in HTML format.

Alarm trends

• An alarm can be linked to various online values and status parameters. This provides additional options for fast analysis.
• Any number of data points can be grouped together with Drag & Drop.

Locking alarms

• Alarms and alarm groups can be locked (disabled) and unlocked to perform commissioning or maintenance work.
• Locked alarms can be displayed in a list. Alarms and alarm groups can then be locked or unlocked from this list.
• Alarms can only be locked and unlocked by an operator who has been given the necessary authorization. All lock and unlock actions are logged by the Audit Trail (21 CFR Part 11, GAMP4).

AlarmReports

• AlarmReports are used to provide a Web-based method of evaluating all current and historical alarms and messages, also with the use of filters and identification options.
• Messages, alarms, acknowledged alarms, outstanding alarms, and alarms that occur several times all have different colors to tell them apart.
• Comments can be given any number of times for each alarm event.
• An integrated calendar or directly entering the desired time period makes it possible to quickly and efficiently search for certain messages and alarms.
• The navigation area of the AlarmReports supports filtering and sorting according to different criteria (alias name, description, measuring point number, group, priority, etc.).
• All data can be imported in Microsoft Office applications (HTML, CSV format), printed out, or saved as a PDF document without needing additional programs.
• Alarms and messages can be summarized together with their information in a context list or displayed in an event list.
• The historical analysis can be started directly from the AlarmMonitor or from the shortcut menu of the selected alarm.

Analysis

• The bar graph shows a chronological representation of how often alarms and messages occur within the selected period as well as additional navigation options.
• Runtime analysis is carried out by displaying a bar graph that shows when alarms are active and inactive. This makes it possible to graphically analyze possible connections between different events.

Trending
Seamless data recording

• The trend system seamlessly records all important analog and binary signals.
• All signals can be searched according to various criteria (description, measuring point number, group, etc.).
• All data can be imported in Microsoft Office applications (HTML, CSV format), printed out, or saved as a PDF document without needing additional programs.

ChronoChartPrinter – Continuous printout software

• Continuous printout of several trend diagrams together with important system events or alarms.
• ChronoChartPrinter can be used to produce a continuous online printout or historical trend data printout up to 15 meters in length.

TrendViewer

• All signals recorded by the trend system can individually be put together in groups of 8 trend curves and saved by the operator.
• When selecting trend curves, the operator has all detailed information about data points at his disposal (description, measurement point number, group, etc.). This makes it very easy to perform searches.
• How individual trend curves are displayed can be configured to meet the demands of the operator.
• Displayed curves can be analyzed with the TrendViewer (mean value, sum, ratios, etc.).
• In online mode, both current system states as well as historical trend data can be monitored.

Logging

Log

• Event-triggered recording of analog values
  E.g. batch report, counter state log
• Recording of analog values with data compression (the compression interval can be selected).
  E.g. daily, weekly, or monthly log.
  
• The type of logging and the data compression interval are specified during the engineering phase using a control system function block.

Customer-specific logs

• Creating custom logs using predefined templates in macro language
• All data can be imported in Microsoft Office applications (HTML, CSV format), printed out, or saved as a PDF document without needing additional programs.
• Access to logs can be protected using the authorization system (login name and password).
• Each recorded value can be modified in the log at a later time using replacement input. Authorization for entering replacement values is granted during the engineering phase. In addition, all changes made are logged by the Audit Trail (21 CFR Part 11, GAMP4).
• Hourly, daily, weekly, monthly, yearly logs Batch logs combined with Audit Trail (operator actions), alarm analysis, and trend curves.

Remote alarms and maintenance
Remote alarms

• Alarms can be sent by SMS or call to a pager, mobile telephone, or telephone system. This is configured with a function block during the engineering phase, and the alarms are sent over an analog or ISDN modem to the respective recipient.
   
• Using an auxiliary module for APROL makes it possible to use alarms with spoken text. This alarm system offers the following features:
  
• Managing service / stand-by personnel.
• Managing different stand-by plans with replacement numbers.
• Automatic calling when an alarm occurs.
• Querying all currently outstanding alarms.
• Alarm messages using spoken text.
• Acknowledging alarms using the keys on a telephone.
• Each call and all acknowledgements are logged.
• etc.

Remote maintenance and operation

• Remote maintenance and operation can be performed with a standard modem (analog or ISDN) over an increasingly standard VPN connection. Remote alarms and maintenance
• The operator or engineering interface can be accessed without additional configuration work or functional limitations, e.g. to start the historical analysis of alarms or trend curves, to view logs, or to open diagnostic and engineering tools.
• Remote maintenance and operation adhere to the same rules as on-site operation, i.e. a security login is necessary, and all significant operator actions in the process control system are logged by the Audit Trail (21 CFR Part 11 und GAMP4).
• Access can take place from a Microsoft Windows computer using a VNC viewer or Web browser.

System and self-monitoring

• All information about the hardware components being used in the project (operator stations, Runtime servers, controllers, etc.) and the APROL system software are recorded by the APROL system and self-monitoring feature. The information is then stored in system variables and displayed for the operator.
   
• Monitoring operator stations and Runtime/Engineering servers
  - Memory capacity
  - Hard drive capacity 
  - CPU load 
  - time synchronization 
  - APROL system software (e.g. driver status, server redundancy status, etc.). 
  - etc. 
   
• Monitoring controller & I/O modules 
  - Cycle time monitoring for task classes 
  - Battery status 
  - Memory capacity 
  - Time synchronization 
  - Status monitoring of I/O cards and I/O channels 
  - etc. 
   
• Monitoring other hardware components, e.g. using the APROL UCB mechanism 
  - Uninterruptible power supply (UPS) 
  -  Wireless clock for time synchronization System and self-monitoring 
  - Status of connected package units or 3rd-party controllers 
  - etc. 
   
• System variables can be used further as follows: 
  - Visualization in process diagrams 
  - Alarming or alarm forwarding 
  - Trend recording 
  - Automatic data backup of historical data 
  - etc.

StartManager

• The StartManager is used to diagnose the state of the APROL system software (e.g. driver status, server redundancy status, etc.) on operator stations or Runtime servers. It is also used to start and stop the entire APROL system or individual system software modules.
• Detailed status output is displayed for each system software module.

System diagnostics
System messages from APROL system software modules

• Logging error messages, warnings, debug messages, and starting or stopping the APROL system software is automatically active after turning on the process control system for the first time. Information in the system messages is made available using a common analysis mechanism with convenient calendar and filter functions.
• All data can be imported in Microsoft Office applications (HTML, CSV format), printed out, or saved as a PDF document without needing additional programs. This guarantees simple swapping of data at any time for remote analysis by APROL system support personnel.

ControllerManager
The ControllerManager is the maintenance and diagnostic tool for APROL controllers.

• Reading controller information (operating system, memory capacity, status, etc.).
• Reading the controller logbook and swapping the data with APROL system support personnel for error analysis.
• Editing the system configuration and downloading the operating system
• Warm restart, cold restart, and setting in diagnostic mode
• Completely backing up and restoring a controller
• Watch mode for process variables on a controller
• etc.

CaeViewer

• Diagnostics for a device's current process values using the accompanying logic plan in the CaeViewer, directly from the process diagram, and the respective icon displayed.
• Displaying current block input and output values, with online trend display for graphic analysis when needed.

Recipes
ParameterCenter

• Controlling discontinuous batch processes via the ParameterCenter
• Defining system components and parameter set templates (based on the S88) in the Engineering system.
• Parameter sets represent products in the system (e.g. parameter set 1 for manufacturing product A and parameter set 2 for manufacturing product B).
• Parameter sets can be switched either by the operator or automatically using a selection program (e.g. to convert production from product A to product B).
• Parameter sets are created and modified in the Engineering system or by the operator at runtime.
• Parameter sets are kept in a MySQL database. An open interface makes it possible to import and export data to a production planning system.
• The integrated Audit Trail (21 CFR Part 11, GAMP4) logs all operator actions and provides important information (who, what, when, where) that can be accessed over the Web.

Select statements

• Displaying select statements in the visualization is configurable and specified in the Engineering system.
• Operating select statements is done with the control template (e.g. start, stop, pause, step jumps (go to), etc.).
• The sequence controller is configured in the CaeManager using function blocks.

Data backups
Backup function

• All historical data (alarms and messages, trends, log data, Audit Trail, system messages) are recorded on the APROL server and stored in containers. Optimized ChronoLog technology is used for high-speed data recording (technical details below).
• The backup function can be used to swap or archive saved data at any time to external data media (e.g. CD, DVD, tape) or any other computers available on the network. If data recording is running during archiving, it's not affected!
• The archived data can be read back at any time by placing the data medium in the APROL server analyzed along with the current data.

Technical details for ChronoLog data recording

• If the APROL server is set up redundantly, ChronoLog data is automatically replicated between the redundancy master and the redundancy slave. This guarantees seamless data logging.
• If historical data should be recorded to a separate database server, this can be configured in the ChronoLog. This database server can also be designed redundantly.
• The ChronoLog mechanism also offers the possibility to set up one centralized database server for several independent automation islands. An integral component of the ChronoLog data recording is that the historical data is temporarily buffered between an automation island and the central database server when there are network interruptions.

• All APROL system software modules and the APROL system documentation are available in several languages:
  
• German
• English
• Russian
• Chinese 
• Etc.
   
• The UNICODE capability (UTF-8) of APROL allows all international alphabets and character sets to be used.
• To use several languages at the same time e.g. in the visualization or alarm texts, the corresponding information and texts can be configured separately for each language.