← All projects
WinCCTIA PortalRBACPROFINETOPC UA

SCADA Upgrade & Modernization

Full migration and modernization of a legacy WinCC installation: new RBAC model, unified alarm strategy, and a zero-downtime cutover plan.

RoleAutomation Software Engineer · Duration~6 months
80+ Screens migrated
14 → 6 Alarm groups
5 User roles defined
< 2 h Cutover downtime

Context & challenge

An automotive body-shop SCADA installation had grown organically over eight years. The result was a WinCC project with inconsistent screen layouts, a flat "admin / operator" permission model, an alarm flood of ~300 alarms/hour during normal operation, and no documented cutover procedure. Compliance requirements demanded an audit-ready system with role-based access, alarm acknowledgement trails, and a tested rollback path.

Approach

The project was divided into four parallel tracks, each with its own review gate:

  • Screen audit & standardisation — every existing screen was catalogued against a new UX template: consistent colour palette (ISA-101 conventions), standardised navigation, and responsive layout for both control room and mobile operator panels.
  • RBAC design — five roles were defined (Viewer, Operator, Maintenance, Supervisor, Admin), each mapped to a precise set of write permissions on tags, set-points, and manual overrides. The model was implemented using WinCC user groups and backed up to an Active Directory integration for SSO.
  • Alarm rationalisation — existing alarms were classified by consequence (safety, quality, availability). Nuisance alarms with < 5 % acknowledgement rate were either suppressed, converted to events, or re-engineered at PLC level. The result reduced active alarm volume by 60 %.
  • Cutover planning — a documented "run-in parallel" strategy was designed: the new SCADA ran read-only in shadow mode against the live OPC UA server for two weeks, discrepancies were resolved, then a 90-minute planned cutover window was executed during a weekend shutdown.

Key decisions

Choosing OPC UA as the primary communication layer (replacing legacy WinCC S7 channel) was a deliberate long-term investment. It added implementation effort upfront but made the SCADA server vendor-agnostic and opened the data to downstream consumers (MES, historian) without proprietary protocol coupling.

The shadow-mode run-in period was essential. It surfaced a class of tag-mapping errors that would have caused incorrect readings on the new system — catching them before cutover rather than during.

Outcome

The cutover completed in 88 minutes with no production impact. Post-migration alarm rate dropped from ~300 to ~120 alarms/hour during steady-state operation. The first external compliance audit passed with zero major findings on the RBAC and alarm management chapters. Maintenance teams reported significantly faster fault diagnosis due to cleaner alarm grouping and consistent screen layouts.