Siemens S7 Controllers

Siemens S7 protocol controller

Sometimes being too successful can lead to real problems. I’m thinking about the problems that companies like Rockwell and Siemens have with their Programmable Controller lines. Allen-Bradley’s first PLC was the PLC 2, based on the Intel 8080 microprocessor. It was released in the late 1970s and was a mainstay for quite a few years.

Around the same time, Siemens brought their first PLC to market, the SIMATIC S3:

These PLCs were the first of many brought to market by these goliaths. All very successful, with tens of thousands if not hundreds of thousands of units shipped. And therein lies the problem. A lot of these PLCs are still in use today in important manufacturing applications – applications that need to be included in the new, more modern and sophisticated control architectures we have today. These early programmable controllers existed at a time before the Cloud and before Ethernet. It was a time when severely performance limited serial communications (RS232 and RS485) was the only option.

As technologies improved, both companies gradually added communications to these processor lines. I’ve written extensively about Rockwell Automation communications in the past. In this article and subsequent ones, I’m going to discuss communication with some of the early Siemens programmable controllers – specifically, communication with Siemens S7 controllers.

The S7 controller product line is one of Siemens’ most successful processor lines and one with a lot of legacy equipment still in service. It’s part of the Simatic Controller family, which also includes some of the earliest processors ever introduced by Siemens: the S3 and S5 controllers. Deployed in the 1970s, the S3 and S5 controller lines were very successful in much of Europe through the 1980s. But in 1994, with the introduction of the S7-200, S7-300 and S7-400, much of the user base upgraded to S7 controllers. With new features like User-Defined Data Types (UDTs) and STL (Statement List) programming and much-increased performance, S7 controllers soon became the dominant Siemens controller.

Hundreds of thousands of these processors were implemented around the world (but mostly in Europe) in nearly every country and nearly every industry. From pharmaceuticals to aerospace to farming to hundreds of other applications around the world, the S7 dominated the PLC business. There were only two places in the world where Simatic S7 controllers weren’t dominant: North America and Japan. Rockwell dominated the US, Canada and much of South America while Omron and Mitsubishi dominated Japanese manufacturing.

As manufacturing applications grew in importance and became more sophisticated, the need for multiple controllers to coordinate their control functions became clear. Controllers needed to pass status and data in a lot of the more sophisticated applications. Remember this was long before the technology to enable sensor bus protocols like DeviceNet or Profibus was possible, let alone EtherNet/IP and PROFINET IO. In that era, serial bus protocols using RS232 and RS485 and derivations of those serial communication standards were the only options.

To meet the need for programmable controller communications, Rockwell provided what it called Data Highway (DH) and Siemens created the S7 communication protocol. Both have evolved over the years into slightly more sophisticated offerings but because they serve legacy PLCs, you won’t find a lot of fancy control security, rich feature sets or high performance.

Over the next few articles, I’ll be discussing the S7 protocol, which has evolved into three separate protocols: what I’m going to call “Basic S7,” S7 Protocol Plus and extended S7 Comm Protocol Plus. All three of these protocols are essentially the same, with the plus versions being Siemens’ attempts at providing security – always difficult to do when adding on to legacy equipment.