Case study · Applications · Food & Beverage

General Mills: Enterprise HMI Navigation Framework

A single .NET navigation control deployed to 38 manufacturing plants and 3,000+ HMI workstations worldwide. Two years of development. Zero direct database connections from the plant floor.

Industry: Food & Beverage
Engagement: Applications
Timeline: 2+ years

— The work

One control, embedded into every plant floor application, working the same way in 38 plants.

General Mills runs Wonderware InTouch HMI applications across 38 manufacturing plants worldwide. Every plant has its own applications, operators, and security requirements. But there was no standard way to navigate between screens, manage who could do what, or enforce consistent security across the enterprise. They needed a single, reusable component that could drop into any plant floor application and just work.

— The problem

Plants on their own, no shared navigation, shared passwords.

Before this project, each plant was on its own. Navigation was inconsistent. Security was managed per-application with shared passwords. If you had access to a terminal server, you could often get into HMI applications you had no business touching. There was no centralized audit trail, no way to know who logged in where, and no standardization across plants. General Mills wanted to fix all of that with a single component that every plant, every application, and every integrator could use going forward.

— What we built

A universal toolbar for plant floor applications.

The core deliverable was a .NET control (written in C#) that embeds into a Wonderware ArchestrA symbol. It sits at the top of every InTouch HMI application and provides navigation, security, system status, and operator personalization. The constraints are what made this project interesting.

No direct database connectivity

These applications run on thin clients and terminal servers on a plant floor. You can't have the HMI component making SQL calls directly. Instead, a three-tier architecture: a SQL Server portal database holds all configuration, a Windows service generates digitally signed XML cache files from that database, and those files are distributed to HMI clients through a file share. The HMI component reads the local XML files and never talks to the database. If the network goes down, every HMI keeps running from the local cache.

Role-based security with real granularity

A three-dimensional permission model: user groups, window groups, and node groups. A user's effective permissions combine all three. An operator on Mixer Line 1 can view Line 2's screens but can't change setpoints there. Everything is locked down by default — you explicitly grant access, not restrict it. Every HMI node name must be registered in the portal database before it can even accept a login. Unauthorized thin clients can't use the application.

Active Directory integration

User accounts can be managed through AD groups. Add someone to an AD group linked to a portal user group and their account syncs overnight. Remove them from AD and they're cleaned up the next day. Local portal accounts are also available for contractors or situations where AD isn't practical.

Data-driven navigation

The entire menu structure is configured through the admin tool and stored in the database. Cascading menus, screen assignments, display order — all data-driven. When an admin makes a change, the Windows service regenerates the XML files, the HMI picks them up within minutes, and the new menu structure appears. No code changes, no redeployment, no downtime. Users only see items they have permission to navigate to.

Navigation history, favorites, and RFID logon

Forward and back buttons work like a web browser. Operators can bookmark frequently visited screens, and those favorites follow them to any workstation or terminal server. Because plant floor operators often wear gloves, the component supports RFID badge logon using General Mills building access cards, with an optional PIN. Favorites and audit events sync back to the server through JSON ticket files — no direct database writes from the HMI.

Multi-language support

General Mills operates globally. The admin tool and HMI components support Spanish, French, and Simplified Chinese out of the box, with pictorial icons used instead of text wherever possible to reduce the translation burden. Menu items themselves support any language Microsoft's localization frameworks handle.

— The architecture

Three components. One data flow.

The HMI Control

A .NET DLL embedded in an ArchestrA symbol. Renders the navigation bar, manages security state, handles favorites, and reads configuration from local XML cache files. Monitors a file share for configuration updates every five minutes. All XML files are digitally signed with checksums; the control rejects any file that's been tampered with. Passwords stored in the XML are encrypted and can't be reversed.

The Portal Database Service

A Windows service that runs on the plant historian server or another SQL Server. Watches the portal database for configuration changes and regenerates XML cache files. Processes JSON ticket files from HMI clients for logon/logoff events and favorite changes. Runs a task scheduler for maintenance operations like purging old audit logs.

The Admin Tool

A desktop application (previously a web app) that plant engineers and integrators use to configure applications, users, groups, nodes, permissions, navigation menus, and security settings. Includes utilities for importing InTouch window definitions, migrating from the legacy ActiveX version, and exporting/importing configurations between plants.

— Why it matters

A complete rewrite of a component that had been running since 2001.

The old VB6/COM version was running on over 3,000 HMIs across 40+ plants, but the technology was dying. ActiveX development tools were no longer functional in 64-bit environments and the codebase was becoming unmaintainable. The new version was written in C# targeting .NET Framework, designed to be supportable for at least the next decade. It was built to coexist with the old version so plants could migrate at their own pace. General Mills took it upon themselves to write a 260-page installation, migration, and administration guide for the finished product. When your customer writes a manual that thorough, it tells you something about how embedded the component became.

— By the numbers

The shape of a 38-plant deployment.

manufacturing plants deployed worldwide

3000+

HMI workstations running the component

260 pgs

of client-authored documentation

2+ yrs

of development

standard security privilege levels, with custom support

software installation packages

supported languages at launch

direct database connections from the HMI

Have a system that should work across every plant?

Tell us about it. We like the hard problems with long deployment tails.

Start a project See more case studies