Hirose: Connecting the future
Industrial Ethernet Book Issue 102 / 15
Request Further Info   Print this Page   Send to a Friend  

Data integration for cloud-based Industry 4.0 and IoT applications

A layered model and IoT solution stack is creating cloud-based system architectures that leverage a strategic data integration layer based on OPC UA. The potential benefit is decisive advantages in terms of integration costs, flexibility and return on investment.

TWO CONCEPTS THAT REPRESENT profound changes to industrial production in terms of business models, company organization and technology are Industry 4.0 and the Internet of Things (IoT). Common to almost all I4.0 and IoT solutions is their goal of breaking down the clear separation of IT and OT typical to date, both technologically and organizationally, to ensure the seamless exchange of data between OT and IT, and the efficient management of an overall system encompassing them both.

So what kinds of requirements does data exchange between the IT and OT layer need to meet and how can these be technically implemented? To answer this question, we can take a look at a layered model or a ′solution stack′ for IoT solutions.

The OPC UA standard is an excellent choice for IT/OT integration and reduce system integration workloads.

Layers of networking technology

The bottom layer is Operational Technology (OT), where everything is located that is found at the lowest three levels of conventional automation pyramids namely control units, field devices, sensors and actuators. For some applications, it would be technically possible to move the control layer to the cloud. The model remains applicable in this use case.

The second layer from the top, Applications, represents software packages such as Predictive Maintenance or Energy Management, which are relevant for I4.0 and IoT.

The layer under this one Platform can represent a single piece of IT infrastructure in the simplest case to a more complex version involving a public cloud plus IoT services such as analytics, storage capacity and security. Right at the top is the Services layer, which often plays a central role in the context of IoT or monetization strategies and innovative business models.

Data integration layer between data sources at the automation level and applications.

Data integration layer

The Data Integration layer (DI layer), located between Platform and Operational Technology, takes on a special meaning in the context of I4.0 and IoT. The question perhaps arises as to whether it wouldn′t be simplest to provide all of the data sources of interest in the OT layer with an upwards-pointing interface, with which applications (or IoT platforms) could integrate as required. In practical terms, however, there are compelling reasons for system architectures that offer more functionality in the DI layer than simple interfaces to the OT layer.

It should also be noted that there are a number of reasons (including the volume of data and security issues) why DI layer functionality cannot simply be shifted to the cloud but must run on premises. Conceptually, therefore, the DI layer can be categorized as a kind of edge computing.

Data integration requirements

Turning now to the specific requirements for a more ′heavyweight′ DI layer, these can be summarized by utilizing the concepts of data aggregation, data preprocessing and interface abstraction.

Data aggregation: With data aggregation, often combined with options for filtering data, data are consolidated from multiple sources by deploying a dedicated aggregation server. This server then offers appropriate interfaces for the Platform and Application layers. By keeping to just one or a few aggregation servers, configuration on the application side can be considerably simplified. Depending on the relevant threat level, security can also be pared down in communications between the aggregation server and the data sources or even omitted entirely, as long as communications between the aggregation server and application are maximally hardened.

Last but not least, an aggregation server should also be capable of managing access rights: a maintenance application that is also used by external personnel receives access to machine data only, while an OEE application is also allowed to access sensitive process data.

Data preprocessing: Data preprocessing within the DI layer serves to reduce data volumes by providing individual applications only with the data each of these applications actually requires.

Interface abstraction: Depending on the solution architecture, a DI layer can also be used to abstract interfaces to a wide range of applications and business processes. This is especially useful considering the relatively fast-paced, heterogeneous IT sector with its short innovation cycles and the comparatively slow-moving world of OT.

Basically, the aim here is to identify a solution architecture that permits changes or installations at the IT/Application layer as flexibly and independently of the OT layer as possible while in turn enabling changes within the OT layer without impacting the Application layer.

Data integration and IT security

What is the relationship of the DI layer to IT security? There′s no ready answer to this question. Security requirements and measures depend on circumstances and assumptions about threat scenarios and should be assessed and determined in relation to individual components within the system. However, some aspects should always be considered.

Protocol selection: A number of models are available here that avoid opening the firewall (such as the publisher/subscriber model).

Certificate management: To ensure secure operations over the long term, the cost and effort of maintaining fully-edged certificate management must be budgeted for.

Use of proven standards: Security and cryptography are highly complex topics and their details are understood by only a few experts. Security is therefore best achieved by using standard algorithms that enjoy widespread acceptance and trust (OPC UA).

Implementation with OPC UA

The OPC UA interoperability standard is very well-suited to the implementation of a DI layer. In terms of IT security, OPC UA offers a flexible, three-tiered configuration that not only permits the omission of security procedures but can also be used for the realization of all-round security by encrypting communications, authenticating at the application layer and managing access rights for users. The requirements of interface abstraction and reductions to system integration effort can be achieved by information modeling and the utilization of companion information standards.

The OPC UA standard is also flexible in terms of the choice of protocol. With the publication of version 1.04 of the standard (which has been scheduled for this year), OPC UA will not only support communication via the client/ server model but also the publisher/subscriber model (with UPD/binary encoding and MQTT/ JSON as alternative transport layers).

A series of OPC UA-based standard products for IT/OT integration are already commercially available. OPC UA has also passed rigorous IT security testing conducted by the German Federal Office for Information Security (BSI).

Data integration tools

Softing′s dataFEED product family offers software and hardware products for OPC and IoT cloud communication that can be deployed in a variety of ways. Lean gateways focus on connectivity requirements and are used especially where data is processed in the cloud and the data integration layer is rather "thin" or where an OPA UA standard interface is required for legacy components.

The software product can be integrated with other applications on an industrial PC to perform complex data analysis and preprocessing. Wherever special, customer-specific requirements can′t be met, Softing′s OPC Toolkits allow customers to develop specific servers or clients.

Integrating IT and OT

In an industrial context, I4.0 and IoT solutions are characterized by the technical integration of the formerly separate domains of IT and OT. In some cases, it may well seem appropriate and advisable to implement technical access to important data from the DI layer as quickly as possible or for tactical reasons driven perhaps by just one application. Nevertheless, a system architecture with a strategic DI layer between OT and the central platform e.g. based on OPC UA offers decisive advantages in terms of the costs of integration, flexibility and return on investment.

The question remains of where to locate responsibility within the company for designing and implementing this kind of DI layer. However this is handled, the common differences in perspective between the traditionally discrete worlds of OT and IT must be overcome, and core expertise must be acquired in both disciplines.

Dr. Christopher Anhalt, Business Development Manager Data Integration, Softing Industrial Automation.

Source: Industrial Ethernet Book Issue 102 / 15
Request Further Info    Print this Page    Send to a Friend  


Analog Devices: Time Sensitive Networking
DINSpace fiber optic and Cat 6 patch panels
ICP DAS at SecuTech Thailand
Japan IT Week Autumn

Get Social with us:

© 2010-2018 Published by IEB Media GbR · Last Update: 18.12.2018 · 28 User online · Privacy Policy · Contact Us