IT architectures need to play a vital role in IIoT system architectures, with gateways evolving to provide more flexible, innovative and efficient software solutions. A key question is how network solutions can be deployed to exploit software, IT and innovative algorithms and make production more efficient.
When it comes to expanding and operating innovative IoT solutions, IT architectures have a key role to play. What questions need to be answered about the architecture that interfaces IT with OT, and what relevance does this interface have for edge and cloud? In this era of digitalization, how are traditional gateways evolving into flexible and efficient software solutions for data integration?
A question of IT architecture
Whether we are talking about digitalization, Industrie 4.0 or the Industrial Internet of Things (IIoT), these rather overworked terms refer to much the same thing: how we can exploit software, IT, and innovative algorithms to make production more efficient.
Many companies and users have gotten their first look at these ideas in test installations and proof-of-concept projects. But there are major challenges to address before a successful transition to broad-based usage in production environments.
Questions about architecture or more accurately, the IT architecture, play an important role here. Which standards and technologies are utilized in an Industrial IoT solution – and how do cloud platforms fit in here? How is IT security guaranteed?
Where are open interfaces needed in the overall system to ensure the easy integration of different makes of component? Which standards are relevant here? The answers to these and other architectural questions will decide how successfully users can then handle the kinds of challenges posed by the inherent potential of their software and IT systems.
ROI for Industrial IoT applications and innovative software solutions is often unclear for a new project. While the underlying potential offered by AI, machine learning, and Big Data analytics is hardly in doubt, the real-world benefits are often difficult to assess before a project begins.
This is where a good architecture ensures that providers keep costs manageable at project start while simultaneously offering reusability, future-proofing, and expandability for the solution.
Industrial IoT typically refers to the use of a centralized platform that enables applications to be deployed at any site and in any plant situation, despite any actual differences between the various sites in terms of installed equipment and available interfaces. A well-chosen architecture will ensure the efficient operation of this centralized platform while reducing the extent to which investments in IIoT depend on the specific circumstances of these sites and plants.
The pace of innovation in IT remains high: While plant systems and installed equipment are still likely to have a multi-year or even multi-decade lifecycle, the cycles of innovation in IT tend to be short. As a result, architectural decision-making, especially at the OT/IT interface, will greatly affect whether, and at what cost, operators are able to exploit the plant’s potential for innovation over its lifetime and the expected improvements offered by innovative software solutions.
Efficient use of IT: As more money is invested in IT and IT costs rise, general questions about the overall efficiency of IT systems become more important. Accordingly, decisions about architecture and IT infrastructure in particular are of fundamental importance for the Total Cost of Ownership (TCO) of an IIoT solution.
The role of major IT providers
As the importance of software and IT continues to grow, it goes without saying that the major traditional IT infrastructure providers will also have a key role to play in industrial production systems. In the vanguard are the Big Three in cloud platforms: Amazon, Microsoft, and Google (also known as ‘hyperscale’ providers). For manufacturers, these companies are relevant for several reasons.
Cloud platforms typically offer general advantages for software usage in terms of costs and flexibility, which goes a long way to explaining their resounding success in enterprise IT. Unlike enterprise IT, however, the Internet of Things needs processing power near these ‘things’ and not just in the cloud. So for a while now, cloud providers have been supplementing their main platform with services for the ‘edge’ – a term referring to local data storage and processing.
In recent years, cloud platform functionality has also been extended to include specialized services for IIoT applications. Alongside their infrastructure and base services for cloud, edge, and IIoT, these providers have also been busy developing innovative algorithms for machine learning and artificial intelligence that can also be used easily by application developers and system integrators.
Power of software virtualization
Turning to look at the reference architectures used by IIoT cloud providers, we can see that they have ‘standardized’ at least in the sense that they all support the use of virtualization technology for edge computing. Let us first take a closer look at virtualization before we consider the needs of our industrial users.
Virtualization, which uses integration mechanisms to reduce the dependencies between the software layer and the hardware layer, has been one of IT’s megatrends during the last ten years. Virtualization allows software to be deployed simply and flexibly to a wide range of hardware and system environments: users enjoy a range of benefits that include lower costs for software development and maintenance.
One specific example of virtualization is ‘containerization’, which, with the introduction of services from Docker, has become increasingly widespread over the last five years or so. This technology is now predominantly used in IoT reference architectures for edge and cloud computing. However, virtualization technology is by no means limited to cloud platform interactivity. Even if users decide not to utilize a cloud platform, there are still many good reasons to make use of virtualization when designing the implementation of an innovative and efficient software solution such as a solution for the Industrial Internet of Things.
So, what do the typical plant systems and automation networks look like? What are the requirements of the users who operate these systems? And how do these match up to the architecture questions discussed earlier?
IT security and network topology are core issues here. An automation network is usually operated behind a multi-layered setup with two firewalls. A ‘demilitarized zone’ (DMZ) is located between these two firewalls. There is no direct connection between the automation network and the company network (or Internet), and communication between the DMZ and automation network must also be secure.
As a result, most IIoT use cases therefore make it necessary to work with at least two gateway layers. One layer includes all of the edge gateways within the DMZ, which have connectivity to the Internet or to a cloud platform (as required), plus a second layer of IT/OT gateways within the automation network, which can communicate directly with the edge gateways but not the company network or a cloud platform.
Apart from these specific network requirements, as derived from the network topology, other (functional) requirements for data integration and for the OT/IT interface also need to be considered.
In a nutshell, this means that installed plant/equipment as well as brownfield projects will remain relevant and dominant for many years. While newer devices might increasingly offer standardized interfaces, especially ones based on the OPC UA standard, most of the installed base of equipment will not.
As part of IIoT solutions, data integration also needs to do much more than simply translate proprietary interfaces into standardized protocols. Some of these more complex requirements include the efficient handling of what can be a potentially large number of data sources (data aggregation) as well as the above-mentioned need to abstract plant- or device-specific interfaces to achieve the multi-site deployment of a uniform set of software applications. Users also need to be able to respond flexibly to IT security requirements – not only to maximize security but also to ensure the costs involved stay at an acceptable level.
IT/OT gateway architecture
Let us now look at the architectural nuts and bolts of an IT/OT gateway. Traditionally, this gateway ‘belongs to OT’: It is installed and operated locally at one site, with the aim of providing an HMI system or database with data from the automation network, for example. These traditional applications change very little over the lifetime of the plant system. As a result, the use case here requires a low-maintenance product that can be operated for many years with barely any changes to its configuration. Innovative IIoT solutions will place very different demands on such a gateway or data integration, however. These requirements include the following dynamic and flexible payload configuration. In many cases, it is not advisable or even technically possible to simply send all data generated to an edge gateway sitting in the DMZ. Users need options for easy configuration of the payload as well as the efficient modification of this configuration over the lifetime of the plant system – such as when a new software application needs access to data that have not been provided to date.
Flexible expandability: Very few users will be able to say which new pieces of software or IIoT applications might be of interest in a couple of years. Accordingly, a data integration solution must also be flexible enough to support later applications without data integration needing to be redone from scratch.
Flexible data normalization even at the lowest level: The IT/OT gateway supplies the relevant OT-facing interface for software applications and so it should abstract out the actual equipment installed and other details of the plant system. A corresponding configuration will, in all likelihood, also change over the lifetime of the plant system, whether due to changing requirements for the interface stemming from IT or because changes also occur now and then in the plant system itself but the outward-facing (OT/IT) interface needs to stay the same.
Use of edge analytics and machine learning: Some applications need to have complex computations executed as near as possible to the data source. This requires IT/OT gateways capable of acting as platforms for the corresponding software modules.
Summing up, we can conclude that data integration on an IT/OT gateway has a more complex set of functional requirements than mere ‘protocol translator’ gateways. The software architecture used by a gateway of this kind should support innovative IT technologies like virtualization in particular, since the associated benefits are also relevant for this layer in an innovative and efficient IIoT solution. By transforming themselves from a merely static component within OT into a dynamic software solution manageable from IT and via cloud platforms, gateways are becoming part of an ‘industrial edge’ that runs on standard hardware.
Evolution of dataFEED technology
These were the reasons why Softing set itself the goal of redeveloping its trusted dataFEED product family into a modular, open software platform about a couple of years ago.
One focus of this redevelopment work involved providing existing gateway functions and software products as Docker containers. Another aspect was the development of entirely new functions that would enable the dataFEED product family to handle the requirements, as discussed above, for more complex data integration in an IIoT context. This included the cleanest possible implementation of the OPC UA Companion Specifications, to provide straightforward support for corresponding server interfaces.
Ensuring customer choice was another very important factor. This needed to be oriented on the options typically offered by many IoT platforms; dataFEED customers can therefore choose whether they want to operate the software components together with one of the cloud platforms from a major provider (Amazon AWS and Microsoft Azure are currently supported) or as a data integration solution that is independent of any cloud platform.
The recently released edgeConnector Siemens is the first commercially available Softing product to be based on container technology. Connecting to Siemens SIMATIC S7-300/400 and S7-1200/1500 controllers, this product provides access to data via an OPC UA server interface integrated into the connector. As a Docker container, the software module offers flexible deployment options, such as to devices running edge services from major cloud platforms (Azure IoT Edge or AWS IoT Greengrass, for example); it can also be deployed independently of these platforms.
An integrated web interface makes it easy for users to manage local configuration of the edgeConnector Siemens. For remote administration, the module also offers a REST interface that allows the connector to be managed by a cloud-based application (for example). Configuration itself is flexible and includes fine-grained security settings (such as separate and individual role-based access privileges for different OPC UA client applications).
In this way, the edgeConnector Siemens offers industrial users an opportunity to exploit the potential of virtualization and cloud both for data integration as well as the setup and operation of an interface between IT and OT as part of an innovative Industrial IoT solution. Other container-based products will be released over the next few months.
Potential for innovation
Commercial software offering efficient deployment are available for data integration, and fundamental issues about protocols and methods of access to data from automation networks can now be considered to have been solved as part of innovative IIoT solutions.
As a result, standardization bodies and data integration solution providers are now increasingly tackling the question of how best to enrich interfaces with semantics and information models, and to ensure their simple usability by software applications hosted in the cloud. While the OPC UA standard fulfills all of the technical requirements for defining interfaces capable of offering valuable semantic information, the standard itself is silent concerning the question of how the enrichment of an unstructured interface with this relevant semantic data can proceed most efficiently in a real-world brownfield project. This is an area offering further potential for innovation in the years to come.