Building Automation Systems from Internet of Things

Building Automation Systems from Internet of Things

Professor  Jerker  Delsing   EISLAB  

Luleå  University  of  Technology

Heathrow terminal 5

5 million connected points!!

X.XXX.XXX  number  of  bearings  

Connected  bearings  will  support     Bearing  condition  monitoring  

Railway  wagon  condition  monitoring

IoT Product Segments

Conveyor (Tier2) Components and Parts (Tier3)

Drive Heads LTU & Winches Belt Structure Belting

Pulleys

Feeder Breakers

Components (a.u. idlers, motors, etc.)

Suppliers of these Products are:

Potential partners, and;

Future Service Providers

One  customer,  KGHM,  one  component  

• 120  km  conveyers  

• 720.000  idler  bearings  

Annual growths more than 10% and over 500 billion connected devices are expected worldwide by 2025. - Cisco 2013


Massive automation systems not possible with current technologies
 Not enough many engineers on the globe to do the job with current

technology


ISA-95 systems in to the cloud?

The

www.arrowhead.eu

CHP

Homes, offices &

industry

Resources Product

market

RAW MATERIAL PRODUCTS

HEAT, EL

HEAT, EL HEAT, EL HEAT, EL

PRIMARY PRODUCT CYCLE

A European Roadmap for Industrial Process Automation 


based on global trends and industrial needs. www.ProcessIT.eu

Benefits to the production industry - Spire

• BeJer  opKmizaKon  and  coordinaKon  of    single  processes  or  process  chains  and  of   complete  plants  and  sites,    

• Significantly  improved  resource  efficiency.    

• BeJer  coordinated  control  loops  in  one  process  step  and  improved  collaboraKon  of   control  systems  of  different  processes  along  a  process  chain  give  higher  process  yields   which  results  in  beJer  material  efficiency,  waste  reducKon,  less  energy  use  and  

reducKon  of  polluKon.  

• Improved  product  quality  through  beJer  process  control  and  smart  quality  control  

• Higher  uKlizaKon  of  equipment  

• New  collaboraKve  soluKons  with  integrated  informaKon  management  offer  new   possibiliKes  for  supply  chain  management  including  price-­‐based  coordinaKon  or   opKmised  market  mechanisms  

• Safer  operaKon  of  plants  due  to  improved  control  and  shut-­‐down  procedures.    

• PossibiliKes  to  integrate  mulKple  processes.  

• Shorter  delivery  Kmes  and  lower  producKon  cost.

www.arrowhead.eu

Arrowhead

Process and energy system automation

4 years project 68M€

79 partners Coordinated by

an ARTEMIS CoIE

www.arrowhead.eu - jerker.delsing@ltu.se

ARTEMIS Industry Association The association for R&D actors in embedded systems

www.arrowhead.eu www.arrowhead.eu

To be demonstrated in real world applications

www.arrowhead.eu

ISA-­‐95  systems  in  to  the  cloud?

The

Arrowhead  approaches

TCP/IP  everywhere,  middleware  nowhere.  

Internet  of  Things  -­‐  IoT   System  of  systems  -­‐  SoS
 The  Integrating  approach  

Service  Oriented  Architectures  -­‐  SOA

A Survey of Commercial Frameworks for the Internet of Things. Hasan Derhamy, Jens Eliasson, 


Jerker Delsing, and Peter Priller, SOCNE workshop at ETFA 2015, Luxemburg

www.arrowhead.eu

Collaborative  automation  in  the  cloud

Automation  is  local  -­‐  requirements  on:  

Real  time  

Security  and  safety  

Continuous  engineering
    

Local  clouds  are  beneficial  to:  

Latency  -­‐  real  time  

Security  -­‐  supporting  safety   Less  engineering  dependencies  

Inter  cloud  actions  are  necessary  and  possibly  secure!

Automation using SOA Demonstrated in e.g.

Socrades and IMC-AESOP

projects

Classical  automation  system   characteristics

Centralised  controllers,  DCS,  SCADA,  PLC,     Pull  based  -­‐  time  slotted  streaming  of  all  data   Hard  real  time  

Design  time  bindings  

Seams  to  have  an  upper  bound  of  X*10 ⁵  I/O’s

Cloud  based  automation  systems

Choice  of  centralised  or  distributed  control  and  data  to  information   computations  

Push  on  event  or  pull  

Late  binding  -­‐  runtime  binding  

Hard  real  time?

www.arrowhead.eu

IoT  -­‐  properties

Things  comes  and  goes  

May  have  limited  bandwidth   May  have  limited  energy  supply  

Interoperable  services  at  the  device  connected  to  the  Internet     Integration  of  IoT  systems  have  to  be  dynamic  

Based  on  demand  and  availability

Integrate any IoT device Real time

Energy consumption Engineering

Trust

Secure Safe Privacy

Migration into/from legacy systems

Cloud  integration  of  any  IoT  device

Communication  HW  

Existing  commercial  technology   SOA    

But  which  SOA  technology

Service  Oriented  Protocols  -­‐  A  Challenge

IPv4/IPv6/IP multicast UDP

CoAP DPWS OPC-

UA

HTTP 1.1 TCP Semantics Compression/EXI

DDS uPnP

Application

Pilot A XML def

Pilot B JSON def

Pilot C XML def

Pilot D JSON def

Pilot E XML def Pilot A

Service def

Pilot B Service def

Pilot C Service def

Pilot D Service def

Pilot E Service def

XMPP MQTT

One  Service  Oriented  Protocols  -­‐  Works!

IPv4/IPv6/IP multicast UDP

CoAP DPWS OPC-

UA

HTTP 1.1 TCP Semantics Compression/EXI

DDS uPnP

Application

Pilot A XML def

Pilot B JSON def

Pilot C XML def

Pilot D JSON def

Pilot E XML def Pilot A

Service def

Pilot B Service def

Pilot C Service def

Pilot D Service def

Pilot E Service def

XMPP MQTT

CoAP -> XMPP CoAP -> MQTT CoAP -> OPC-UA OPC-UA -> CoAP OPC-UA -> MQTT

Necessary semantics translation Necessary data structure translations

Service integrity over protocols, data structures, semantics etc.

Hasan Derhamy, Pal Varga, Jens Eliasson, Jerker Delsing and Pablo Punal Pereira

Translation Error Handling for Multi-Protocol SOA Systems, ETFA 2015, Luxembourg

Hard  real  time  IoT  cloud

Hard real time dependent on underlaying communication capabilities Local hard real time cloud to prescribe communication

technology

e.g. Industrial ethernet, TTTech, time slotted 802.15.4 
 SOA overhead eats bandwidth

Use compression EXI

EXIP: A Framework for Embedded Web Development

Kyusakov, R., Punal, P., Eliasson, J. & Delsing, J. Oct 2014

In : ACM Transactions on the Web. 8, 4, 29 p.23

www.arrowhead.eu

Real  time   Local  cloud  #1

IA SM

II

Application   system Application  

system Application  

system

Application   system

Application  system

Application   system

Real  time   Local  cloud  #2

Application   system Application  

system Application  

system

Application   system

Application  system

Real  time   Local  cloud  #3

IA SM

II

Application   system Application  

system Application  

system

Application   system

Application  system

Application   system

IoT energy consumption

IoT devices may be battery powered Event orientation

Reduces cost of communication No streaming of IoT data to cloud

IoT data/info. to consumer on configured event

Distributed data -> information computation

Subscription to distributed information based on events

Enabling receiver tailored information

Information provided as a configurable services Orchestration of services

Supported by complex event processing Choreography

To be supported by the technology architecture

www.arrowhead.eu

How  to  build    local  cloud?  

SOA  -­‐  Abstracting  IoT  data  to  services

Services  are  produced   Services  are  consumed

Service
 Consumer Service


producer

Application service

IoT System A IoT System B

Exchange information

www.arrowhead.eu

Fundamental  conceptual  overview

all of its users to work in a common and unified approach – leading towards high levels of interoperability.

A. Overview of Arrowhead Framework

The Arrowhead Framework includes principles on how to design SOA-based systems, guidelines for its documentation and a software framework capable of supporting its implementations.

The design guidelines provide generic “black box” design patterns on how to implement application systems to be Arrowhead Framework compliant. Furthermore, these guidelines allow making legacy systems Arrowhead Framework compliant.

The documentation guidelines include templates for service, system and, system-of-systems descriptions (to be detailed in the following sections of this paper). Due to its complexity there is also a “Cookbook” for hands-on instructions on how to use the framework.

The software framework (Fig. 2) includes a set of Core Services which are capable of supporting the interaction between Application Services. The Core Services handle the support functionality within the Arrowhead Framework to enable Application Services to exchange information. Examples are services for Discovery, Authorization, Orchestration, and System Status. An Application Service handles the data exchange between specialized devices (those that the system is special at). Examples are services for sensor reading, billing, energy consumption, weather forecasts, etc.

The Core Services (Fig. 2) are further divided into three different groups: i) Information Infrastructure (II); ii) Systems Management (SM); and, iii) Information Assurance (IA).

The II services are the set of core services and systems in charge of providing information about the services and how to connect to them. This includes services like Service Discovery, Application Installation and Setup, Service Metadata, etc. The SM services are the set of core services and systems providing support for late binding and solving system-of-systems composition. The SM provides logging, monitoring and status functionality. It also addresses orchestration, software distribution, Quality of Service (QoS), configuration and policy.

Finally, such a software framework can only operate if the system is able provide adequate security and safety levels. Those functions are assured by the IA services, supporting secure information exchange. Example services include those for authorization, authentication, certificate distribution, security logging and service intrusion.

The software framework also addresses the design and prototype implementations of gateways/mediators for making legacy systems Arrowhead compliant.

Finally, the Arrowhead Framework provides a set of rules and principles to: i) address technical property requirements; ii) Arrowhead conformity requirements and, iii) a set of tool(s) for conformity test and verification.

Fig. 2. Arrowhead Framework core and application services

B. The Arrowhead Framework documentation approach The Arrowhead Framework states a common approach of how to document SOA-based systems. The documents structure is built on three levels, namely: System-of-Systems, System and Service level. These are depicted in Fig. 3, showing the links between documents, as well.

Fig. 3. The Arrowhead Framework documentation relationships

The approach is to apply the terms “black box” and “white box” only to the System level since it is well known what it means. However, these concepts are not used at the Service level, where such division is rather meant to be about technology independence/dependence.

At the System-of-Systems (SoS) level, a concrete “System- of-Systems type” is defined in the System-of-Systems Description (SoSD) document. Thus, the particular “system type” needed to fulfill our SoS goals can be implemented. The correct way of working is assured thanks to the “black box”

representation of all Systems in the System Description (SysD).

Therefore, each “system type” can talk to each other or identify the gateways/mediators’ needs.

In the System-of-Systems Design Description (SoSDD) a SoSD instance can be created. All the participating “white box”

Systems (SysDD) must be enumerated and the entire setup must

be explained, including infrastructure description (network

configuration, VPNs, etc.), domain structure, startup behavior

etc. This is a deployment description and it describes the SOA

installations.

www.arrowhead.eu

Core  Functionalities  -­‐    

System-­‐of-­‐Systems  in  a  local  cloud

ARROWHEAD
 FRAMEWORK  

COMPLIANT  

NETWORK

IA SM

II

Application   system Application  

system Application  

system

Ap pl ic ati on   sy st em

Ap plic ati on   sy ste m

Application   system

Core  systems

www.arrowhead.eu

Local  cloud  #1

IA SM

II

Application   system Application  

system Application  

system

Application   system

Application  system

Application   system

Local  cloud  #2

IA SM

Application   system Application  

system Application  

system

Application   system

Application  system

Application   system

Local  cloud  #3

IA SM

II

Application   system Application  

system Application  

system

Application   system

Application  system

Application   system

Three  mandatory  local  cloud  services

Service  registry  system  

Authorisation  system  

Orchestration  system

www.arrowhead.eu

Service  Registry

•  supports  a  service  registry  functionality  based  on  DNS  and  DNS-­‐SD.  

•  all  Systems  within  the  network  shall  publish  its  producing  service   within  the  Service  Registry  by  using  the  Service  Discovery  service

«CP» DNS-SD

«System»

Service Registry

«CP» DNS-SD ServiceDiscovery

The  Service  Registry  system  

consist  of  all  active  producing  

services  within  the  network.

www.arrowhead.eu

Authorisation  System

•  Authorisation  Management  service  provides  the  possibility  to   manage  the  access  rules  for  specific  resources.  

•  Authorisation  Control  service  provides  the  possibility  to  control  the   access  for  an  external  service  to  a  specific  resource.  

•  Service  Discovery  service  uses  the  Service  Discovery  to  publish  the   Authorisation  Systems  producing  services  within  the  Service  Registry   System.

«CP» WS-SOAP

«CP» REST_WS-TLS-XML

«CP» DNS-SD

«System»

Authorisation System

«CP» WS-SOAP

«CP» REST_WS-TLS-XML

«CP» DNS-SD

AuthorisationManagement

AuthorisationControl

ServiceDiscovery

The  Authorisation  System   consists  of  access  rules  to   system  resources  (i.e.  

services).

www.arrowhead.eu

manage  the  connection  rules  for  specific  services.  

•  Orchestration  Store  service  provides  the  possibility  to  fetch   configuration  for  a  system.  

•  Service  Discovery  supports  the  publishing  of  the  Orchestration   Systems  producing  services  within  the  Service  Registry  System.

«CP» REST_WS-TLS-XML

«CP» REST_WS-XML

«CP» DNS-SD

«System»

Orchestration System

«CP» REST_WS-TLS-XML

«CP» REST_WS-XML

«CP» DNS-SD

OrchestrationStore OrchestrationManagement

ServiceDiscovery

The  Orchestration  System   provides  the  functionality  of   manage  connection  rules  

(i.e.  orchestration  of  the  system  

of  system  composition).

www.arrowhead.eu

Startup  Application  System  B  and  establish  connection

www.arrowhead.eu

Automation  support  services

Arrowhead  core  systems

Factory  description  system   Deployment  system  

Configuration  system   Event  handler  system   Historian  system  

Meta  service  registry  system   User  registry  system  

Quality  of  Service  system

Factory  description  system

The  purpose  of  the  Plant  description  system  is  to  provide  a  way  to  find   Arrowhead  devices  and  systems  through  browsable  structures  based   on  the  physical  systems  the  Arrowhead  devices  are  connected  to.    

The  first  specification  of  this  system  is  intended  as  a  basic  interface  to   present  hierarchies  and  basic  information  about  each  object.  It  is  

intended  to  allow  a  user  to  find  objects,  physical  or  Arrowhead  

systems,  based  on  either  their  physical  location  or  based  on  their  place  

in  a  functional  context.    

www.arrowhead.eu

Configure  system

As  the  devices  running  Arrowhead  compliant  systems  are  loosely   coupled  and  provided  by  different  suppliers  the  engineering  is   expected  to  move  to  open  or  independent  engineering  platforms   rather  than  those  provided  by  hardware  manufacturers.  The  

Configuration  system  allows  the  configuration  of  systems  from   different  system  suppliers  through  a  uniform  service  interface.    

The  Configuration  system  is  designed  so  that  the  configuration   possibilities  are  not  limited  by  the  service  interface  but  allows  all   configurations  that  the  configurable  system  is  set  to  allow.    

«CP» DNS-SD

«CP» REST_WS-TLS-XML

«System»

Configure

«CP» DNS-SD

«CP» REST_WS-TLS-XML

ServiceDiscovery

ConfigureStore AuthorisationControl OrchestrationStore

www.arrowhead.eu

The  purpose  of  the  Deployment  system  is  to  automatically  join  pre-­‐

assigned  new  devices  to  a  specific  Arrowhead  Framework  enabled   cloud  and  save  installation/engineering  time.      

The  idea  is  to  allow  an  administrator  of  the  local  cloud  to  set  conditions   under  which  a  factory  issued  identification  key  can  be  used  to  

authenticate  certain  systems  to  allow  distribution  of  more  specific  keys   which  then  allows  a  system  to  connect  to  the  Arrowhead  framework   without  any  detailed  administration  of  the  specific  system.    

«CP» DNS-SD

«CP» REST_WS-TLS-XML

«System»

Deployment

«CP» DNS-SD

«CP» REST_WS-TLS-XML

ServiceDiscovery

Deployment authentication UserSystem Discovery

www.arrowhead.eu

Event  Handler

The  Event  Handler  system  searches  and  connects  to  published  services   of  the  type  EventLog  in  the  ServiceRegistry.  

If  a  system  have  registered,  by  use  of    the  EventNofication  service,  to   listen  on  some  specific  type  of  event  or  system  that  log  events,  it  will   be  notified  of  the  specific  event  when  it  arrives  at  the  EventLog  service   interface.

«CP» DNS-SD

«CP» REST_WS-TLS-XML

«System»

EventHandler

«CP» DNS-SD

«CP» REST_WS-TLS-XML

ServiceDiscovery

EventLog

EventNotification AuthorisationControl

www.arrowhead.eu

Historian

The  Historian  is  used  for  storing  large  amounts  of  sensor  data,  as  well   as  distributing  messages  from  resource  constrained  devices  to  a  large   number  of  clients.  The  built-­‐in  support  for  Arrowhead  Events  enables   the  Historian  service  to  log  events  and  act  as  an  intermediated  event   cache  for  device  to  device  or  service  to  service  interaction.  Thus  the   Historian  behaves  like  a  network  cash  for  data  from  resource  

constrained  devices.

www.arrowhead.eu

Meta  Service  Registry

The  Meta-­‐Service  system  stores  additional  information  about  a  service   for  offline/later  access.    

This  system  is  a  support  system  for  the  service  registry  for  store   additional  information  such  as  constraint  information,  up-­‐time,  or   other  specific  information  that  can  be  valuable  for  the  usage.

«CP» DNS-SD

«CP» REST_WS-TLS-XML

«System»

Meta Service Registry

«CP» DNS-SD

«CP» REST_WS-TLS-XML

ServiceDiscovery

Meta-ServiceStore

www.arrowhead.eu

Arrowhead  Meta  Service  registry

The  Arrowhead  MSR  is  primarily  designed  to  work  with  resource-­‐

constrained  and  battery  powered  wireless  devices,  and  contains   metadata  about  services  and  devices,  such  as:  

• Battery  level,  renewable  energy  sources  

• Signal  strength,  network  topology,  current  access  point  

• Bandwidth  requirements  and  low-­‐latency  real-­‐time  communication   using  QoS  

• Uptime,  no  reboots,    

• Software  and  hardware  revision,  manufacturer  

• etc.

www.arrowhead.eu

User  /  System  Registry  system

The  User-­‐System  Registry  system  holds  unique  system  identities  for   deployed  systems  within  the  Arrowhead  network.

«CP» DNS-SD

«CP» REST_WS-TLS-XML

«System»

UserSystem Repository

«CP» DNS-SD

«CP» REST_WS-TLS-XML

ServiceDiscovery

UserSystemDiscovery

Quality  of  Service

The  Quality  of  Service  (QoS)  approach  takes  care  of  handling  requests   from  Service  Consumers  in  order  to  guarantee  the  reservation  of  the   network  and/or  computational  resources  and  to  give  delivery  

guarantees  to  the  communications  with  Service  Producers.

Migration  into/from  legacy  systems

Migration of SCADA/DCS Systems to the SOA Cloud

Delsing, J., Carlsson, O., Arrigucci, F., Bangemann, 


T., Hübner, C., Colombo, A. W., Nappey, P., Bony, B., 


Karnouskos, S., Nessaether, J. & Kyusakov, R. 2014 


Industrial Cloud-Based Cyber-Physical Systems : 


The IMC-AESOP Approach. Springer, p. 111-135 25 p.

Boliden  2011  

Control  over  wireless  link  


Hydraulic  control  at  damm  in  Tampere  2013   PLC  in  a  global  cloud


LKAB  2013  

SCADA  in  a  local    cloud

Necessary  technology  for  large   automation  systems  in  the  cloud

Robust  communication,  wired  or  wireless   IoT  sensors,  actuators,  PLC:s,  etc.  

DCS  and  SCADA  functionality’  

MES  and  ERP  functionality   Cloud  integration  technology  

Engineering  tools  for  cloud  automation  systems   Test  tools  and  simulators  for  debugging  

Migration  of    cloud  automation  into  legacy  production  system    

Suitable  security  

SoSD: System-of-Systems Description

SoSDD: System of Systems Design Description SysD: System Description

SysDD: System Design Description SD: Service Description

IDD: Interface Design Description CP: Communication Profile

SP: Semantic Profile

Development  tools  

System  Management  tool

IoT  and  cloud  security

Security  at  service  level   Certificates  

Tickets  

Data  encryption   IPsec  

TLS  

System  security  validation  
 methodologies

AAA Server CoAP NAS

user_KEY PC

Login service new request

validated Validated & Ticket

Service & Method & Ticket response Service & Method & Ticket

response

Ticket timeout Authentication

Access Control

Authentication Access Control

Figure 6: Authentication process

4.1 Authentication Method

On the authentication process the server must recognize the user as a valid user and communicate that to the CoAP-NAS. This process needs to be flexible and compatible with other standards and with this goal the propose framework creates a public login CoAP service on the CoAP-NAS. This login service must receive a PUT request with one of the following contents as a payload:

• User name and password as plain text. This option is only recommended during testing, debugging and development phases.

• User name and password hash. This is easy to implement and could be authenti- cated directly on the CoAP server (without RADIUS).

• A RADIUS packet (future work).

The possibility to run RADIUS protocol over CoAP (see section 2.4) gives to the framework a flexible authentication method usable with a standard RADIUS server.

An Authentication and Access Control Framework for CoAP- based Internet of Things,Punal, P., Eliasson, J. & Delsing, J.

2015 IECON 2014: Dallas, TX, USA , Oct. 29 2014 - Nov. 1 2014. p. 5293-5299

Test  tools  for  cloud  automation.

Automation  engineering  time

Automation  is  a  service  based  on  products  

Simplicity  of  automation  service  engineering  is  market  key   Arrowhead  Framework  reduces  engineering  time  

From    5-­‐6  days  -­‐>  6-­‐8  hours  (Abelko)

Can  we  build  Arrowhead  automation   systems  today?  

Robust  communication  

IoT  sensors,  actuators,  PLC:s,  etc.  

DCS  and  SCADA  functionality   MES  and  ERP  functionality   Cloud  integration  technology  

Engineering  tools  cloud  automation     Test  tools  and  simulators  

Migration  to  cloud  automation   Suitable  security  

➡ Products  on  the  market  

➡ Some  products  on  the  market  

➡ First  products  on  the  market  

➡ Demonstrated  in  industrial  env.  

➡ Some  products  on  the  market  

➡ Demonstrated  in  industrial  env.  

➡ First  products  on  the  market  

➡ Demonstrated  in  industrial  env.  

➡ First  products  on  the  market

www.arrowhead.eu

Renewable  -­‐  PV  at  building  roof   Recovery  from  lift  operation   Grid  supply  

Use  of  3  shared  services:  energy  tariffs,  prediction,  energy  planning  

Energy  savings  up  to  65%

www.arrowhead.eu

Use  of  prediction  service  enables  flexibility  in  energy  demand   Energy  savings  15%

Water  distribution  grid

www.arrowhead.eu

Load  balancing  of  individual  building  peek  energy  demands  service   Multi  site  optimisation  service  

Interacting  with  load  balancing  and  the  adaptive  control  curve    

Stena  (housing  company)  claims  5%  savings  in  energy  usage.

Arrowhead  Framework

Public  by  fall  2015
    

Documentation   Cookbook    

Support  wiki  

Core  system  code  

Tools  -­‐Open  source  and  commercial    

Sample  automation  services  -­‐  code

www.arrowhead.eu

Critical  platform  technologies

Security  -­‐  scalable  and  flexible  security  solutions    

Latency  -­‐  how  provide  "clouds"  with  latency  “guarantees"  

Dynamics/Continuous  -­‐  engineering,  configuration  and  deployment  

Scalability  -­‐  for  massive  numbers  of  resource  constrained  IoT  and  CPS  devices  

Critical  system  properties

Trust  in  cloud  automation  systems


Real  life  -­‐  at  scale  -­‐  demonstrators  enables     Standards,    

Society  and  political  acceptance

Conclusions

Very  large  scale  IoT  system  of  systems  is  desired   Critical  automation  trust  requires    

Latency  control  and    Security     Scalability  

Ease  of  continuous  engineering  

Solutions  enabling  dynamic  automation  systems:      

Design  and  Engineering  

Deployment,  Operation  and  Maintenance  

www.arrowhead.eu

Arrowhead.eu   an    

Artemis  and  ProcessIT.EU  project  

jerker.delsing@ltu.se