2015 05-19-ms clemens-vasters_erichbarnstedt-opc-day_slideshare
TRANSCRIPT
Clemens VastersPrincipal Architect, Azure IoT Services
Erich BarnstedtPrincipal Software Engineering Lead, Windows IoT
Sensor to Cloud: Analytics and Integration with OPC UA and Microsoft Azure
Interoperability Principles
Internet
ISP
(Mobile) Network Operators
Personal Environment and Networks
“IoT” - Connected Things
Device
Device
Device
Device
Field Gateway
Cloud Systems
Device
Cloud Gateway
Device
LocalInteraction
MNOGatewa
y
Cloud Portals and APIs
Mobile & WebInteraction
Control System
Analytics
Data Management
Watches, Glasses, Work Tools, Hearing Aids,
Robotic Assistance, …
Homes, Vehicles, Vessels, Factories, Farms,
Oil Platforms, …
Vehicle Fleets, Sea Vessels, LV Smart Grids,
Cattle, …
Local Gateway
Local Portals and APIs
Control System
Analytics
Data Management
KUKA Partner Pod OPC Foundation Partner Pod
Microsoft Azure Cloud
Optional for Redundancy
TwinCAT 3 OPC UA
RaaS Plug-In with OPC UA
FR Kinect Plug-In
FR Cloud RaaS Plug-in
MLStream Analytics
OPC UA Cloud Relay
Diagnostic Data Upstream
KUKA RaaS Loop
SIEMENS RFID
Harting RFID
Diagnostic Data Upstream
Booth Visitor Phone/Tablet PAD
Surface 3 Pro with consolidated NMI Beckhoff
SPS
OPC
UA
OPC UA
OPC UA
Orange Lines – KUKA MxAutomation UDPBlue Lines – Factory-Relay TransportGreen Lines – NMI (Natural Machine Interface = UI of Solution)Black Lines – OPC UAYellow Lines – RFID (AutoID?) protocol
Factory-Relay
Factory-Relay
Factory-Relay
Azure
ServiceBus/EventHubAzure
Se
rviceB
us/Ev
entHub
HMI 2015
Industrial Core Scenario“Private” / “Public”
+ Cost -+ Control -
Datacenter (“Cloud”)SiteMachine/System
…
MES
Site Analyti
cs
ERP ERP
CRMAnalytics
Machine Learning
Data Lake…
…
ControlSupervision and Coordination
Analytics and Optimization, Production Data ExchangeMaintenance and Servicing
Networks and Services
Bus• 1 Machine• Physical Access Control• Latency in microseconds
(hard real-time)• Harmonized components• Proprietary protocols• Isolated communication• Scheduled servicing
windows
Local Network and Services• 100s machines• Local and network access
control• Latency <10 ms• Controlled components• Mixed protocols• Difficult to isolate
communication• Scheduled servicing
windows
Internet and Cloud Services• 100,000s of machines• Federated access control• Latency >10 ms• Autonomous components• Open protocols• No isolated communication• No-downtime servicing
Transport and Application Protocols
Bus• Link Layer Wired/Wireless• Ethernet, Industrial Buses• WiFi, 802.11, 802.15.4• BLE, NFC
Local Network and Services• IPv4, IPv6, IP6LoWPAN• IPSec• TCP, UDP• TLS• HTTP, AMQP, MQTT, DDS,
CoAP, SSH, OPC/UA, HART/IP, Ethernet/IP, Profinet, …
Internet and Cloud Services• IPv4, IPv6• TCP• TLS• HTTP, AMQP, MQTT, …
• VPN• GSM, ISM
• If it‘s not secure, it‘s not a solution• STRIDE – Spoofing, Tampering, Information Disclosure, Denial of Service, Elevation of Privilege • Threats are explicitly mitigated or left explicitly unmitigated
• Security dominates Interoperability• There is no communication or interoperability without authentication, authorization, and
protection of the communication path.• There is no “one way” or “one standard”
• Scenarios and their requirements determine the characteristics required for the protocols and for securing the communication path.
• Complexity loses in the long run • WS-* vs. HTTP/REST, DCOM/CORBA vs, HTTP, XML vs. JSON
• Loose coupling wins in the long run• Temporal coupling, programming languages, type systems, runtime environments, operating
systems
Principles for Interoperability
• What – What Information is being exchanged?• Semantics – Common terminology and conceptual structure, shared
data types, semantic protocols, data flow• Semantic extensibility – platform, system, solution
• Who – Who are the communication partners?• Information – who may access what information under which
conditions?• Commands – who may initiate actions under which conditions?• Auditing – who may or must supervise activities under which
conditions?• How – How does communication happen?• Networks, protocols, data encoding, encryption• Tenancy and multiplexing
Interoperability – What, Who, How
Security Principles
Policies, Procedures, Guidance
Defense in DepthCloud Field Gateways Devices
Physical
Global NetworkIdentity and Access Control
ApplicationData
Physical Physical
Local Network Local Network
EdgeApplicationData Data
HostHostHost
Data Privacy Protection and Controls
People and Device Identity Federation, Data Attestation
Trustworthy Platform Hardware, Signed Firmware, Secure
Boot/Load
Secure Networks, Transport and Application Protocols,
Segmentation
Tamper/Intrusion Detection Physical Access Security
• Network Security modeled after physical access security
• Segregated networks. Well-defined gates.
• Access control at the network/gateway level.
• Network access sufficient to access assets.
Legacy Network Design Attitude Reality
Device
Device
Device
Device
LocalInteraction
Local Gateway
Local Portals and APIs
Control System
Analytics
Data Management
AuthN/Z
Service Assisted Communication (SAC)
(CG)NATFirewall
Router
Isolated Network
Service GatewayClient
Port Mapping is automatic, outbound
Device does not actively listen for
unsolicited trafficNo inbound ports
open, attack surface is minimized
Public address, full and well
defendable server platform
Q
Q
Device Identity
Registry/Directory
Connections are device-initiated and
outboundNon-IP
Field Gateway
Access Control Policies
Industrial Automation
Device
Device
Device
Device
OPC UA Gateway
Cloud Systems
Cloud Gateway
Cloud Portals and APIs
Control System
Analytics
Data Management
Local Gateway
Local Portals and APIs
Control System
Analytics
Data Management
AMQP
OPC/TCP &Fieldbuses
AMQP 1.0 LinkBi-Directional
SecureReliable TransferApplication LevelNo Inbound Ports
Data Flow, Integration, and Analytics
Cloud Based IoT Solutions
Three parts of an IoT solution
1 Device connectivity & management
2 Analytics & operationalized insights
3 Presentation & business connectivity
Easy to provision, use and managePay as you go, scale as you needGlobal reach, hyper scale
End to end security & privacy
Azure IoT
Field Gateway
Device Connectivity & Management
IoT Device & Cloud PatternsDe
vices
RTOS
, Lin
ux, W
indo
ws, A
ndro
id, iO
S
Cloud GatewayEvent Hubs
Field Gateway
Protocol Adaptation
Event Hubs• High scale telemetry ingestion
service• HTTP/AMQP protocol support• Each Event Hub supports
• 1 million publishers• 1GB/s ingress
• Generally available worldwide• 18 Billion messages per day• 60+ TB ingested per day
Field Gateway
Device Connectivity & Management
IoT Device & Cloud PatternsDe
vices
RTOS
, Lin
ux, W
indo
ws, A
ndro
id, iO
S
Cloud GatewayEvent Hubs
Field Gateway
Protocol Adaptation
Additional IoT Needs• Command & control• Device identity• Device registry• Device management
Coming with the Azure IoT Suite…
Field Gateway
Device Connectivity & Management
IoT Device & Cloud PatternsDe
vices
RTOS
, Lin
ux, W
indo
ws, A
ndro
id, iO
S
Protocol Adaptation
Cloud GatewayEvent Hubs&IoT Hub
Field Gateway
Protocol Adaptation
IoT Hub• Capability of the Azure IoT Suite• Bi-directional device <-> cloud • Up to 10 million devices• Telemetry ingestion• Command & control• Device registry & identity• Device Management• HTTP/AMQP• Extensible protocol support / MQTT
Field Gateway
Device Connectivity & Management
IoT Device & Cloud PatternsDe
vices
RTOS
, Lin
ux, W
indo
ws, A
ndro
id, iO
S
Protocol Adaptation
Cloud GatewayEvent Hubs&IoT Hub
Field Gateway
Protocol Adaptation
Cross-Platform Device Support• Open source “agent” framework• Simple, secure device <-> cloud
connectivity & management• RTOS, Linux, Windows, Android, iOS• Easy to use, not required
Cross Platform C Code
OS Abstraction Layer / OS Bindings
C API .NET API Java API Javascript API
Field Gateway
Device Connectivity & Management
Analytics & Operationalized Insights
IoT Device & Cloud PatternsDe
vices
RTOS
, Lin
ux, W
indo
ws, A
ndro
id, iO
S
Protocol Adaptation
Batch Analytics & VisualizationsAzure HDInsight, AzureML, Power BI, Azure Data Factory
Hot Path AnalyticsAzure Stream Analytics, Azure HDInsight Storm
Hot Path Business LogicService Fabric & Actor Framework
Cloud GatewayEvent Hubs&IoT Hub
Field Gateway
Protocol Adaptation
Find insights to• Power new services• Improve your
“things”
Operationalize your insights in real timeIoT Scale Object Models & Business Logic
Field Gateway
Device Connectivity & Management
Analytics & Operationalized Insights
Presentation & Business Connectivity
IoT Device & Cloud PatternsDe
vices
RTOS
, Lin
ux, W
indo
ws, A
ndro
id, iO
S
Protocol Adaptation
Batch Analytics & VisualizationsAzure HDInsight, AzureML, Power BI, Azure Data Factory
Hot Path AnalyticsAzure Stream Analytics, Azure HDInsight Storm
Presentation & Business Connectivity
App Service, Websites
Dynamics, BizTalk Services, Notification Hubs
Hot Path Business LogicService Fabric & Actor Framework
Cloud GatewayEvent Hubs&IoT Hub
Field Gateway
Protocol Adaptation
Microsoft Azure IoT servicesDevices Device Connectivity Storage Analytics Presentation &
Action
Event Hubs SQL Database Machine Learning App Service
Service Bus Table/Blob Storage
Stream Analytics Power BI
External Data Sources DocumentDB HDInsight Notification
Hubs
External Data Sources Data Factory Mobile
Services
BizTalk Services
{ }
insider.windows.com
One Product FamilyOne PlatformOne Store
Platform Convergence Journey
Windows Embedded Handheld 6.5
Windows Embedded 8 HandheldWindows Embedded 8.1 Handheld
Windows Embedded 8
Windows on Devices
Windows Embedded Standard 8
Windows Embedded 8.1
ConvergedOS kernel
Convergedapp model
Windows Embedded Standard 7
Windows Embedded Compact 7
Windows 10
Windows Embedded Compact 2013
Porting Tools
Windows 10 IoT Editions
“For Industry Devices”Based on a Desktop SKUDesktop Shell, Win32 apps1 GB RAM, 16 GB Storage“For Mobile Devices”Based on a Mobile SKUModern ShellMobile Chassis requirement512 MB RAM, 4 GB storage
Windows 10 IoT CoreDedicated devicesNo Shell/Store/MS Apps256MB RAM, 2GB storageUniversal Apps
Requires desktop or desktop apps– Win32, .NET, WPF, etc. ?
Requires a Shell experience, multiple applications, Windows first-party
applications, or mobile voice?
Otherwise
Commercial Device Opportunities withWindows 10 IoT Core
Thin Client
Zero ClientUltra Thin Client
Digital Sign / Kiosk
Micro Kiosk Simple Digital Sign
IoT Gateway
Industrial Gateway
Smart Home
Gateway
$0 Royalty cost to device builders
Windows Universal App Platform
Windows Universal PlatformCommon & Consistent APIs
Converged APIs, write ONE Universal App and target all Windows 10 editions• Scale and get higher ROI by selling same App to all Windows 10 editions OEMs/ODMSs• Reuse existing development skills
Languages• C++ /CX• C#, VB• JS• Python• Node.js
APIs• WinRT• Win32• .NET• Wiring
Deployment and Execution• APPX• XCopy• App Isolation
UI Frameworks• HTML• Xaml• DirectX
Tools• Visual Studio• PowerShell
Windows Universal Driver Platform
Windows Universal PlatformCommon & Consistent Device Driver APIs
WDFAudio
BluetoothBuses (USB, SPB)
HID(Retail), ButtonsCamera
Graphics & Display
LocationNetworking - WiredNetworking - WLANSecurity - Biometrics
Security - CryptoSecurity - Smartcard
Security - TPM
NFCSensorsThermal
TouchUEFI
Video
• We scanned over 100k drivers to create a universal driver API set
Demo• OPC-UA Server based on ANSI C Stack• Only 1 source file required modification (Cryptography API: Next
Generation)• Running on Windows 10 IoT Core• Investigating Universal Windows Platform
(UWP) version• Porting from .Net Stack currently available
• https://opcfoundation.org/developer-tools/developer-kits-unified-architecture
ANDREAS SCHIERENBECKCEOTHYSSEN KRUPP ELEVATORS
“We wanted to go beyond the industry standard of preventative maintenance, to offer predictive and even preemptive maintenance, so we can guarantee a higher uptime percentage on our elevators.”
Create the Internet of Your Things
Mine Data Take ActionConnect Assets
Connect assets and process data• Connect to
heterogeneous devices• Log millions of events
per second in near real time
• Process data from devices with variable load profiles
Comprehensive technology
Event Hubs | Heterogeneous client agents
Mine data to produce insights• Uncover real-time
insights from streaming data and events
• Process unstructured and semi-structured data to uncover new business possibilities
• Predict future outcomes by combining live data with historical data
Stream Analytics | Machine Learning | HDInsight | Storage options
Comprehensive technology
Mine Data Take ActionConnect Assets
Act on the data and insights to realize results• Deploy at scale IoT
dashboards • Notify users on any
platform• Leverage decision
support tools to spot risks and opportunities at a glance
Comprehensive technology
Azure Websites & Mobile Services | Notification Hubs | Power BI
Mine Data Take ActionConnect Assets
Thank You!The Internet of Things starts with your things
Build on the infrastructure you already haveAdd more devices to the ones you already ownGet more from the data that already exists
Stop just running your business. Start making it thrive. Start realizing the potential of the Internet of Your Things.