2015 05-19-ms clemens-vasters_erichbarnstedt-opc-day_slideshare
TRANSCRIPT
Clemens VastersPrincipal Architect, Azure IoT Services
Erich BarnstedtPrincipal Software Engineering Lead, Windows IoT
Sensor to Cloud: Analytics and Integration with OPC UA and Microsoft Azure
Internet
ISP
(Mobile) Network Operators
Personal Environment and Networks
“IoT” - Connected Things
Device
Device
Device
Device
Field Gateway
Cloud Systems
Device
Cloud Gateway
Device
LocalInteraction
MNOGatewa
y
Cloud Portals and APIs
Mobile & WebInteraction
Control System
Analytics
Data Management
Watches, Glasses, Work Tools, Hearing Aids,
Robotic Assistance, …
Homes, Vehicles, Vessels, Factories, Farms,
Oil Platforms, …
Vehicle Fleets, Sea Vessels, LV Smart Grids,
Cattle, …
Local Gateway
Local Portals and APIs
Control System
Analytics
Data Management
KUKA Partner Pod OPC Foundation Partner Pod
Microsoft Azure Cloud
Optional for Redundancy
TwinCAT 3 OPC UA
RaaS Plug-In with OPC UA
FR Kinect Plug-In
FR Cloud RaaS Plug-in
ML
Stream Analytics
OPC UA Cloud Relay
Diagnostic Data Upstream
KUKA RaaS Loop
SIEMENS RFID
Harting RFID
Diagnostic Data Upstream
Booth Visitor Phone/Tablet PAD
Surface 3 Pro with consolidated NMI Beckhoff
SPS
OPC
UA
OPC UA
OPC
UA
Orange Lines – KUKA MxAutomation UDPBlue Lines – Factory-Relay TransportGreen Lines – NMI (Natural Machine Interface = UI of Solution)Black Lines – OPC UAYellow Lines – RFID (AutoID?) protocol
Factory-Relay
Factory-Relay
Factory-Relay
Azure
ServiceBus/EventHubAzure
Se
rviceB
us/E
vent
Hub
HMI 2015
Industrial Core Scenario“Private” / “Public”
+ Cost -
+ Control -
Datacenter (“Cloud”)SiteMachine/System
…
MES
Site Analyti
cs
ERP ERP
CRMAnalytics
Machine Learning
Data Lake…
…
Control
Supervision and Coordination
Analytics and Optimization, Production Data Exchange
Maintenance and Servicing
Networks and Services
Bus• 1 Machine• Physical Access Control• Latency in microseconds
(hard real-time)• Harmonized components• Proprietary protocols• Isolated communication• Scheduled servicing
windows
Local Network and Services• 100s machines• Local and network access
control• Latency <10 ms• Controlled components• Mixed protocols• Difficult to isolate
communication• Scheduled servicing
windows
Internet and Cloud Services• 100,000s of machines• Federated access control• Latency >10 ms• Autonomous components• Open protocols• No isolated communication• No-downtime servicing
Transport and Application Protocols
Bus• Link Layer Wired/Wireless• Ethernet, Industrial Buses• WiFi, 802.11, 802.15.4• BLE, NFC
Local Network and Services• IPv4, IPv6, IP6LoWPAN• IPSec• TCP, UDP• TLS• HTTP, AMQP, MQTT, DDS,
CoAP, SSH, OPC/UA, HART/IP, Ethernet/IP, Profinet, …
Internet and Cloud Services• IPv4, IPv6• TCP• TLS• HTTP, AMQP, MQTT, …
• VPN• GSM, ISM
• If it‘s not secure, it‘s not a solution• STRIDE – Spoofing, Tampering, Information Disclosure, Denial of Service, Elevation of Privilege • Threats are explicitly mitigated or left explicitly unmitigated
• Security dominates Interoperability• There is no communication or interoperability without authentication, authorization, and
protection of the communication path.
• There is no “one way” or “one standard”• Scenarios and their requirements determine the characteristics required for the protocols and
for securing the communication path.
• Complexity loses in the long run • WS-* vs. HTTP/REST, DCOM/CORBA vs, HTTP, XML vs. JSON
• Loose coupling wins in the long run• Temporal coupling, programming languages, type systems, runtime environments, operating
systems
Principles for Interoperability
• What – What Information is being exchanged?• Semantics – Common terminology and conceptual structure, shared
data types, semantic protocols, data flow• Semantic extensibility – platform, system, solution
• Who – Who are the communication partners?• Information – who may access what information under which
conditions?• Commands – who may initiate actions under which conditions?• Auditing – who may or must supervise activities under which
conditions?
• How – How does communication happen?• Networks, protocols, data encoding, encryption• Tenancy and multiplexing
Interoperability – What, Who, How
Policies, Procedures, Guidance
Defense in Depth
Cloud Field Gateways Devices
Physical
Global Network
Identity and Access Control
Application
Data
Physical Physical
Local Network Local Network
EdgeApplication
Data Data
HostHostHost
Data Privacy Protection and Controls
People and Device Identity Federation, Data Attestation
Trustworthy Platform Hardware, Signed Firmware, Secure
Boot/Load
Secure Networks, Transport and Application Protocols,
Segmentation
Tamper/Intrusion Detection Physical Access Security
• Network Security modeled after physical access security
• Segregated networks. Well-defined gates.
• Access control at the network/gateway level.
• Network access sufficient to access assets.
Legacy Network Design Attitude Reality
Device
Device
Device
Device
LocalInteraction
Local Gateway
Local Portals and APIs
Control System
Analytics
Data Management
AuthN/Z
Service Assisted Communication (SAC)
(CG)NATFirewall
Router
Isolated Network
Service Gateway
Client
Port Mapping is automatic, outbound
Device does not actively listen for
unsolicited trafficNo inbound ports
open, attack surface is minimized
Public address, full and well
defendable server platform
Q
Q
Device Identity
Registry/Directory
Connections are device-initiated and
outbound
Non-IP
Field Gateway
Access Control Policies
Industrial Automation
Device
Device
Device
Device
OPC UA Gateway
Cloud Systems
Cloud Gateway
Cloud Portals and APIs
Control System
Analytics
Data Management
Local Gateway
Local Portals and APIs
Control System
Analytics
Data Management
AMQP
OPC/TCP &Fieldbuses
AMQP 1.0 LinkBi-Directional
SecureReliable TransferApplication LevelNo Inbound Ports
Cloud Based IoT Solutions
Three parts of an IoT solution
1 Device connectivity & management
2 Analytics & operationalized insights
3 Presentation & business connectivity
Easy to provision, use and manage
Pay as you go, scale as you need
Global reach, hyper scale
End to end security & privacy
Azure IoT
Field Gateway
Device Connectivity & Management
IoT Device & Cloud PatternsD
evi
ces
RTO
S, L
inux,
Win
dow
s, A
ndro
id, i
OS
Cloud Gateway
Event Hubs
Field Gateway
Protocol Adaptation
Event Hubs• High scale telemetry ingestion
service• HTTP/AMQP protocol support• Each Event Hub supports
• 1 million publishers• 1GB/s ingress
• Generally available worldwide• 18 Billion messages per day• 60+ TB ingested per day
Field Gateway
Device Connectivity & Management
IoT Device & Cloud PatternsD
evi
ces
RTO
S, L
inux,
Win
dow
s, A
ndro
id, i
OS
Cloud Gateway
Event Hubs
Field Gateway
Protocol Adaptation
Additional IoT Needs• Command & control• Device identity• Device registry• Device management
Coming with the Azure IoT Suite…
Field Gateway
Device Connectivity & Management
IoT Device & Cloud PatternsD
evi
ces
RTO
S, L
inux,
Win
dow
s, A
ndro
id, i
OS
Protocol Adaptation
Cloud Gateway
Event Hubs&IoT Hub
Field Gateway
Protocol Adaptation
IoT Hub• Capability of the Azure IoT Suite• Bi-directional device <-> cloud • Up to 10 million devices• Telemetry ingestion• Command & control• Device registry & identity• Device Management• HTTP/AMQP• Extensible protocol support / MQTT
Field Gateway
Device Connectivity & Management
IoT Device & Cloud PatternsD
evi
ces
RTO
S, L
inux,
Win
dow
s, A
ndro
id, i
OS
Protocol Adaptation
Cloud Gateway
Event Hubs&IoT Hub
Field Gateway
Protocol Adaptation
Cross-Platform Device Support• Open source “agent” framework• Simple, secure device <-> cloud
connectivity & management• RTOS, Linux, Windows, Android, iOS• Easy to use, not required
Cross Platform C Code
OS Abstraction Layer / OS Bindings
C API .NET API Java API Javascript API
Field Gateway
Device Connectivity & Management
Analytics & Operationalized Insights
IoT Device & Cloud PatternsD
evi
ces
RTO
S, L
inux,
Win
dow
s, A
ndro
id, i
OS
Protocol Adaptation
Batch Analytics & Visualizations
Azure HDInsight, AzureML, Power BI,
Azure Data Factory
Hot Path Analytics
Azure Stream Analytics, Azure HDInsight Storm
Hot Path Business Logic
Service Fabric & Actor Framework
Cloud Gateway
Event Hubs&IoT Hub
Field Gateway
Protocol Adaptation
Find insights to• Power new services• Improve your
“things”
Operationalize your insights in real timeIoT Scale Object Models & Business Logic
Field Gateway
Device Connectivity & Management
Analytics & Operationalized Insights
Presentation & Business Connectivity
IoT Device & Cloud PatternsD
evi
ces
RTO
S, L
inux,
Win
dow
s, A
ndro
id, i
OS
Protocol Adaptation
Batch Analytics & Visualizations
Azure HDInsight, AzureML, Power BI,
Azure Data Factory
Hot Path Analytics
Azure Stream Analytics, Azure HDInsight Storm
Presentation &
Business Connectivity
App Service, Websites
Dynamics, BizTalk Services, Notification Hubs
Hot Path Business Logic
Service Fabric & Actor Framework
Cloud Gateway
Event Hubs&IoT Hub
Field Gateway
Protocol Adaptation
Microsoft Azure IoT services
Devices Device Connectivity Storage Analytics Presentation & Action
Event Hubs SQL Database Machine Learning App Service
Service Bus Table/Blob Storage
Stream Analytics Power BI
External Data Sources DocumentDB HDInsight Notification
Hubs
External Data Sources Data Factory Mobile
Services
BizTalk Services
{ }
Platform Convergence Journey
Windows Embedded Handheld 6.5
Windows Embedded 8 Handheld
Windows Embedded 8.1 Handheld
Windows Embedded 8
Windows on Devices
Windows Embedded Standard 8
Windows Embedded 8.1
ConvergedOS kernel
Convergedapp model
Windows Embedded Standard 7
Windows Embedded Compact 7
Windows 10
Windows Embedded Compact 2013
Porting Tools
Windows 10 IoT Editions
“For Industry Devices”
Based on a Desktop SKUDesktop Shell, Win32 apps
1 GB RAM, 16 GB Storage“For Mobile Devices”
Based on a Mobile SKUModern Shell
Mobile Chassis requirement
512 MB RAM, 4 GB storage
Windows 10 IoT CoreDedicated devices
No Shell/Store/MS Apps
256MB RAM, 2GB storage
Universal Apps
Requires desktop or desktop apps– Win32, .NET, WPF, etc. ?
Requires a Shell experience, multiple applications, Windows first-party
applications, or mobile voice?
Otherwise
Commercial Device Opportunities withWindows 10 IoT Core
Thin Client
Zero ClientUltra Thin
Client
Digital Sign / Kiosk
Micro KioskSimple
Digital Sign
IoT Gateway
Industrial Gateway
Smart Home
Gateway
$0 Royalty cost to device builders
Windows Universal App Platform
Windows Universal PlatformCommon & Consistent APIs
Converged APIs, write ONE Universal App and target all Windows 10 editions• Scale and get higher ROI by selling same App to all Windows 10 editions OEMs/ODMSs• Reuse existing development skills
Languages• C++ /CX• C#, VB• JS• Python• Node.js
APIs• WinRT• Win32• .NET• Wiring
Deployment and Execution• APPX• XCopy• App Isolation
UI Frameworks• HTML• Xaml• DirectX
Tools• Visual Studio• PowerShell
Windows Universal Driver Platform
Windows Universal PlatformCommon & Consistent Device Driver APIs
WDFAudio
BluetoothBuses (USB, SPB)
HID(Retail), ButtonsCamera
Graphics & Display
LocationNetworking - WiredNetworking - WLANSecurity - Biometrics
Security - CryptoSecurity - Smartcard
Security - TPM
NFCSensorsThermal
TouchUEFI
Video
• We scanned over 100k drivers to create a universal driver API set
Demo• OPC-UA Server based on ANSI C Stack• Only 1 source file required modification (Cryptography API: Next
Generation)
• Running on Windows 10 IoT Core• Investigating Universal Windows Platform
(UWP) version• Porting from .Net Stack currently available
• https://opcfoundation.org/developer-tools/developer-kits-unified-architecture
ANDREAS SCHIERENBECKCEOTHYSSEN KRUPP ELEVATORS
“We wanted to go beyond the industry standard of preventative maintenance, to offer predictive and even preemptive maintenance, so we can guarantee a higher uptime percentage on our elevators.”
Create the Internet of Your Things
Mine Data Take ActionConnect Assets
Connect assets and process data• Connect to
heterogeneous devices
• Log millions of events per second in near real time
• Process data from devices with variable load profiles
Comprehensive technology
Event Hubs | Heterogeneous client agents
Mine data to produce insights• Uncover real-time
insights from streaming data and events
• Process unstructured and semi-structured data to uncover new business possibilities
• Predict future outcomes by combining live data with historical data
Stream Analytics | Machine Learning | HDInsight | Storage options
Comprehensive technology
Mine Data Take ActionConnect Assets
Act on the data and insights to realize results• Deploy at scale IoT
dashboards
• Notify users on any platform
• Leverage decision support tools to spot risks and opportunities at a glance
Comprehensive technology
Azure Websites & Mobile Services | Notification Hubs | Power BI
Mine Data Take ActionConnect Assets
Thank You!The Internet of Things starts with your things
Build on the infrastructure you already have
Add more devices to the ones you already own
Get more from the data that already exists
Stop just running your business. Start making it thrive. Start realizing the potential of the Internet of Your Things.