Best practices for industrial cloud computing delineated

Match organizational preferences with the relevant technology requirements.

By Melissa Topp, Iconics November 8, 2017

Integrating the Industrial Internet of Things (IIoT) into traditional supervisory control and data acquisition (SCADA) and human-machine interfaces scenarios delivers multiple benefits.

Increased scalability follows from secure access to multiple locations via cloud platforms, including the popular Microsoft Azure. Hardware obsolescence can be alleviated, as the "heavy lifting" of processor-intensive analysis can be off-loaded. Connectivity is enhanced, as increasing numbers of devices communicate via IIoT transport protocols.

However, without the ability to connect devices from behind firewalls and to publish data securely to IIoT-integrated applications, organizations may miss out on the promise of advanced analytics via cloud computing. If your organization is considering an IIoT integration strategy, the answers to the following questions highlight some best practices.

1. Does your organization already have existing IoT/cloud-ready hardware?

Some organizations planned for IIoT’s emergence, to ensure machinery electronics and discrete devices in production facilities can transfer data to a selected cloud service. For instance, a manufacturer may have updated assembly machines with units equipped for more advanced networking. This works well for companies that can afford such retrofitting, but might not be the most cost-effective means of ensuring IIoT connectivity.

Legacy industrial machinery can be connected to an IIoT infrastructure. However, some add-on hardware connection options often prove, comparatively speaking, cost-prohibitive. That’s where the concept of IoT gateway devices comes in.

IoT gateways are lightweight devices that act as a bridge between on-premise communications networks and cloud services, at a fraction of the cost of an equipment retrofit. These edge devices provide "southbound" data connectivity to end devices, completely on-premises. A device also provides a "northbound" communication path for connectivity between itself and the cloud.

IoT gateways incorporate strict security requirements. They serve as the delivery mechanism between the data generated and stored on-premise and that shared with the outside world. Intel, through its IoT Solutions Alliance program, supports original-design manufacturers with advanced security features such as unique hardware IDs, secure booting, whitelisting, and disabling of onboard peripherals, such as USB and com ports. Edge management is of equal concern when considering IoT gateways, as they require remote management once online and are registered with a preferred cloud service.

Needed security configuration and other features are incorporated in IIoT gateway hardware and ais integrated with comprehensive IoT software solutions.

2. Do you already have a preferred cloud-services vendor?

Decisions about preferred cloud-services providers might already have been made at your organization, based on on-premise computer, server, and operating system preferences, as well as those for network communication protocols and other factors. Many industrial users rely on Microsoft Azure, while others use Amazon Web Services (AWS) or Google Cloud Platform.

These are not the only cloud service options, although they are the biggest. Many others are available, depending on location, each with its own strengths and weaknesses.

For organizations that have not selected a provider, consider the following: 

  • What is the pricing structure? Is it easy to understand, with no possible hidden fees?
  • What is the comparative computing power? How many processing nodes are available at any given time? What type of database integration is offered-SQL or otherwise? What types of network integration are included-load balancing, DNS, VPN, or another type?
  • What are the provided storage limits? What are the archiving, so-called "cold storage," abilities and costs?
  • Where are the data centers located? Will there be anticipated latency due to distance? How will that effect connected user experience?

Equally important is how well a cloud-services vendor works with existing or planned IoT devices and software solutions. Selecting solutions that embrace open standards can help. Ensuring immediate interoperability is an important first step in the best practices for industrial cloud computing.

3. Does your organization prefer specific communication protocols, both for internal use and pub/sub-based?

In important industries, southbound communications between on-premise machinery and networks with cloud services involve a number of industry protocols, including:

OPC Classic specifications are based on Microsoft Windows technology, using COM/DCOM (Distributed Component Object Model) for data exchange between software components. The specifications cover real-time data access (DA), historical data access (HDA), alarms and events (A/E), XML data access (XML-DA), and data exchange (DX), complex data, security, and batch.

OPC Unified Architecture (OPC UA) is an open standard for exchanging information in a rich, object-oriented, and secure way. It provides a platform-independent means for mapping and exchanging real-time not real-life information while remaining compatible with the OPC Classic specification.

Modbus is an open communication protocol widely used by many manufacturers throughout multiple industries. The protocol can cover serial lines (Modbus RTU and Modbus ASCII) as well as Ethernet (Modbus TCP).

Simple Network Management Protocol (SNMP) allows devices to expose useful information to other connected devices. Almost all traditional IT devices can handle SNMP requests.

BACnet is the most widely used open communications standard in the building automation industry.

Some organizations might use a proprietary communications method, either in unison with one of the industry standard protocols or exclusively.

Northbound communications involve additional protocols, with the need for high security levels and often using a publish/subscribe ("pub/sub") mechanism. These protocols include:

Advanced Message Queuing Protocol (AMQP) provides flow-controlled, message-oriented communication with built-in options for message-delivery guarantees. Authentication and encryption is based on popular Internet authentication and data-security protocols such as Simple Authentication and Security Layer (SASL) and Transport Layer Security (TLS). AMQP, optimized for messaging between devices, supports read-and-write functionality for command and control or industrial-automation equipment.

Message Queuing Telemetry Transport (MQTT) was created for SCADA environments and related networks, using pub/sub to minimize payloads and overhead with application-specific, custom JavaScript Object Notation (JSON) or binary formats. Widely accepted in IT departments worldwide, MQTT has many open-source examples coded in multiple popular programming languages. MQTT is recommended when network bandwidth is a concern and should always be used in tandem with a secure communication method such as TLS.

Hyper Text Transfer Protocol Secure (HTTPS) was designed to serve requests and responses in a computing model for Web-page communication. It can more easily traverse firewalls without the need for specific IT policies that handle server request messages and return responses in the form of resources such as HTML files, content, and completion status details.

Representational State Transfer (REST)/JSON provides a stateless means for IoT-friendly information access. It leverages the HTTP transport protocol to deliver data, typically using JSON, which is a flexible, lightweight format like XML, to define its presentation.

When considering IIoT hardware devices and accompanying software solutions, consider both your organization’s southbound and northbound communication requirements.

4. Now consider what additional functionality is needed for the industrial cloud-based solution?

By this point, it may be known what new equipment is needed to connect electronic assets to the cloud, who the preferred cloud-services provider will be, and what communication protocols are considered most important.

Cloud connectivity initially may have been considered to secure the benefits of increased scalability with ensured security, reduced hardware obsolescence, and expanded connectivity. Additional value can be obtained via IIoT connectivity. This includes connected applications that are provided through a cloud-services provider, which take customer data at the edge and use it for mobile visualization or analysis. Examples include energy management or fault detection and diagnosis, rapid data historian storage and retrieval and more.

Some IoT gateway software solutions provide seamless integration for these types of applications. Off-the-shelf SCADA and other type interfaces, analytics, and data historians can connect to a cloud-services provider, subscribing to an "IoT Hub" from where these applications can ingest the provided data. One possible use case is energy monitoring, where IoT gateway software running on typical IoT gateway hardware can connect to popular energy, gas, or water meters for secure, real-time infrastructure monitoring and timely analytics. Another use case is innovative fault detection and diagnostics, where the IoT software suite can alert personnel of actions to prevent equipment failures or excessive energy use.

Cloud-based computing options, like other emergent technologies, will continue to evolve. A combined IIoT-integrated hardware and software solution delivers value in the forms of equipment monitoring, predictive maintenance, and operational efficiency. Cognizance of suggested best practices can lead to more informed decision for any organization’s cloud integration plans.

Melissa Topp is senior director of global marketing at Iconics.