Architecture of Industrial IoT - ASRENasrenorg.net/eage2016/sites/default/files/files/Marc...
Transcript of Architecture of Industrial IoT - ASRENasrenorg.net/eage2016/sites/default/files/files/Marc...
-
Architecture of Industrial IoTDecember 2, 2016
Marc Nader@mourcous
-
Copyright 2015 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 2
Branches of IoT
IoT
Consumer IoT(Wearables, Cars, Smart
homes, etc.)
Industrial IoT (IIoT)
Smart Gateways
Wireless Sensor
Networks
Mesh(Zigbee,
Dust, Wifi)
LPWAN (LoRa,
NB-IOT, Sigfox)
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 3
The IOT Paradigm
How do we get there?
HOW?
http://mms.businesswire.com/media/20150929006449/en/488323/5/Nexus_6P-Frost-Front_and_Back.jpghttp://mms.businesswire.com/media/20150929006449/en/488323/5/Nexus_6P-Frost-Front_and_Back.jpg
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 4
IOT Data Flow
Capture CodeTransmitRAN
TransportIP, MPLS, etc.
Store Analyze Action
Site Network Data Center/Cloud
Big Data /Analytics /
Application builders
IoT Enabler
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
IOT Data Flow
Within the Site
5
Part of Operation Technology (OT);Sensors with analog (0-10V) or digital electrical outputs;Powered by the IOT node or through an external source;The IOT node transforms the electrical signal into data packets;Message Queuing Telemetry Transport (MQTT),
Constrained Application Protocol (CoAP)Rugged design;Or Sensors can take form of any IP based protocol.
Capture Code
IoT nodes connect one or multiple sensors and translate an analog signal into packets.
Sensors IoT nodes
TransmitRAN
TransportIP, MPLS, etc.
Store Analyze Action
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 6
Low Power Wide Area (LPWAN)
Po
we
r u
sag
e
Range >10km
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
IOT Data Flow
Radio Access Network: Transmitting the M2M chatter
7
Collecting data from on a massive scale while preserving the sensor battery life is a challenge;Ferocious competition for the Low Power Wide Area (LPWA) technology dominance;
The "LPWAR": lets look at the market alternatives in this area:Sigfox: Global IoT Operator.LoRa: Enable operators and enterprises to create IoT networks3GPP: NB-IOT, LTE-M, NB-LTE & 5G: Natural evolution of mobile operators.
Fixed & Short rangeWifi + 3/4G/FixedZigbee + 3/4G/Fixed
Capture Code Transmit Transport
Sensors IoT nodes IoT Gateways IP Network
Store Analyze Action
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 8
Sigfox
Privately owned, French.
Ultra narrow band 868Mhz - 100Hz (BPSK)140 messages per unit per day. 1 every 10 minutes.
12 bytes per message15 km, bi-directional.High battery life (Up to 20 years)
Limited bandwidth applicationsCity wide deployments, short message
communicationsShipping and very activeNetwork as a service model.Cloud based.
Technology Applications
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 9
LoRa
LoRa Alliance, backed by Cisco, IBM,...
Star of Stars topology, Encrypted protocolWideband CDMA: 868Mhz -
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 10
Narrow Band IOT - NB - IOT
3GPP, Huawei (Neul acquisition)
LTE-M - 1.4Mhz (1Mbps/1Mbps)NB LTE-M - 200khz (200kbps/170kbps)One LTE cell can handle 150k LTE-M devices10 years battery life (200 bytes daily update)Low cost terminal
Leverage the LTE network with a software upgrade.LTE-M +15dB link budget (x7 coverage)NB LTE-M +20dB link budget (x10 coverage)
Licensed spectrum3GPP Rel. 13 NB-IOT Coming with LTE-A Pro (4.5G)Mobile operators become IoT operators with
a software upgrade..
Technology Applications
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 11
Fixed & Short Range IoT Connections
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 12
Fixed or Short Range Wireless
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 13
WiFi / Zigbee / Dust + 3G/4G
Local Aggregation of IOT nodes is done through:WifiZigbee / 802.15.4 / Dust / Z-Wave
Site aggregation is done through 3G/4G or fixedNeed external power source for the aggregationHigher throughput
High throughput, sending voice/videoReal Time or near-RTIn home, in plant, on campus.
Technology Applications
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
IOT Data Flow
Transmitting the M2M chatter
14
Capture Code Transmit Transport
Technology decision factor
Sensors IoT nodes IoT Gateways IP Network
Store Analyze Action
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 15
Evolutions of Apps
Making Sense of Data
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 16
IoT Applications
The three layered approach
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
IOT Data Flow
Gathering, structuring and processing the data
17
Input from IOT Gateways (MQTT)Input from IOT Network Server (kafka)Any other inputData modeling and data set definitionsMachine Learning, Analytics
Data Science for IOT: making sense ofmassive data and give the machines theability to take intelligent decisions.
Capture Code Transmit Transport Store Analyze Action
Sensors IoT nodes IoT Gateways IP Network
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 18
The Challenge of Data in Motion
Data at Rest Data in MotionVS
Capture Analyse Actiont1 t2
Capture
Analyse
Action
rt, nrt
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 19
Hardware/Software Platform Summary
Long Range
Short Range
IoT Gateway
Node & Sensor
Node + Sensors
Cellular
Fixed IoT Network Platform
Application #1
Application #2
Application #3
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 20
Hardware/Software Platform Summary
Long Range
Cisco LoRa Gateway
Node & Sensor
Node + Sensors
Ogero Backbone
Actility Network Platform
Application #1
Application #2
Application #3Short Range
MIC, AS128 Encryption (NwkSkey, AppSkey) HTTPS Post, MQTT, Kakka
AS256 IPSec - Cisco
Ogero Network
Optional Payload Encryption (App developers)
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 21
Full Network Design
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 22
The IoT Services Framework
Connectivity Management
Device Management
Data Management
S
E
C
U
R
I
T
Y
Application
Enterprise
Integration
Cloud 2 Cloud
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
Fog Computing
Eliminating the unnecessary chatter on the radio
23
Capture Code Transmit Transport Store Analyze Action
Fog Computing
Cloud Computing
Preprocessing of data from sensors saves on transmissions costs.
Bringing some intelligence closer to the edge.
Computing on the IOT gateway
(managing different nodes)
Decreased network chatter and cloud storage. Linux IoT nodes, complex computing done local.
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
Mist Computing
Eliminating the unnecessary chatter on the radio
24
Capture Code Transmit Transport Store Analyze Action
FogCloud Computing
Bringing some intelligence closer to the edge.
MistComputing
Computing on the IOT node
(sensor or actuator)
Decreased latency More autonomy
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 25
A Step In the Right Direction
Interoperability efforts
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 26
Remember Stuxnet
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 27
The Security Paradigm
IOT Gateways(Linux, cheap chips)
How about security?
https://upload.wikimedia.org/wikipedia/commons/thumb/f/fc/Project-triangle.svg/2000px-Project-triangle.svg.pnghttps://upload.wikimedia.org/wikipedia/commons/thumb/f/fc/Project-triangle.svg/2000px-Project-triangle.svg.png
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 28
The End of The Fortress Approach
Once the hacker is in, Game Over!
Intelligence is distributed and networks are intertwined.
The Goal is not to keep out only.Detect, Isolate, Heal
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 29
You are as secure as your weakest link
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 30
The Zero-Trust Network
30
Untrusted TrustedUntrusted
https://pixabay.com/static/uploads/photo/2016/03/21/23/43/computer-1271863_960_720.pnghttps://pixabay.com/static/uploads/photo/2016/03/21/23/43/computer-1271863_960_720.pnghttps://pixabay.com/static/uploads/photo/2016/03/21/23/43/computer-1271863_960_720.pnghttps://pixabay.com/static/uploads/photo/2016/03/21/23/43/computer-1271863_960_720.png
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 31
Proposed IOT Security Framework
Per device:Authentication: endpoints should be fingerprinted.Authorization: establishing the cross platform trust
relationships.Network Enforced Policy: all elements that route and
transport endpoint traffic securely over the infrastructure.
Analytics: Data, generated by the IoT devices, is only valuable if the right analytics algorithms or other security intelligence processes are defined to identify the threat.
Cisco Securing the Internet of Things: A proposed Frameworks.Google BeyondCorp
-
Copyright 2016 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission 32
IOT
Finally
IOTInformation Technology
Operation Technology
Business Outcome
Operation technology & Low Current Radio Access Networking Data Integration, software Data science
System Integration
http://ian.umces.edu/imagelibrary/albums/userpics/101505/normal_ian-symbol-dollar-sign.pnghttp://ian.umces.edu/imagelibrary/albums/userpics/101505/normal_ian-symbol-dollar-sign.png
-
Thank you!
Marc [email protected]
@mourcous
mailto:[email protected]