Bringing the Power of the Cloud to Industrial Automation

OPC UA PubSub: Bringing the Power of the Cloud to Industrial Automation

Many OPC systems today have a small number of HMIs or SCADA applications which manage a larger number of devices. In some cases, MES systems and ERP systems are part of the picture and use OPC interfaces to collect data from the factory and send it on to enterprise applications. This model works well for many applications and will continue to be a mainstay of many industrial automation users which have a lot of equipment installed in a single location that needs to be managed. However, the widespread deployment of cloud based solutions has many factory operators wondering how they can take advantage of it to streamline their operations. The needs of these users have been the driving force behind the new OPC UA PubSub Specification. This specification layers OPC UA on top of message based middleware such as AMQP or MQTT in a way that allows users to take advantage of OPC UA features such as the robust information modelling framework while adapting to the message centered communication paradigm of the middleware.

Use OPC UA PubSub to Broadcast Data and Events to the Cloud

OPC UA PubSub defines a loosely coupled message protocol that can be used with multiple encodings (e.g. JSON, UA Binary or XML) and multiple transports (e.g. AMQP, MQTT, XMPP et. al.). Applications which publish information create data or event subscriptions as they would for normal OPC UA communications and forward the notifications produced to the Message Oriented Middleware. Applications which consume information create subscriptions with the Message Oriented Middleware which will forward the messages to them as they arrive. The OPC UA PubSub Specification defines a format for these messages that allow them to be consumed by subscribers who have no knowledge of OPC UA and no ability to connect to the publisher.Cloud1

The middleware in these cases may support durable queuing, multicast and/or filtering which allows OPC UA data or events to reach a much larger variety of applications including big data applications which depend on a supply of real time data from the factory.

Data is not Enough: OPC UA Extends its Information Model to the Cloud

The raw data in messages produced by publishers can have a structure which can be understood by subscribers which have no access to information other than the message. However, the metadata associated with the message can provide important additional context which allows the subscribers to properly interpret the message. To facilitate this OPC UA PubSub defines a metadata message that can be delivered using the same middleware broker infrastructure. These messages also allow the publishers to instantly report changes to their configuration which affects the content of the messages. Each message published includes an identifier for the metadata version that applies to the message which ensures that subscribers can easily detect and mange changes to the metadata.

End to End Security: Cloud Services run by Third Parties may not be Secure Enough

The Cloud relies on infrastructure provided by vendors that specialize in providing large scalable systems. However, the nature of the Cloud means these third parties will have access to the data even if the communication between the application and the broker is secure. OPC UA PubSub provides for end-to-end security which ensures that only applications authorized by the operators will be able to view or modify the data no matter how many intermediaries are required to deliver the data. OPC UA PubSub includes a key distribution model that allows loosely coupled applications to share keys as needed (Figure 2). Access to the Security Key Servers is controlled using web based standards for federated identity management such as OAuth2. For example, a factory owner can use the OAuth2 support built into Active Directory to provide authorization services for their Security Key Servers. This access will be independent of the middleware used to deliver the messages to their intended recipients and allows for access to be granted or revoked as needs evolve.

OPC UA PubSub End-to-End Security Model
Figure 2: OPC UA PubSub End-to-End Security Model

OPC UA PubSub: A Flexible solution that can Evolve

Different middleware vendors want operators to commit to using their protocol for their operations. OPC UA PubSub provides a framework for simultaneously supporting multiple protocols as the needs of factory owners evolve while providing a standard architecture for describing complex information. Figure 3 illustrates how this works in practice where a Machine Vendor uses MQTT to communicate with its machines deployed in a customer’s factory while the Factory Operator uses AMQP to capture analytics. In both cases, the data being sent to the Cloud is based on OPC UA PubSub and conforms to an OPC UA Information Model. The bottom line for factory operators is OPC UA reduces costs and provides greater flexibility by allowing factory operators to focus on information their enterprise needs instead of the protocol needed to move the information between systems.

OPC UA PubSub a Flexible Framework that Evolves as Needs Change
Figure 3: OPC UA PubSub a Flexible Framework that Evolves as Needs Change

– Randy Armstrong
Chief Architect
Sparhawk Software