SSV
You can't do without IoT platforms!
IoT platforms are already available today in very usable versions. But what building blocks do the platforms actually consist of and what should you look out for if you want to use a platform?
Digital platforms have the potential to completely change entire industries as well as products. Despite this, automation providers are still very cautious when it comes to IoT platform integration. At the moment, users only have the option of IoT retrofitting. However, connecting devices to an IoT platform is generally no longer rocket science. The functional scope of leading cloud and IoT platforms has been developing at a rapid pace for several years. Device and machine manufacturers who continue to refrain from using these functions for their products will lose competitiveness in inverse proportion to this trend.
In this respect, anyone in the automation industry - who markets assemblies, devices or machines in which a piece of software is used - is well advised to take a closer look at the technical details and application possibilities of the IoT platforms from Amazon, Microsoft, Siemens and others and to bring their products up to date with the latest digital technology.
Building blocks of an IoT platform
IoT platforms consist of different layers, which vary depending on the provider. Despite sometimes having completely different names, at least two functional layers can be identified in most platforms:
IoT platforms have a multi-layered structure. The devices are connected as IoT devices in a star configuration via a hub. The application logic, which consists of standard services and individually created applications, is used to extract information from the device data. In addition, there is a rules engine that is run through according to the data flow principle of incoming and outgoing data and can trigger programmable actions.
© SSVTo connect the individual devices, sensors and actuators (IoT devices), there is usually an IoT hub or device gateway as a central message hub, which handles all communication between the platform and IoT devices and in which the IT security of the transmission channel is also implemented.
- All other components of a platform are combined in the application logic. This includes the numerous standard services of the respective platform (various databases, various runtime environments for apps, data analysis services with AI algorithms, notification functions) as well as a rules engine (data flow engine) as the data processing logic for incoming and outgoing IoT device data. Software modules (applications) are also being developed for the services and the rules engine in order to link the individual functions of the standard services with each other on a task-related basis.
Requirements for the IoT platform
In addition to the application logic, AWS IoT consists of a modular IoT hub that enables MQTT, HTTP 1.1 and WebSockets connections on the protocol side, with a clear focus on MQTT. In terms of security, the devices are expected to support TLS 1.2 with mutual authentication and are equipped with an X.509 certificate plus a private key. All security functions can be set very finely via a management system.
© SSVThanks to the IoT hub, the entire application has a star-shaped topology with the individual devices as end points. Such a hub forms the distribution function between all devices of an application and the services of the IoT platform. In this respect, the most important requirements can be divided into three topics:
1. security
As the central communication endpoint for all IoT devices in an application, the IoT hub also includes IT security to secure all connections. This includes
- Device authentication: every device that is allowed to communicate via the IoT hub must be securely identified beforehand;
- Ensuring confidential - i.e. encrypted - data transmission;
- Ensuring data integrity.
In addition, a security management function is required that enables the management of device-based authentication on the one hand and ensures complete control over all device access to the IoT platform on the other.
2. communication diversity
An IoT hub must support multiple communication patterns. In practice, not only the classic 'device-to-platform-application' communication direction is required. 'Platform-application-to-device' and 'device-to-device' are also required in many applications. Of course, the different security requirements must be taken into account. Data transfers from the platform to a device (i.e. IoT device write access) are definitely much riskier than communication in the opposite direction.
3. scalability
In extreme cases, an IoT hub must also function securely and reliably with millions of simultaneously connected devices that generate tens of millions of events per second. The challenge here is to achieve the most constant possible time behavior for the data throughput, regardless of how many active devices are currently connected to a hub and the number of messages this generates.
AWS IoT - a practical example
AWS IoT (AWS IoT Core) is offered as a cloud-based IoT platform. It enables any devices to communicate or interact with AWS cloud applications via an internet connection secured by TLS 1.2. Strictly speaking, AWS IoT is an additional functional layer that has been added to Amazon WebServices, which has been available since 2006, in order to adapt AWS to the special requirements of the Internet of Things.
From the perspective of the AWS IoT architects, IoT applications collect data in the cloud in order to process it with special applications in the environment of the AWS standard functions. Application scenarios are also conceivable in which an AWS application communicates directly with IoT devices, for example to control them remotely via Alexa Voice Service (AVS). In this respect, the platform includes a very comprehensive security system with diverse rights management.
A modular solution is used as the IoT hub. The interface to the devices is a so-called device gateway, to which all IoT devices of an application are connected via TLS. Due to the special features of the TLS protocol, MQTT and WebSockets make it possible to establish relatively long-lasting connections so that a new - time-consuming and data-intensive - TLS handshake is not required every time. A publish/subscribe broker function (message broker) is available for receiving and sending messages via MQTT. It also supports message transmission via HTTP POST request by means of a special server function. Such an HTTP request is functionally treated as an MQTT publish.
Brief overview of the most important Amazon Web Services (AWS) that can be used by an IoT application. Each individual service is a relatively complex application, but its practical use sometimes requires extensive specialist knowledge:
| AWS service name | Service description |
|---|---|
| DynamoDB | NoSQL-based database service that supports both key-value and document data structures. |
| EC2 | EC2 is the abbreviation for Elastic Compute Cloud. In the Amazon cloud, this name stands for scalable computing capacity for running your own applications on virtual computers in the cloud. |
| Kinesis | Scalable data streaming service for real-time analysis. Such data analyses can be used to detect anomalies in IoT data streams, for example. |
| Lambda | Event-driven service that executes special code in response to certain events. AWS Lambda belongs to the category of so-called serverless computing, as the user only has to worry about the code for the Lambda function and the event linking of this function, but not about the server resources. |
| S3 | S3 stands for Simple Storage Service. Behind the name lies a very powerful data storage infrastructure for AWS cloud applications. S3 allows the storage and retrieval of data objects of almost any size. S3 can be combined with AWS Lambda, for example, to call a Lambda function when a storage object is changed. |
| SageMaker | This service enables the creation and use of machine learning models, for example to analyze incoming data from IoT devices. |
Special feature Device Shadow
With regard to the performance of Device Gateway and Message Broker, Amazon points out that these functional units scale fully automatically as managed services and are also suitable for very large projects with more than one billion IoT devices. In this context, Amazon emphasizes that the Message Broker can also handle millions of simultaneous MQTT connections and, for example, distribute an incoming publish message to millions of subscribers.
A special feature of the AWS IoT Hub is the device shadow. This function block serves as a virtual data image (virtual representation) for each device connected to the device gateway, in which the last device status is stored for up to one year. This virtual representation is formed by a JSON-based document (maximum 8 KBytes per device). The JSON data can be accessed by other AWS applications or external mobile devices using a special REST API, for example. The device shadow is synchronized with the respective device from time to time. New (status) data is written from the device to the JSON document (Reported State), but variables are also read and transferred to the device (Desired State), which can lead to a changed device status.
The AWS IoT application logic essentially consists of a special rules engine and the standard web services of the Amazon Cloud (see table on page 3).
The rules engine can be used to pre-process, store and analyze all data received from the IoT devices and pass it on to other services. To do this, sets of rules are created with a syntax similar to SQL. If a rule applies, the corresponding action is executed.
Amazon provides various software development kits (SDKs) for different programming languages and runtime environments to support developers. One of these is the AWS IoT Device SDKs. They support the connection of different device architectures to the IoT Hub. There are also a large number of application SDKs for developing your own applications for the AWS cloud in all common languages.
The external appearance and internal technical implementation of almost all technical products has changed significantly in recent decades (see table on the next page with the example of a fictitious pillar drill). This trend will continue in ever shorter innovation cycles and will include business models as well as technical features.
System network requires platform integration
For the current state of the art (level 5 in Table 2, the pillar drill as a product-service hybrid), platform integration of the respective products is required in any case in order to realize the system network envisaged by Industry 4.0 concepts. Some IoT platform functions can run directly on site, i.e. as an edge application, while others require an external cloud service.
A condition monitoring solution that, for example, provides early warnings of impending failure of individual components in a 'system of systems' in the event of unusual operating conditions can be implemented both locally at the edge and in the cloud with the help of an IoT platform. Suitable sensors (such as current, vibration and noise, as each machine has specific current, vibration and noise characteristics) are used to continuously record status data and transmit it to the IoT platform. There, machine learning algorithms or other statistical methods are used to determine the respective component stress and calculate the remaining useful life.
The result can be used to optimize maintenance and quantifiable cost savings can be achieved through productivity improvements.
No innovative product without an IoT platform: overview of the individual development stages of technical products in recent decades using the example of an electric pillar drill. A higher-level IoT platform is already required for the overall function in the system network. Although stage 5 represents the current state of the art (the product-service hybrid), platform integration is still usually carried out via IoT retrofitting:
| Level | Feature | Description |
|---|---|---|
| 1 | Simple technical product | For example, electric pillar drill for workshops. The main operating elements are the on/off switch for the mains voltage of the internal electric motor and a cast-iron handwheel to move the drill head in a vertical direction. Electronics and software were not used at this early stage. |
| 2 | Smart product | With the introduction of microelectronics, the drill now has an internal speed control and a control panel with LCD in the front panel of the housing. The user can choose between different speeds and assign a separate operating hours and drilling process counter to each drill in order to replace them in good time |
| 3 | Smart, communication-enabled product | The drill now offers an Ethernet LAN or wireless interface for communication with a PC, smartphone or tablet as well as an electronically controlled vertical drive for the drill head. Drilling programs with tool and speed selection as well as defined vertical movement can be created, saved and executed. The recorded operating data of a drilling process can be recorded in a database with a time stamp and other details. |
| 4 | Product system | The pillar drilling machine has become a system-capable product. It can now be integrated into a production line and remotely controlled from a central system controller with regard to tool changes and drilling operations. An optional fieldbus adapter is available for this purpose, which supports Modbus, Profibus, Profinet and other industrial communication standards. Additional system accessories, such as a workpiece feeder, are also available. |
| 5 | System of Systems | The drilling machine now includes various other programmable systems, such as a suction and cleaning device, a cutting oil supply system for cooling the drill hole and tool, a camera system with workpiece recognition using artificial intelligence and a cloud-based CAD system for drilling process engineering. There is also a material database for optimizing drill head speed, drill tool selection, cutting oil supply, etc.. In addition, there is condition monitoring for all assemblies and systems of a plant to enable preventive maintenance. |
















