White Paper: Digital Transformation Made Easy with Ignition and MQTT
The Industrial Internet of Things (IIoT) has gained attention by progressive leaders and new trends are driving a need for change. Data scientists are now tasked with connecting to the factory floor in order to utilize Big Data Analytics, Machine Learning and Artificial Intelligence. Digital Transformation will lead to increased performance, increased efficiency, and reduced maintenance-and-down time. This leads to increased revenue, market share, and ultimately increased profit. In order to take advantage of these new technologies companies must bridge the OT/IT gap and feed the machine with data in a secure, easily consumable, and cost effective way.
This white paper will describe how global organizations are utilizing MQTT and the Inductive Automation Ignition platform to implement an open standard architecture to achieve these goals. By easing access to information, coupled with being able to use best in class AI applications, companies will be empowered to achieve their goals to change the culture in their business by extracting value from process data previously unavailable.
Digital Transformation starts where the data is produced. This could be on the Factory Floor or at the Edge of a SCADA solution. Factory automation and telemetry technology has mostly been unchanged for 40 years. It has primarily used proprietary poll/response protocols from PLCs and sensors, as seen in the drawing below. Data is sent from PLCs or devices in raw values using cryptic register mappings to an MES and or SCADA/DCS host. This information is then usually manually configured to enter contextual items to each tag for the tag name, engineering range, units and scaling.
There are hundreds of these complex industrial protocols across various hardware manufacturers each with their esoteric language which creates barriers to the information. Any other consumers of the data within the Enterprise are constrained by what operations will give them and use complex API’s to extract the data, making the SCADA system into a bad messaging middleware service that it was not originally designed to do. Completing this exchange of data is often called bridging the OT/IT gap.
In the diagram above, an operation of data exchange is shown, where any changes in the I/O mapping becomes a logistical challenge. For example, if a range is changed, or a new I/O point added to the PLC. Also, the business application may require data that OT is not currently polling for, requiring additional investment to gain access to the stranded data.
Lastly with legacy poll/response proprietary protocols, the host asks over and over for the same information that most of the time hasn’t changed by a significant amount or even at all. This makes overall system response slow and deters operations from being able to retrieve other data in the field that business units within the organization may see value in, thus stifling innovation. This is what we call “tightly coupled device”. This means that the data producers are tied to one proprietary application, such as the SCADA/DCS host. The SCADA host becomes the only application that has access to the device and its data, making any real Digital Transformation virtually impossible.
For Digital Transformation to be successful we must decouple the data and provide business with tools on platforms mitigating customization and offer an enterprise wide solution architecture. Using the Ignition Platform from Inductive Automation in conjunction with MQTT Modules by Cirrus Link, provides the answer to these Digital Transformation requirements. It provides the standardization with an ease of implementation that is scalable across the business enterprise.
The solution must be cost-effective and access to data must be holistically driven across the enterprise for all business needs. This includes gaining access to the vast brownfield environment of equipment and systems that are currently in place today. It must work from a sensor, to a device (such as a PLC), to an Edge gateway, and up to the SCADA/MES system on the factory floor. IIoT or Industry 4.0 solutions are frequently used for a narrow solution, limiting its effectiveness for use across the entire enterprise. Having solutions using a common, open standard approach is the goal. This is where standardizing the data format is key to this commonality and where using the Sparkplug B (the Eclipse Tahu open source project) data payload format is ideal.
The Sparkplug B specification provides the context data needs to define a tag value for use with OT, also providing data to IT, making it 100% self-discoverable and easy to consume. This payload of data is delivered using MQTT, which is an OASIS standard and provides the delivery of the data. More importantly, it decouples devices from their protocols and is in a publish-and-subscribe topology.
Utilizing MQTT as a data transport and format is critical to the solution. MQTT is an efficient, stateful, protocol that decouples data into a publish-and-subscribe model versus a proprietary legacy poll/response architecture. MQTT also supports high availability, security and state awareness, making it ideal for many real time applications. This means that since we always know the state of the connection and can detect if a message is lost, data is only sent on change, drastically reducing network utilization allowing changes to be sent faster and increases the availability of data content to be sent.
MQTT technology has been used for mission critical industrial applications at Fortune 100 organization for over 20 years. Today with the emergence of IIoT, MQTT enables companies to use this tried-and-tested technology to gain access to more data from their plants and processes and share with the best in class applications throughout their enterprise.
As seen in the above MQTT topology drawing, legacy poll/response protocols are either eliminated entirely or at least pushed to the very edge of the network where the edge solution gathers data rapidly and translates into meaningful scaled values that are published to all interested parties.
When the Edge of network device becomes the tag authority, information and changes are only entered once, where they are mostly likely to be accurate, and then EVERY consumer throughout the enterprise is notified. This includes cloud applications receiving the updates the instant they are committed in the field. This is called the “Source of Truth”, meaning the edge of the network provides the source information where it is created. Pushing the Source of Truth to the edge eliminates the multiple asset management applications required for managing each new IT application and data source significantly reducing configuration time and errors from the current typical manual processes required.
Ignition is a powerful HMI, SCADA, and MES software platform from Inductive Automation providing cross-platform compatibility, unlimited free clients, robust out-of-the-box SQL database support, and fast installation. Leveraging the full power of the Ignition universal industrial automation platform and the MQTT middleware infrastructure defines a true IIoT solution unlike any other on the market today.
Ignition is the only IIoT platform with full-featured SCADA functionality built-in. Ignition is the world’s first truly universal industrial application platform. It empowers each user to connect IIoT data across an entire enterprise, rapidly develop automated systems, and scale in any way you need.
The benefits of Ignitions are:
- Unlimited licensing model: Add unlimited clients, screens, tags, connections, and devices
- Cross-platform compatibility: Ignition works with any major operating system
- Based on IT standard technology: Built on Java, Python, SQL, MQTT & others
- Modular configurability: Customize to any process or industry with SCADA, MES & IIoT modules
- Scalable server-client architecture: Easily deploy at one or more sites or in the Cloud
- Web-launch on desktop or mobile: Use it on any web-enabled PC or mobile device
For the transformation to truly happen in the business enterprise it must be able to solve the following items.
- Data Standardization – Change brownfield proprietary data into IT Consumable data
- Connectivity – Provide solutions for the whole enterprise, from a sensor to the application
- Secure and Efficient Data – Provide secure connectivity and multiple access layers
- Decoupling – enable data to flow to enterprise applications in a one to many approach
- Cloud Service Platform Connectivity – Provide OT data connectivity to the multiple cloud service platforms, with 100% self-discoverable data points
With Ignition and MQTT using the Sparkplug B specification, each of these requirements is addressed.
It is crucial to be able to translate the Brownfield data into data that is easily consumable by IT. OT data is proprietary and cryptic in nature and typically has no context as to naming, engineering units, or scaling. The SCADA/HMI control application currently polls devices in their proprietary protocol of which any context of the data is hand entered not retrieved by the protocol. Sparkplug B and the tools of Ignition provide the standardization to transform data into today’s IT standards providing full context. Sparkplug B is an open standard that is license free to use under the Eclipse Foundations TAHU project and can be found here https://projects.eclipse.org/proposals/eclipse-tahu There three main components to the specification that are the following:
- Defining MQTT Topic Namespace – provides the standard topic addressing scheme for MQTT clients to identify how to publish and subscribe MQTT messages
- Defining MQTT Payload Definition – provides the binary format and schema for MQTT clients to build and decode MQTT payloads
- Defining MQTT State Management – provides the process how to manage and the state between the edge clients and host client applications
Below is an example of how Sparkplug is different from the widely used Modbus protocol. In a typical legacy application, a Modbus register 40,027 is polled by the SCADA host and returns a value of 1256.
The SCADA host must be manually configured to understand the context of how to use with the Modbus response. How does an IT application use 40,027 and 1256? Does it know what it represents and what is the data type or engineering units? It does not, without manual intervention. Also, how does it access the data, is it required to build an interposing process to access the data from the SCADA Host? With Sparkplug B, the IT applications can subscribe to this information as it provides the meta data and context required for Digital Transformation. Now you can publish in MQTT the “Tag Name”. For example, 4027 represents the Compressor Temperature with scaling 0 to 100 in Degrees C that is easily consumable for both IT and OT. This would be represented in MQTT Sparkplug B as follows:
The tools of Ignition and other Sparkplug B devices provide the means to connect brownfield devices and applications to this infrastructure for organizations to standardize on bridging-the-gap for OT to IT in a cost-effective manner.
MQTT is another standard to help innovate digital transformation solutions. It provides the decoupling of the data breaking free what typically is a proprietary SCADA implementation into one-to-many publish/subscribe architectures. This enables any device or application supporting the open standard of MQTT and Sparkplug to connect or send data to the enterprise.
A traditional system is shown in the diagram above, where SCADA owns the data path which was built for operations, OT Data. Now, new consumers are requesting data, not only the OT data but other data not needed for operations. New application or custom code is written to get this data out of SCADA. The SCADA host is now polling for data it does not need for OT operations. This goes on as new data consumers are added, building a brittle enterprise of applications that is costly to manage and comes to a point where it does not address the needs of the organization and is too complex to change. No innovation happens and the Organization is trapped from moving to new technology without tremendous costs and operational disruption.
Moving to a publish/subscribe model with MQTT enables this transition from a one-to-one into a one-to-many approach, encouraging innovations while making it easy to adopt new technologies. Data producers publish the data in Sparkplug B format to an MQTT server. The MQTT server enables those who have secure access to subscribe to the data as shown in the diagram below.
The OT application will subscribe to the data instead of polling for it. It is a bi-directional connection that is also used for control. If a new setpoint is needed to be sent, the OT application will publish a command message to write the value to a PLC or device. The diagram below shows how effective MQTT enables the Digital Transformation.
Data from the brownfield as well as current SCADA applications needs to be able to connect into the MQTT architecture.
Sensors either connect directly into a PLC/RTU or are considered “smart” and support a protocol or MQTT. For “smart” sensors or devices, MQTT is an open standard and requires minimal resources to implement a MQTT Sparkplug B client. There is a GitHub repository on Eclipse PAHO and Eclipse TAHU with sample code available to assist in this development. There are many existing devices such as the EZAutomation EZRack PLC that support Sparkplug and have implemented the MQTT client to now connect directly into the MQTT infrastructure.
MQTT is the most used IoT protocol in the world and is an OASIS standard. Most IoT devices already use it as client. The next step is to define the payload and topic notation per the Sparkplug B specification and digital transformation is achieved. See the diagram below showing how this is applied from a sensor or from any TAHU enabled device and as an example the EZAutomation EZRack PLC:
For existing PLCs located either on a factory floor or out on an extended network , an Edge Gateway is utilized to translate the proprietary protocol into the Sparkplug B tag names and meta data. It would also provide the MQTT client to connect into one-to-many communication infrastructures such as cellular, satellite, radio, etc. Using the Inductive Automation Ignition Edge platform is ideal for these situations.
Ignition Edge is a software solution that is cross-platform, independently running on Linux, Windows industrial PCs, or embedded devices. This includes running on a Raspberry Pi, cellular gateway, or spread spectrum radio platform combing the connectivity, be it ethernet, LAN, WAN, Cellular or Radio, with the Ignition Edge platform for a single box solution reducing costs. This is shown in the drawing below:
Ignition Edge provides tools that configure connectivity to brownfield devices. It is not custom code, rather a completely supported software solution. A MQTT Transmission module comes natively on the Ignition Edge platform which converts the operational tags into MQTT Sparkplug B format and manages the connection to the MQTT server delivering data to the enterprise.
The MQTT Transmission Module also provide essential benefits in that it only sends changed data, vastly reducing bandwidth, typically by 85% or more. Another benefit is that it monitors the network connection to the MQTT server and SCADA host. If any failure occurs to provide store and forward capabilities and log the change events. When the failure is fixed, the historical data is sent with the historical flag telling subscribers that the data is historical and to treat it as such and push it into a historian and not act on it as live data. The Edge Gateway provides the critical tooling to migrate the brownfield environment into Digital Transformation making use of the data for operations as well as enabling IT analytics.
If Ignition is already installed it becomes very easy to connect its data to the Digital Transformation solution. All that is needed is the MQTT Transmission module and any tag data is available to be published to a MQTT Server in Sparkplug B format. Whereas if there is other branded existing SCADA/HMI/MES solutions in place, if they have an OPC-UA or DA connection, their data is also easy to migrate. Taking benefit of the Ignition platform and its modular approach there is a simple way to integrate the OT data. This easy to implement solution provide the secure bridging of the Factory Floor to the business enterprise.
For any operational system, security is of the utmost importance. Both the MQTT Edge and Enterprise Clients utilize the same security models. Each MQTT Client initiate an outbound connection over the TCP/IP network utilizing TLS with security certificate credentials from Certificate Authority (CA). TLS uses a set of public/private security certificates where the MQTT Clients must establish a connection to the MQTT Server which is “authenticated” by the CA. This is the same level of security used in banking systems today and is considered “best practice” by NIST. The diagram below show the secure connection architecture:
Due to the unique network architecture of MQTT topologies, MQTT Edge Clients disable all inbound TCP PORTs over the network. This provides a high level of security by preventing potential attackers on the internet/intranet from simply establishing a connection with the Edge devices. This configuration, while giving the best security, can create challenges for accessing the Edge Client for remote debug and configuration. These challenges can be overcome using a reverse VPN connection. For IT security, this vastly simplifies the protection as seen in the diagram below where all that is required to securely manage is a single port.
The MQTT Servers provide the message delivery mechanism for both operations and the business enterprise. The MQTT Servers must be 3.1.1 OASIS compliant such as the MQTT Distributor or Chariot MQTT Server offered by Cirrus Link. For multiple MQTT Server redundancies and a higher number of connected clients, the Chariot MQTT Server is offered for on-premise or cloud-connected applications.
MQTT Servers are configured with the same TLS Security as used by the MQTT Edge device. MQTT Servers utilize further security measures in the form of MQTT level username, password and an Access Control List (ACL). The ACL limits which devices or applications can connect into the MQTT Server. The ACL also controls what topics a given username/password pair can publish-and-subscribe on providing further security. For instance, you may have a cloud service subscribing to data for a machine learning and the MQTT broker only allows it to subscribe to data and not publish any controls. The MQTT Servers should be setup in a DMZ and behind a firewall that only allows two inbound ports for connection: 8883 and 443.
Digital Transformation can be defined as the application of digital capabilities to processes, products, and assets to improve efficiency, enhance customer value, manage risk, to innovate and discover new opportunities. It enables insight across enterprise value chains, enhance competitiveness, and improve customer experience. It is critical to have a complete strategy for implementing Digital Transformation that addresses the data standardization, connectivity of different applications, and security and ease of integration with cloud services such as AWS and Azure. Too often failed projects are based on proprietary solutions that are specific to one process and require custom code that delivers a proprietary result that is not scalable failing to meet ROI expectations.
Utilizing MQTT and Ignition with the open-standard Sparkplug data representation provides tools for organization to build a cost-effective solution for Digital Transformation across their enterprise. It eliminates wasted time and costs seen time and again as organization’s struggle with implementing a cohesive strategy to build the digital enterprise. With minimal risk and cost, this solution enables OT data to be consumed with simple configurations on proven software tools that securely bridge the OT IT gap providing contextual information for the data scientist to use Big Data Analytics, Machine Learning, Artificial Intelligence to gain insight and increase productivity and profit.
For further information, please contact Cirrus Link to setup a meeting to answer any of your questions, receive a presentation and see a live demo implementing Digital Transformation with Ignition & MQTT.
Contact firstname.lastname@example.org for more information or a demonstration.