gateway icon  PRODUCT SELECTOR:

Connect Your:

To:

RTA's Blog

Open Factory Floor Architectures

Posted on by John S Rinaldi
17
Dec

At the recent Georgia Tech Manufacturing Institute (GTMI) seminar, Andrew Dugenske, Director of the Factory Information Systems (FIS) Center at GTMI presented an open architecture for factory floor applications.

GTMI

There are a lot of really good things to say about this concept. GTMI is correct to say that this architecture:

  • accommodates a wide variety of devices, protocols, and applications
  • supports many-to-many communication
  • is built on standards (no proprietary lock-in)
  • is extremely scalable
  • is simple to use and deploy
  • is monitorable and traceable.

It is all of those things, but the claims of security and maintainability are overstated.

It is unclear how secure this architecture is. There certainly is no end-to-end security in this architecture. An analytics device that requires Modbus data from a Modbus device has no end-to-end security between the analytics device and the Modbus device or Modbus device gateway. There is a broker involved and several gateways – several attack surfaces and an undefined security architecture. Is that up to the user to define? Is there a specific, highly secure MQTT broker that must be used with this system? Looking at this system from a security perspective, the very secure claim seems to be overstated.

I also question the maintainability and extensibility of this architecture. Instead of data modeling, this architecture defines its own, custom data definitions. It’s well thought out, but a generic data model such as defined in this architecture is never going to be a perfect fit for all applications and all devices.

The Open Process Automation Forum defines the exact same model as GTMI and claims the same benefits. What is different about the OPAF architecture is that instead of a simple transport layer (MQTT), OPAF uses the OPC UA architecture. This provides two advantages over the GTMI architecture:

One, multiple security mechanisms are available within OPC UA. There is end-to-end security, if needed, from the Northside (IT applications) to the Southside (end devices). An analytics tool can make a secure connection (or non-secure if that makes sense) directly to the Modbus gateway to get Modbus device data. The attack surfaces when using the OPAF architecture are smaller than with the GTMI architecture.

Two, data modeling is much more sophisticated and more application-specific in the OPAF architecture. OPC UA provides the ability for users, trade associations and vendors to create specific data models for specific applications. These data models can be discoverable at runtime and allow a Client device to automatically locate and use a data model that correctly captures the operation of the device and all its data. Data integration between the Northside and the Southside is vastly improved in the OPAF architecture.

With the number of trade associations adopting OPC UA (over 45 at last count) and creating data models, I see no reason to believe that there will be large scale adoption of the GTMI platform with the MQTT transport layer at its core. OPAF architecture is far superior and will be more successful.

Avatar photo
John S Rinaldi

John Rinaldi is Chief Strategist, Business Development Manager and CEO of Real Time Automation (RTA). After escaping from Marquette University with a degree in Electrical Engineering, John worked in various jobs in the Automation Industry before once again fleeing back into the comfortable halls of academia. At the University of Connecticut, he once again talked his way into a degree, this time in Computer Science (MS CS). John is a recognized expert in industrial networks and the author of six books: Modbus: The Everyman’s Guide to Modbus, OPC UA – Unified Architecture: The Everyman’s Guide to OPC UA, EtherNet/IP: The Everyman’s Guide to EtherNet/IP, The Smart Product Manager’s Guide to Industrial Automation Connectivity, The Smart Product Manager’s Guide to Connectivity in the Packaging Industry, and his latest, The Everyman’s Guide to Properly Architecting Ethernet/IP Networks.