Industrial internet of things (IIoT) refers to a multidimensional and tightly coupled chain of systems involving edge devices, cloud applications, sensors, algorithms, safety, security, vast protocol libraries, human-machine interfaces (HMI), and other elements that must interoperate.
When dealing with the timescale of industrial equipment, which has critical subsystems that operate on a scale of hundreds of microseconds (or less) but need to operate in factories and remote locations for decades, relying solely on a cutting-edge multicore embedded processor to scale in the IIoT space is, at best, unimaginative. At worst, it is a short-sighted catalyst leading to a series of difficult and costly trade-offs focused on managing functional timing issues stemming from performance bottlenecks.
A much higher degree of freedom in scaling is desperately needed at the IIoT edge due to the timescales involved. Such scaling freedom can be unlocked by using programmable hardware that augments the software running on the embedded processor cores. This is a more consistent approach that allows determinism, latency, and performance to be easily managed and eliminates interference between the information technology (IT) and operational technology (OT) domains and within subsystems in the OT domain.
In parallel, sustainable value is available with processors that provide features like hardware virtualisation, which allows architects to incorporate new guest operating systems and provides levels of autonomy and isolation where needed. Consistently useful features are also available, such as memory protections that are unlikely to outlive their usefulness. Augmenting static processor architectures with specialised hardware to create a division of labour that is balanced and ideally suited for the pending tasks is not a new paradigm for the embedded electronics world. Garnering more attention is the need to adapt both the tasks and the division of labor itself over time.
This article examines three key applications areas that comprise the foundation of IIoT – connectivity, cybersecurity, and edge compute – within the context of selecting an IIoT edge platform that can adapt to the impact of market trends over time. It is vital to have an IIoT platform that is extraordinarily flexible, scalable, and equally capable of dealing with both OT and IT technologies. An all programmable system-on-chip (SoC) is the ideal solution.
Fig. 1: Timescale, attributes, and life cycle of typical IIoT systems.
Connectivity: From legacy standards to future protocols
Connectivity in the age of IIoT is moving toward a streamlined approach, but this transition introduces new complexities. Edge and system-wide protocols like the OPC Foundation Open Platform Communications-Unified Architecture (OPC-UA) and Data Distribution Service for Real-Time Systems (DDS) are gaining significant momentum in their respective application areas. Both benefit from the emergence of time-sensitive networking (TSN), a deterministic Ethernet-based transport that can manage mixed criticality streams.
TSN significantly enables the vision of a unified network protocol across the edge and throughout the majority of the IIoT solution chain, because it supports varying degrees of scheduled traffic alongside best-effort traffic. TSN is an evolving standard, and dedicated chipsets (e.g. ASIC or ASSP) advertising standards compliance before all aspects of the standard and the endmarket-specific profiles are finalised is fraught with risk.
In a similar way, attempting to add support for TSN to an existing controller that manages real-time data via a purely software-based approach might result in unpredictable timing behavior, at best. The likely result is the degradation of interrupt responsiveness, memory access timing, etc. Ultimately, this is not a reasonable solution, because TSN requires a form of time-awareness not in controllers today. Even if an external TSN switch is added to the system, without integrated TSN in the same device (to manage control functions, e.g., the endpoint), the switch connecting the various endpoints will likely produce backward Ethernet compatibility support for a non-TSN enabled controller. The goal is to get TSN integrated into the endpoint to enable scheduled traffic versus best-effort traffic with a minimum impact to control function timing (Fig. 2).
Fig. 2: TSN topologies and benefits.
Integrating an all programmable implementation of TSN in the controller minimises the effects of the change by enabling the implementation of bandwidth-intensive, time-critical functions in hardware, without significant impact to the software timing. The designer can implement pure endpoints or bridged endpoints by using Xilinx’s internally developed, fully standards-compatible, and optimised implementation of TSN. Whether upgrading a controller that is designed with an all programmable SoC from standard Ethernet to TSN or designing a new controller with the evolving TSN standard, the all programmable approach enables the designer to make changes with the least impact to critical timing and is future proofed (vs. ASICs and ASSPs).
An alternate but equally common use case is also worth considering. Because IIoT is not a new industry, it still needs to support the lengthy list of legacy industrial protocols that have been in use throughout the industry’s fragmented past and present. Most modern SoCs do not offer support for even a sizable fraction of these protocols. Also, the number of network interfaces can exceed the I/O capabilities of most of these fixed SoCs.
In contrast, all programmable SoCs enable the creation of a system that can withstand customer-specific customisation, such as support for legacy protocols and their associated I/O connectivity. Whether the protocol requires a 250 µs or 64 µs cycle time, the fully encapsulated and hardware-offloaded implementation of these industrial communication controllers eliminates the cost of additional devices, without causing the side effects to mainstream software and firmware that a software-based approach might cause.
Cybersecurity: Hardened and adaptable to future threats
IIoT thought leaders employ a “defense-in-depth” approach to the broad topic of cybersecurity. Defense-in-depth is a form of multilayered security that starts at the supply chain of suppliers and reaches the end customers’ enterprise and cloud application software. In this section, the scope is the chain of trust for deployed embedded electronics at the IIoT edge. With the network extending to the analog-digital boundary, data needs to be secured as soon as it enters the digital domain. Defense-in-depth security requires a strong hardware root of trust that enables secure and measured boot operations, run-time security through isolation of hardware, operating systems, and software, and secure communications. Independent validation of credentials through trusted remote attestation servers, certificate authorities, and so forth should be employed throughout the chain.
With cybersecurity attacks expected to become more frequent, security is not a static proposition but an ever-evolving one. For example, since 1995, five notable revisions were made to the transport layer security (TLS) secure messaging protocol, with more to come. IIoT system suppliers and their customers need to know how to mitigate security risks that evolve over time while maximising the life and utility of costly assets. The cryptographic algorithms that underscore protocols like TLS can often be implemented in software, but with the move toward IT-OT convergence, these changes on the IT side can create adverse effects on time-critical OT performance.
To reduce this impact, some software architectural tools such as hypervisors and other isolation methods are available. It is possible to pair these software concepts with the ability to offload and support new, currently undefined cryptographic functionality that uses programmable hardware years after product field deployment. This approach provides a stronger risk mitigation plan and might avoid costly recalls, patches, and the potential threat of litigation.
Software-defined hardware
As mentioned, hardware offload is not just supported in the programmable hardware of an all programmable SoC. Achieving the full vision requires software automation that streamlines the technology. A tool like the SDSoC development environment enables users to write C/C++/OpenCL, among a growing list of languages, and to partition all or part of the function in programmable hardware or software. The SDSoC development environment also generates the data movement engines and infrastructure between the processor and the programmable hardware. In 2015, the SDSoC tool was used with an advanced encryption standard (AES)-256 algorithm to demonstrate 4X improvement in performance when partially moving the algorithm to the programmable hardware.
That benchmark focused on exploring the optimal balance of software intelligence and programmable hardware optimisation. But the tool can also completely offload the function to programmable hardware as well. Similarly, motor control loop closure times via hardware acceleration engines are shown to offer 30 to 40 times the performance of a software-only implementation.
Edge compute: Scalable, cost-efficient, and real-time
Just as with communications and security, edge compute is evolving in multiple directions. The computational power of the cloud, which operates on streams of unlocked data from previously inaccessible systems, provides users with actionable insights previously unseen or not understood. This creates a set of expectations, or table stakes, which serve as a new baseline. Just as relying on GPS-based navigation systems is making most highway maps obsolete, purchasers and users of industrial equipment have different expectations of feedback from their IIoT systems. Currently, the trend is to push the generation of these insights from the cloud to the edge, as driven by three primary factors:
These are industry trends and should not be viewed in terms of absolutes. Even merely pre-processing data locally and sending optimised, obfuscated data to the cloud can be hugely beneficial in addressing some of these security and privacy concerns. An extremely simple example is to apply a low-pass, or averaging filter, to time series data at the controller that is responsible for a machine. The result is to simultaneously reduce the number of data points that are sent to the cloud and also to suppress outlier data. Programmable hardware enables you to apply these optimisation functions to the data as it is streaming off the machine, which enables the most efficient processing of that data versus using complex memory transactions that compromise the response time of any potential decisions based on the data. This example can be stated in terms of a single data stream from a single sensor, but in actuality, most industrial systems consist of hundreds or even thousands of simultaneous data streams. The number of connections amplifies the problem and the value of the solution that is provided by programmable hardware through various sensor fusion techniques and on-chip analysis.
In the example described here, intelligence is embedded at the controller to make local adjustments for time-sensitive feedback items and push the less time-critical data to the cloud in a condensed format. This is a good example of the edge and cloud complementing each other. This description of embedded intelligence and edge-cloud cooperation can also apply to machine learning at the edge, a topic that is rapidly becoming more relevant in IIoT. Machine learning – which includes neural network-based machine learning inference and deployment, as well as classical techniques such as regression and others – is extremely well suited for the power-efficient, customisable, and massively parallel compute architecture of programmable hardware. Because of this, programmable hardware-based acceleration cards are used extensively in the cloud. The same all programmable technology is available for use at the edge, offering the lowest latency, power, and cost for multi-sensor machine learning applications. The ability to efficiently support all the foundational aspects of the IT-OT convergence while simultaneously offering superior capability in burgeoning areas enables all programmable technology to claim the widest IIoT application coverage in a single device. For example, combining applications like motor control, machine vision, network communications, functional safety, cybersecurity, etc., with edge analytics and machine learning is the expected use case for all programmable technology in IIoT. By using tools like the SDSoC development environment with its supporting libraries, users can implement substantial algorithms in a fraction of the smallest all programmable devices (Fig. 3).
Fig. 3: Machine learning inference flow for Zynq-7000 and Zynq UltraScale+ SoCs.
FPGA companion for legacy processors
To implement the wide range of IT-OT functions, the most common choice for IIoT edge platforms are all programmable SoCs. These devices offer the integration benefits that were described previously, as well as power and cost savings. Another option exists for real-world situations in which a pre-existing architecture is in place, perhaps with legacy code that is tied to a legacy embedded processor. In these cases, some of the benefits described are still valid through the use of programmable hardware-only devices – FPGAs. FPGAs operating as a companion device are easily interfaced to the main embedded processor. These FPGAs can act as co-processors to the main embedded processor and offer the option to implement a compact microcontroller or microprocessor. These soft processors support a wide range of operating systems and real-time operating systems. Offloading evolving or time-critical functions in the context of legacy systems can still be achieved by utilising these options.
Multiple FPGA options exist that share footprint compatibility, to allow for a measure of platforming. The two-chip approach lacks the high bandwidth between the processor and the FPGA, compared to an all programmable SoC. This bandwidth and the number of connections within the monolithic SoC facilitate the dynamic hardware-software division of labor (that previous examples rely on), which a two-chip solution cannot replicate. Even with these limitations, the value of programmable hardware is large enough that more and more embedded processors are advertising dedicated FPGA interfaces (typically built out of standards such as: PCIe, SPI, QSPI) in their data sheets.
Hardware and software programmability for longevity in a new industrial era
Industrial control systems that are driven by electric means have been available for over a century. With some referring to IIoT as the fourth industrial revolution, not only have the available technology and required tasks changed, but the pace of the industry in aggregate has increased in the rate of disruption. Today, new technologies are available as building blocks of IIoT edge platforms that fundamentally offer better coverage for the expansive breadth and depth of IT-OT tasks over time.
All programmable SoCs use software and hardware programmability to keep assets useful for longer periods of time as compared with the traditional embedded architectural building blocks of the previous twenty or thirty years. The use of a different embedded controller for each end product without regard to their connection to the same cloud infrastructure is a failing approach, since approximately 75% of the costs in IIoT systems development lie in cloud and embedded software development. What is most important to system suppliers is a common platform that enables them to invest their research and development time and funds creating value through software services, rather than re-inventing communication interfaces, security infrastructures, control loop timing, data analytic algorithms, and so on. An FPGA-based approach offers many of these benefits to suppliers who must contend with a legacy processor system. An all programmable SoC approach helps maximise available options and is key to increased return on investment for both industrial system suppliers and their customers.
Contact Erich Nast, Avnet, Tel 011 319-8600, erich.nast@avnet.eu
