What is OPC UA TSN, and how does it work? (The long read, with Cisco and SAP)
The emergence of the OPC UA TSN communications stack, backed by a loose-knit consortium of automation specialists, is a key part of the developing industrial IoT narrative, with halting technological innovation and industrial transformation set to be kick-started by its release and deployment in smart factories. Enterprise IoT Insights goes in-deep to nail the technology and its implications.
Until now, industrial enterprises seeking to automate their operations have typically found themselves locked into proprietary systems through conflicting connectivity standards. On the other side, vendors have been required to develop multiple versions of the same product to support these non-standardised industrial automation systems. This has limited technological innovation and industrial transformation.
This cycle has to stop, says the so-called ‘Shapers’ group, an ad-hoc band of industrial automation specialists, comprising the likes of ABB, Bosch Rexroth, B&R, Cisco, General Electric, Rockwell Automation and Schneider Electric, among others, which are pushing for an open, standards-based industrial IoT (IIoT) solution for deterministic and real-time communication between industrial controllers and the cloud.
The collaborators – named for the time-shaping functions of ‘time-sensitive networking’ (TSN) IEEE 802.1, a critical part of their elected solution, and banded together under the twin umbrellas of the Industrial Internet Consortium (IIC) and the OPC Foundation – has identified OPC UA TSN as the unified standard for industrial automation and IIoT connectivity.
OPC UA TSN, explains the Shapers team, represents the combination of enhanced OPC UA Publisher/Subscriber (Pub/Sub) technology with the IEEE TSN Ethernet standards; it provides the building blocks to unify industrial automation technologies and unite information (IT) and operation technologies (OT), as defined by the Industrie 4.0 movement.
But such a definition perhaps requires more explanation. What is TSN? What is OPC UA? What is OPC, for starters? Enterprise IoT Insights caught up with two industry experts – in the form of Bryan Tantzen, senior director at Cisco Systems, and Jay Thoden van Velzen, director of IoT security at SAP – to strip back the layers, and to comment, variously, on the key automation and security aspects of this hyped new IIoT protocol technique.
Let’s start from the beginning. What is OPC UA, as distinct from OPC and every other non-standardised communications technology on the factory floor? OPC UA, a reductive acronym for the process of ‘object linking and embedding for process control unified automation’, is an updated, more-secure version of the commonly deployed OPC protocol stack.
The ‘UA’ iteration includes all previous ‘OPC Classic’ and ‘OPC DA’ capabilities but adds things like discovery to locate OPC servers on local networks and subscriptions to monitor data flow and anomalies. It can be implemented on anything from a tiny embedded module running Linux to a server running the operating system of your choice.
“It provides platform independence, and runs on traditional PC/server hardware, as well as PLCs and microcontrollers, and a variety of operating systems,” comments van Velzen.
That interoperability runs back through the OPC lineage. “OPC’s main characteristic is that it’s a communication protocol shared and supported by a huge range of industrial players,” comments Tantzen, noting its application in discrete manufacturing and process manufacturing, and referencing Siemens, Rockwell, ABB, Honeywell, Yokogawa, Schneider, Bosch, B&R, and Beckhoff, for starters.
“They all use it for ‘north-bound’ or Level 3 communication between controllers, HMIs and the plant applications. So, if you have to communicate across major IACS suppliers, you would use OPC. And, it’s all based on open-standard networks – no weird proprietary network concepts. Many of the industrial application protocols adopted ‘proprietary enhancements’ to meet various requirements,” he says.
What are its most significant characteristics? “Interoperability first, and platform independence; ease of use, as things have predictable structures, and come with defined data models; and yes, security,” says van Velzen.
He zooms out. “Typically, manufacturers run equipment from multiple vendors. It is much easier for things to run ‘the same/similar’ across vendor equipment, and more easily model an entire production line based on PLCs, machines and sensors from multiple vendors. And, it answers a number of security concerns that have come up more recently,” he explains.
“The alternative is using insecure, legacy, and vendor-specific protocols, making things less secure – or, rather, not secure at all, beyond network separation and air-gapping – and significantly more complex.”
Indeed, its role in progressive manufacturing is critical. “Most manufacturers try to standardise as much as possible in their plants. But by standardising on Profinet, ODVA, CC-Link, Ethercat or Sercos, say, they end up significantly limiting the supplier base. If they can rely on an open, commonly accepted communication stack, the hope is they are not as locked in to vendor ecosystems and eventually gain more access to the rich data in these industrial automation and control system deployments,” comments Tantzen.
How will it impact the digitisation of industry? “More use of OPC – and the open networks it relies upon – will enable more devices to be interconnected and more rich data to be available. Other industrial automation and control systems have good connectivity, but OPC is the most commonly applied communication stack.”
Van Velzen says cloud functionality, which faces cultural resistance within manufacturing anyway, is made difficult otherwise. “Without it, it would be harder, and would likely not include a cloud aspect at all – for which, in any case, there is a reluctance among customers after decades of ‘air-gapping’ their industrial network, for good reasons and bad. Increasing concerns for security also would not be able to be addressed.”
From a security perspective, specifically, OPC UA adds signing of messages and signing and encryption of messages between components based on mutual authentication based on digital certificates, he says.
“This is a really important aspect, as it means communication integrity – it can prove that a message from component A to component B is really coming from component A and is really talking to component B – and in case of encryption, hides the traffic from others on the network. Both of which were not really possible before.”
But OPC UA has in fact come under fire recently after Kaspersky Labs identified 17 zero-day security vulnerabilities in certain implementations of OPC-UA. The OPC Foundation conducted its own review, and concluded the faults affected older versions only. Most have been fixed anyway, fixed previously, or cannot be exploited remotely, it said.
Tantzen comments, generally, that OPC UA has a security identification model that has been “relatively advanced” but is becoming less so as others adopt similar and more sophisticated approaches.
“Within the OPC, there is an effort to extend the communication stack to ‘controller-to-controller’ and ‘controller-to-field’ levels with the recently published Pub/Sub specification and the ongoing work to run that over TSN for more deterministic characteristics these communication types demand,” he says.
“That said, what OPC lacks is a good sense of what data and application needs to be communicated – the semantic versus the syntactic. That work is being done.”
Indeed, the OPC Foundation, and the Shapers group alongside, are developing an ecosystem around it, to make industrial transformation a slicker and more productive exercise. So, what about the addition of the time sensitive networking (TSN) mechanic over the top of OPC UA protocol.
TSN comprises a set of enhancements to Ethernet to make it more ‘deterministic’, available on time with low latency, low jitter and high reliability. These enhancements allow time-sensitive delivery of information in industrial application in an open standard network, defined by IEEE standards.
“It adds predictable time delivery – essentially prioritization, while other traffic is handled as normal– and time-synchronization,” comments van Velzen, making clear its importance where reaction times in industrial environments can be very short.
Tantzen chimes in. “It’s Ethernet, so it’s backwards compatible – any device previously ‘speaking’ Ethernet still works. But, now industrial automation and control suppliers can use TSN for their critical control traffic with the guarantee it will get the timely service it needs while using that network for more common data, video, voice or whatever other traffic,” he explains.
“And these automation and control system devices, which are getting smarter and smarter, can also communicate more data to more places and services, such as IoT applications. More devices on the network means more rich data available to applications.”
As it stands, TSN is not available “in enough devices and infrastructure”, notes Tantzen. Many, if not all, chip vendors in the space have TSN offerings, and most automation and control systems vendors are working it into their development plans. Standards have been settled, but TSN will not be a default part of production environments for some years, he says. “A lot of the interoperability, certification and robustness work has to be completed. Then more devices and more infrastructure will be available.”
The Shapers group, which Cisco is part of, sees OPC UA over TSN, combining the communications protocol and the communications mechanic, as the key stack to enable seamless IIoT connectivity between sensors, actuators, controllers and the cloud. “TSN may not be needed for ALL traffic in a production environment, but is required to enable all production traffic to be on an ‘open, unified, standards based’ network,” says Tantzen.
The Shapers group intends to support OPC UA TSN in their future products; the first pilots are already being integrated in an IIC test-bed. The group’s objective is to show compatible controller to controller communication between devices from different vendors using OPC UA TSN over standard IT infrastructure.
Tantzen concludes: “Converging the industrial automation and control system protocols on an open, unified standard network is fundamental to the Industrie 4.0 vision and enables vendors and suppliers to focus research-and-development on a smaller footprint of communication technologies.”
This will drive innovation among both tech firms and industrial operatives.