The Industrial Internet of Things Volume G1: Reference Architecture

IIC:PUB:G1:V1.80:20170131

We are pleased to announce the publication of the Industrial Internet Reference Architecture v 1.8. First published in 2015 and best known as the IIRA, this standards-based architectural template and methodology enables Industrial Internet of Things (IIoT) system architects to design their own systems based on a common framework and concepts.

更多

The authors, editors and contributors to the IIRA are members of the Industrial Internet Consortium Architecture Task Group, under the Technology Working Group. Its participants represent a broad spectrum of the Industrial Internet Consortium membership including systems and software architects, business experts, security experts, and participants from many of the other Industrial Internet Consortium Working and Task Groups.

WHY A NEW VERSION OF THE IIRA?

Like all Industrial Internet Consortium publications, the IIRA is a living document that will continually represent the latest thinking of the Industrial Internet Consortium and the IIoT community. Industrial Internet Consortium publications are addressing every aspect of the emerging IIoT and our Working Groups are committed to delivering practical, implementable deliverables that reflect new technologies, new concepts, and new applications as they emerge.

The IIRA addresses the need for a common architecture framework to develop interoperable IIoT systems for diverse applications across a broad spectrum of industrial verticals in the public and private sectors to achieve the true promise of IIoT.

The IIRA is a standards-based architectural template and methodology designed by a broad spectrum of IIC members, including system and software architects, business experts, and security experts, to assist IIoT system architects to design IIoT solution architectures consistently and to deploy interoperable IIoT systems.

IIRA v1.8 Benefits

The IIoT core concepts and technologies addressed in the IIRA v1.8 are applicable to the depth and breadth of every small, medium and large enterprise in manufacturing, mining, transportation, energy, agriculture, healthcare, public infrastructure and virtually every other industry. In addition to IIoT system architects, the plain language of IIRA v1.8 and its emphasis on the value proposition and enablement of converging Operational Technology (OT) and Information Technology (IT) enables business decision-makers, plant managers, and IT managers to better understand how to drive IIoT system development from a business perspective.

Technology vendors can use the IIRA concepts and methodologies to build interoperable system components that address the broadest possible market. System implementers can use the IIRA as a starting point to shorten system development by deploying reusable, commercially available, or open-source system building blocks to reduce project risk, associated costs, and time-to-market. Ultimately, the IIRA is designed help the IIoT community to realize an open, innovative IIoT ecosystem, thereby reducing the cost of design and operations.

This new version of the IIRA has the following major updates:

Improved and enhanced description of the architecture concepts and constructs derived from ISO/IEC/IEEE 42010 Architecture Description standard and their application in the IIRA (Chapter 3 Industrial Internet Architecture Framework).

A new section on IIRA viewpoints' Scope of Applicability and Relationship to System Lifecycle Process (Chapter 3 Industrial Internet Architecture Framework, Section 3.6).

A new section on Crosscutting Functions and Key System Characteristics (Chapter 6 Functional Viewpoint, Section 6.7).

A new section on Functional Domain and Compute Deployment Models (Chapter 6 Functional Viewpoint, Section 6.8).

Clarity that the architecture patterns are only representative and not intended to be all inclusive.

A new section on Layered Databus Architecture Pattern (Chapter 7 Implementation Viewpoint, Section 7.5).

A new appendix on Design Space Considerations (Appendix A) providing a broad view of possible design parameters and their constraints in identifying, describing and resolving IIoT system concerns.

收起

Industrial Internet Reference Architecture（IIRA）-v1.7

We are pleased to provide the Industrial Internet Reference Architecture Technical Report – an important resource in the adoption of the Industrial Internet around the world. This resource, represents broad industry consensus, built to drive product interoperability and simplify development of Industrial Internet systems that are better built and integrated with shorter time to market and, at the end, able to better fulfill their intended uses. This Reference Architecture is a statement of what the most important Industrial Internet architecture components are, how they fit together and how they influence each other. It reflects consensus on major architecture questions among participants from energy, healthcare, manufacturing, transportation and public sectors.

更多

This technical document will help your organization to better understand the technical requirements, methodologies and roadblocks to adoption. By downloading and referencing this document, you will ensure that the Industrial Internet products and services your organization creates will be of the highest quality. The Industrial Internet Reference Architecture will also give you a preview into proposed Industrial Internet standards to be adopted by standards organizations in the coming years.

The Industrial Internet Reference Architecture is the product of hundreds of hours of work by the members of the Industrial Internet Consortium Technology Working Group. In particular, we would like to thank the following organizations:

ABB, Inc

AT&T

Cisco Systems, Inc

EnterpriseWeb LLC

Fujitsu Limited

General Electric

IBM Corporation

Infineon Technologies AG

Intel Corporation

Object Management Group

Real-Time Innovations

RSA, The Security Division of EMC

SAP SE

Symantec Corporation

The MITRE Corporation

University of Pennsylvania

Wind River

1 Rationale and Context ................................................................................................ - 9 - 5

1.1 The Industrial Internet ................................................................................................... - 9 -

1.2 Reference Architecture Concepts.................................................................................. - 10 -

1.3 Industrial Internet Reference Architecture .................................................................... - 11 -

1.4 Major Components of the Technical Report .................................................................. - 11 -

1.5 Next Steps ................................................................................................................... - 11 - 10

2 Key System Characteristics and their Assurance ....................................................... - 12 -

2.1 Key System Characteristics ........................................................................................... - 12 -

2.2 System Characteristic Assurance .................................................................................. - 13 -

3 Industrial Internet Reference Architecture ............................................................... - 15 -

3.1 Industrial Internet Architecture Framework .................................................................. - 15 -

3.2 Industrial Internet Viewpoints ...................................................................................... - 16 -

3.3 Security across the Viewpoints ..................................................................................... - 18 -

3.3.1 An Integrated approach to Security .................................................................................. - 18 -

3.3.2 Threat Modeling and Secure Design ................................................................................. - 18 -

4 The Business Viewpoint ........................................................................................... - 20 - 20

4.1 Elements of the Business Viewpoint ............................................................................. - 20 -

4.2 Security Concerns in the Business Context .................................................................... - 21 -

5 The Usage Viewpoint ............................................................................................... - 23 -

5.1 Elements of the Usage Viewpoint ................................................................................. - 23 -

5.2 Common Security Activities .......................................................................................... - 25 -

6 The Functional Viewpoint......................................................................................... - 26 -

6.1 Background ................................................................................................................. - 26 -

6.2 The Control Domain ..................................................................................................... - 29 -

6.3 The Operations Domain ............................................................................................... - 31 -

6.4 The Information Domain .............................................................................................. - 33 - 30

6.5 The Application Domain ............................................................................................... - 35 -

6.6 The Business Domain ................................................................................................... - 35 -

6.7 Common Security Functions ......................................................................................... - 36 -

7 Implementation Viewpoint ...................................................................................... - 37 -

7.1 Architecture Patterns ................................................................................................... - 37 - 35

7.1.1 Three-tier architecture pattern ......................................................................................... - 38 -

7.1.2 Gateway-Mediated Edge Connectivity and Management architecture pattern .............. - 40 -

7.2 Secure Implementations.............................................................................................. - 42 -

8 Safety ...................................................................................................................... - 46 -

8.1 Relationships with Other Concerns ............................................................................... - 48 -

9 Security, Trust and Privacy ....................................................................................... - 50 -

9.1 Endpoint Security ......................................................................................................... - 51 -

9.1.1 Secure Boot Attestation .................................................................................................... - 52 -

9.1.2 Deployment of Security Agent .......................................................................................... - 52 -

9.1.3 Endpoint Identity ............................................................................................................... - 53 -

9.1.4 Endpoint Attack Response ................................................................................................ - 53 -

9.1.5 Remote Policy Management ............................................................................................. - 53 -

9.1.6 Logging and Event Monitoring .......................................................................................... - 54 -

9.1.7 Application Whitelisting .................................................................................................... - 54 -

9.1.8 Network Whitelisting ........................................................................................................ - 54 - 50

9.1.9 Dynamically Deployed Countermeasures ......................................................................... - 54 -

9.1.10 Remote and Automated Endpoint Update ................................................................... - 54 -

9.1.11 Policy Orchestration Across Multiple Endpoints .......................................................... - 55 -

9.1.12 Peripheral Devices Management .................................................................................. - 55 -

9.1.13 Endpoint Storage Management .................................................................................... - 55 - 55

9.1.14 Access Control ............................................................................................................... - 55 -

9.2 Communication Security .............................................................................................. - 55 -

9.2.1 Architectural Considerations for Information Exchange Security ..................................... - 56 -

9.2.2 Security in request-response and publish-subscribe communications ............................ - 56 -

9.2.3 Mutual Authentication Between Endpoints ..................................................................... - 57 - 60

9.2.4 Communication Authorization .......................................................................................... - 57 -

9.2.5 Identity Proxy/Consolidation Point ................................................................................... - 57 -

9.2.6 User Authentication and Authorization ............................................................................ - 57 -

9.2.7 Encryption in Communication ........................................................................................... - 57 -

9.3 Management and Monitoring Security ......................................................................... - 57 - 65

9.3.1 Identity Management ....................................................................................................... - 58 -

9.3.2 Provisioning and Commissioning ...................................................................................... - 58 -

9.3.3 Security Policy Management ............................................................................................. - 58 -

9.3.4 Endpoint Activation Management .................................................................................... - 59 -

9.3.5 Credential Management ................................................................................................... - 59 - 70

9.3.6 Management Console ....................................................................................................... - 59 -

9.3.7 Situational Awareness ....................................................................................................... - 59 -

9.3.8 Remote Update ................................................................................................................. - 60 -

9.3.9 Management and Monitoring Resiliency .......................................................................... - 60 -

9.4 Data Distribution and Secure Storage ........................................................................... - 60 - 75

9.4.1 Data Security ..................................................................................................................... - 60 -

9.4.2 Data Centric Policies .......................................................................................................... - 60 -

9.4.3 Data Analysis and Privacy .................................................................................................. - 61 -

9.4.4 IT Systems and the Cloud .................................................................................................. - 61 -

10 Resilience ................................................................................................................ - 62 - 80

11 Integrability, Interoperability and composability ...................................................... - 67 -

12 Connectivity ............................................................................................................. - 71 -

12.1 Architectural Role ........................................................................................................ - 71 -

12.2 Key System Characteristics ........................................................................................... - 72 -

12.3 Key Functional Characteristics of the Connectivity Framework Layer ............................. - 74 - 85

12.4 Key Functional Characteristics of the Communication Transport Layer .......................... - 76 -

12.5 Connectivity Gateways ................................................................................................. - 77 -

13 Data Management ................................................................................................... - 79 -

13.1 Reduction and Analytics ............................................................................................... - 79 -

13.2 Publish and Subscribe .................................................................................................. - 79 -

13.3 Query .......................................................................................................................... - 81 -

13.4 Storage, Persistence and Retrieval ................................................................................ - 81 -

13.5 Integration .................................................................................................................. - 82 -

13.6 Description and Presence ............................................................................................. - 82 -

13.7 Data Framework .......................................................................................................... - 83 -

13.8 Rights Management ..................................................................................................... - 83 -

14 Analytics and Advanced Data Processing .................................................................. - 84 -

14.1 Advanced Data Processing ........................................................................................... - 84 -

14.2 Advanced Data Processing Pattern and Properties ........................................................ - 85

14.3 Advanced Analytics ...................................................................................................... - 87

14.4 IIS RA Alignment .......................................................................................................... - 88 -

15 Intelligent and Resilient Control ............................................................................... - 89 -

15.1 Motivation................................................................................................................... - 89 -

15.2 Considerations ............................................................................................................. - 89 -

15.3 Functional Components ............................................................................................... - 91 -

16 Dynamic Composition and Automated Interoperability ............................................ - 95 -

16.1 Motivation................................................................................................................... - 95 -

16.2 Considerations ............................................................................................................. - 96 -

16.3 Functional Components ............................................................................................... - 97 -

17 References ............................................................................................................... - 99 -

收起

Experimental IIRA adaptation to the actual IoT solution

Hiroshi Yamamoto – Distinguished Engineer & Global Electronics Industry CTO, IBM Japan