Operational Technology + Information Technology Applying Message Oriented Middleware to Operational Systems Arlen Nipper - Cirrus Link How can we apply technology to: • Mitigate environmental risk? • Detect leaks earlier? • Resolve problems faster? • Manage audit and regulation more effectively? Instrumented Interconnected • Run operations more efficiently? Intelligent Message Oriented Middleware Message Oriented Middleware (MOM) is a well proven and an integral component in modern Service Oriented Architecture (SOA) and Enterprise Service Bus (ESB) solutions. How can we best apply this mature and well proven technology to Operational systems as well? • What problems does Message Oriented Middleware solve? • How can Message Oriented Middleware be applied to operational systems today? Using the SCADA Host as Message Oriented Middleware To a large extent, we as an industry have already been trying to make our Operational Applications “look” like Message Oriented Middleware….. Future Apps & Integration Historian Analytics & BIG DATA Electronic Flow Measurement ERP Mobile Apps Asset Management & Optimization “Enterprise (IT)” 1 SCADA Host 3 Protocol X 2 “Operations (OT)” Using the SCADA Host as Message Oriented Middleware Future Apps & Integration Analytics & BIG DATA ERP Mobile Apps Asset Management & Optimization “Enterprise (IT)” 3 1 Electronic Flow Measurement Flow Computer PLC SCADA Host Protocol X 2 “Operations (OT)” Using the SCADA Host as Message Oriented Middleware 3 1 Flow Computer PLC Electronic Flow Measurement 2 “New” 1 Application 3 SCADA Host Protocol X 2 4 “Enterprise (IT)” “Operations (OT)” 1 Create a “New” application that can provide the interface between the EFM application and the SCADA Host Application. 2 Define the interface/data schema between the New application and the EFM application. 3 Modify/change/test any required Access Control List (ACL) and define the security for connecting to the SCADA Host application. 4 Modify the SCADA Host poll tables so that additional polls to the Flow Computer are added to acquire desired information. Using the SCADA Host as Message Oriented Middleware “What is invariably happening is that more and more access to SCADA data from the lines of business is putting the SCADA Host application in the position of being a MOM system, which they were never intended to be in the first place. As more and more applications and modifications are made to the SCADA Host application to satisfy the needs of lines of business, the systems invariably become harder and harder to manage, and ultimately become so brittle that no one will touch them to add additional capabilities. At this point innovation within the business, as it applies to the vast amount of additional information in field devices, comes to a grinding halt!” Decoupling Devices from Applications using Message Oriented Middleware Future Apps & Integration Historian Analytics & BIG DATA Electronic Flow Measurement ERP Mobile Apps Asset Management & Optimization “Enterprise (IT)” 1 SCADA Host 3 Protocol X 2 “Operations (OT)” Starting from here…… we can keep all of the same components by just re-architecting the topology a bit. Decoupling Devices from Applications using Message Oriented Middleware SCADA Host Future Apps & Integration Historian Analytics & BIG DATA 1 Electronic Flow Measurement Message Oriented Middleware ERP 2 Mobile Apps 3 Asset Management & Optimization “Enterprise (IT)” “Operations (OT)” Nice topology picture, but how can you actually implement this architecture? Use Message Queuing Telemetry Transport (MQTT) A Transport Designed for SCADA “MQTT is a bi-directional lightweight event and message oriented transport allowing devices to communicate efficiently across constrained networks to backend systems” MQTT was originally designed for use in real time pipeline SCADA systems! 1. Natively built on top of TCP/IP. 2. Stateful with continuous session awareness. 3. Extremely bandwidth efficient. 4. Three levels of Quality of Service for data delivery. 5. Data agnostic. 6. Client side session establishment. 7. No defined security model. Since MQTT is natively build on top of TCP/IP, best practice TCP/IP security scheme can be used.* *The OASIS MQTT Security Subcommittee is working in conjunction with NIST for recommended best practices using MQTT in critical infrastructure. Add an MQTT Data Broker The Message Oriented Middleware Component MQTT Enabled Application MQTT Enabled Device MQTT JMS Enabled Application SOAP Enabled Application Enabled Message Oriented Middleware MQTT Enabled Device MQTT Enabled Device MQTT - Publish Subscribe Messaging A Publish Subscribe messaging protocol allowing a message to be published once and multiple consumers (applications / devices) to receive the message providing decoupling between the producer and consumer(s) A producer publishes a message (publication) on a topic (subject) A consumer subscribes (makes a subscription) for messages on a topic (subject) A Message Oriented Middleware server / broker matches publications to subscriptions • If no matches the message is discarded • If one or more matches the message is delivered to each matching subscriber/consumer The Resulting 100% MQTT MOM SCADA Implementation SCADA Host Future Apps & Integration Historian Analytics & BIG DATA Electronic Flow Measurement DMZ 3 2 ERP 1 MQTT Enabled Message Oriented Middleware Mobile Apps Asset Management & Optimization “Enterprise (IT)” 1 MQTT message transport. 2 MQTT, JMS, REST, SOAP, and “other” ESB message transports 3 Single point DMZ for access control, permissions, and security settings. 4 SCADA is a VERY important data consumer, but not the ONLY consumer. Protocol X 1 Edge of Network Controller Edge of Network Controller 4 Protocol Y 3 -Native MQTT device “Operations (OT)” 2 With MQTT and Message Oriented Middleware we can move from “Current State” ….. … to “Future State” SCADA Host SCADA Host SCADA Host SCADA Host Future Apps & Integration Historian DMZ Analytics & BIG DATA Electronic Flow Measurement ERP Mobile Apps Asset Management & Optimization MQTT Enabled Message Oriented Middleware SCADA Host SCADA Host The Vision - Tie All Operations Together Cathodic Protection Upstream Terminal Automation MQTT Transport Data Center Enterprise Message Oriented Middleware SCADA Midstream/Downstream Pipeline Control 16 Tank Farm / Storage Summary Poll-Response SCADA systems were perfectly viable solutions when first developed 35 years ago. They have served the industry well, and continue to do so. But we are entering 2014. SCADA solutions need to leverage the very same Message Oriented Middleware technologies that IT solutions use to: • Decouple device protocols from applications. • Dramatically improve critical data update times. • Reduce network bandwidth consumption. • Enable “one to many” information exchange. •“Unlock Operational Intelligence” stranded in field devices! Additional Topics Not Yet Covered • Message flows, data transformation, message transformation. • Migration strategy maintaining Operational Integrity and 100% legacy backwards capability. • Redundancy (native architecture capability) • High availability (native architecture capability) • Scalability (native architecture capability) We can apply technology to: • Mitigate environmental risk • Detect leaks earlier • Resolve problems faster • Manage audit and regulation more effectively Instrumented Interconnected • Run operations more efficiently Intelligent Message Queuing Telemetry Transport (MQTT) Resources All things MQTT http://mqtt.org Eclipse Paho http://www.eclipse.org/paho/ Eclipse M2M http://wiki.eclipse.org/Machine-to-Machine OASIS MQTT Technical Committee https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=mqtt MQTT Specification http://www.ibm.com/developerworks/webservices/library/ws-mqtt/index.html