Practical Industrial Internet of Things Security

上QQ阅读APP看书，第一时间看更新

Pattern 1 – Three-tier architectural model

Three-tier architectures are quite common and involve connectivity, data, and control flows across the following tiers:

Edge tier
Platform tier
Enterprise tier

Figure 2.9 shows a three-tier IIoT architecture:

Figure 2.9: Functional domain representation in a three-tier IoT architectural pattern; Source: IIC-IIRA

The three-tier pattern combines the major components of IIoT, such as sensing and control, data processing and transformation, intelligence, communications and connectivity, and also management services and business applications. It also maps to the functional viewpoint. For example, in Figure 2.8, the control domain functionality is mapped in the edge tier, information and operations in the platform tier, and application and business in the enterprise tier.
This mapping can vary, depending on the implementation. For example, in some use cases, to enable intelligent edge computing, some functions related to information processing and certain application logic and rules could be implemented in or close to the edge tier.

Connectivity in the edge tier is provided by a proximity network that connects field devices, sensors, actuators, and control systems, also known as edge nodes. Connectivity can be wired or wireless. A proximity network may utilize mesh or LAN network topologies, creating one or multiple clusters, which are then connected to the edge gateway that bridges to WAN or corporate networks. Data is collected from the edge nodes at the edge tier, which can be processed locally or sent via the gateway to cloud-based platforms.

The access network connects the edge and platform tiers. The platform tier consolidates and analyzes data flows originating in the edge tier. The platform tier also forwards management and control management commands from the enterprise to the edge tier. The access network can be a corporate network or a WAN virtual private network (VPN) over the public internet, or a 3G/4G/5G cellular network.

The enterprise tier is an abstraction of management functionalities. It receives data flows that originate in the edge tier and are processed in the platform tier. This data can be used for visualization or analytics for business decisioning. Operational users in the enterprise tier can also generate control, configuration, and device management commands, which are transported downstream to the edge nodes. The platform and enterprise tiers are connected over the service network. The service network may use a VPN either over the public internet or a private network equipped with enterprise-grade security.