AWS for Industries

Centralize renewable operations around the world on AWS

The past 20 years have witnessed a change in how we produce electricity. The primary change has been a shift from fossil fuels (coal and oil) to renewables (wind and solar) as a result of increased demand for power and efforts to decarbonize the grid. Renewable energy is often not generated in single centralized power plants such as fossil fuel-based generation. Furthermore, the scale of renewable generation can vary from small residential rooftop installations generating 5 KW of power to large grid scale solar and wind sites generating 100 MW to several GW of power. The result is a highly distributed source of energy generation. Moreover, renewable power is often owned and operated by global corporations thus necessitating these owner/operators to meet and comply with regulations based on the location (country, state) in which their assets are operating.

The change in the energy mix has triggered an evolution of the technology associated with operating and maintaining renewable power plants and assets. Control of renewable assets at sites range from having: a) standardized SCADA using industry protocols such as DNP3, MODBUS, OPC-UA/DA etc. and in many cases a centralized SCADA system controlling multiple sites; b) gateways using a proprietary protocol at sites that control access to assets behind them and send data back; and c) direct access to assets for control and data access usually through a local control room.

Operators of renewable assets find themselves running several localized renewable operations control centers (ROCCs) as a result of the number of generation assets, the spread of these assets across geographies, the heterogeneity of technologies being used, and varying regulatory landscapes.

An AWS Cloud based solution

Renewable operators benefit by using AWS to standardize their ROCC architecture and consolidate multiple control and data centers to a subset of what they currently have. The primary benefits of doing so are: a) lower costs as a result of fewer data centers; b) improved operations excellence as a result of using a standardized architecture; c) improved security posture by adopting AWS infrastructure using AWS security best practices; d) scalability to handle more data when needed; and e) having access to the latest technology including artificial intelligence/machine learning (AI/ML), storage, and analytics services.

In this post we present solutions that allow renewable energy operators to consolidate their ROCCs into an AWS hosted architecture that enables a hybrid cloud/on-premises option to help meet regulatory requirements. This kind of architecture allows a renewable operator to have a single cloud based ROCC per region or globally with certain operational assets on-premises in a country to help meet local regulatory requirements. This kind of architecture reduces the total number of data centers, improves operational excellence as a result of a standardized architecture, increases security, offers agility and the ability to scale, and reduces cost.

The ROCC architecture

The architectural solution presented here offers three options depending on the current assets owned by the owner/operators.

Option 1: Central SCADA deployed on-premises to help meet regulatory requirements
This scenario is applicable for operations that need control systems to be on-premises for regulatory reasons. NERC CIP in North America is an example of one of these regulatory requirements when total generation exceeds certain threshold values. In the following architecture, we present how it is possible to achieve this while still using the capabilities that the cloud offers.

Figure 1. Option 1, ROCC for on-premises controlFigure 1. Option 1, ROCC for on-premises control

In this architectural pattern, the central SCADA system remains on-premises as shown in block 0. There are three communication paths, for example the black lines representing data ingestion and the green lines show control recommendations and alerts. We can observe how these paths traverse from the edge to the cloud and the other way around.

Data ingestion

All sites feed their telemetry data into the central SCADA, which makes it the source of all telemetry data (tags). The SCADA server on-premises is behind a firewall/security stack. Data from the SCADA server is sent to a protocol converter in the cloud that converts the device and SCADA specific protocols into a common format that can be consumed by other systems. The Industrial Protocol Convertor Cloud Server is running on Amazon Elastic Compute Cloud (Amazon EC2) in the cloud as shown in block 1. Several AWS partners provide protocol converters including Kepware, Ignition, and KALKI.IO Data Hub.

We establish a secure private connection between the SCADA and the Industrial Protocol Convertor Cloud Server using AWS networking services such as AWS Direct Connect, AWS Site-to-Site VPN, or Accelerated VPN over AWS Global Accelerator. As a security best practice, AWS recommends that the protocol converter establishes an encrypted connection to the SCADA.

The protocol converter produces data that is ready to be consumed by the Renewables Data Lake and Analytics solution on AWS as shown by the star symbol in block 1. This solution describes how renewable energy operators can ingest data from renewable assets such as wind turbines, solar farms, and battery energy storage systems (BESS). The data can be collected into a data lake to perform advanced analytics with ML. Dashboards, alerts, business intelligence reporting, and comprehensive device management can all help operators derive insights from their asset data.

Control

In this scenario, all control is either automated through the SCADA on-premises or issued by human operators using the SCADA Human Machine Interface (HMI) from the on-premises control room. Operators can access the SCADA from local workstations, can use Amazon Workspaces as a secure alternative, or have both options available for higher resilience. Amazon Workspaces is a fully managed desktop virtualization service for Windows, Linux, and Ubuntu that allows operators to access resources from a supported device, including Amazon Workspaces Thin Client. Renewable energy operators can empower their engineers working remotely, from the corporate offices, or offsite locations with cost-effective, secure access to the resources and tools needed to support their workloads.

Networking and security controls for access to multiple renewable assets spread over a vast geographic area can be complex. For details on how to configure secure networking between renewable sites and a control center, read Secure Your Global OT/IT Networks with AWS Cloud WAN.

An advantage of this architecture is that while the SCADA system and control room operators are managing the generation of renewable power, data is being processed in the cloud and can be used to identify efficiencies to improve generation or protect assets. Using AWS cloud operators can bring together SCADA telemetry, weather, and other data to a single data lake. The latest in ML and high-performance computing technology can be used to analyze this data and make control recommendations to the ROCC operators who can then decide whether to execute the recommendations.

The central SCADA remains the single entity authorized to issue control commands to the renewable assets in the field. The engineers in the global monitoring and control center retain full control of the central SCADA.

Alerts

Similar to control recommendations, the renewable data lake and analytics in the cloud may identify various events or issues that can be sent to operators as SMS or email alerts. An alert could be notifying operators based on a weather forecast or a predictive maintenance warning based on algorithms running in the cloud. These types of alerts can be immediately delivered by Amazon Simple Notification Service (Amazon SNS).

Option 2: Central SCADA in the cloud

In this scenario the central SCADA is hosted on AWS in the cloud. In the absence of regulatory requirements to keep bulk energy control systems on-premises, SCADA for renewable operations can be hosted in the cloud.

Figure 2. ROCC for unregulated sitesFigure 2. ROCC for unregulated sites

The only difference between this and the previous architecture is the location of the SCADA servers, which is now in the cloud. Other than that, the architecture remains the same. Moving the SCADA server/s to the cloud allows operators to reduce their cost by removing the need for an on-premises data center. Furthermore, they can enhance the availability of their servers by using cloud-based scalability and disaster recovery. Operators can enhance security by using infrastructure as code (IaC) to protect themselves from disasters such as ransomware or other malware threats.

Operators must establish secure, private, and reliable connections between their cloud environments and sites by using AWS networking services such as Direct Connect, Site-to-Site VPN, or Global Accelerator. The functionality of the Industrial Protocol Convertor Cloud Server, Renewables Data Lake and Analytics solution on AWS, Amazon SNS, and Amazon Workspaces Family remain the same as described in the previous regulated scenario.

Option 3: No SCADA at edge or cloud historic sites

This scenario is applicable for smaller and some legacy renewable energy sites, sites with a few and low generation assets, or sites that use protocols such as IEC 102 with an IP-based gateway on the edge. In these cases, the Industrial Protocol Convertor Cloud Server directly communicates with the gateways or PLCs (programmable logic controller) of the assets sitting at the edge.

Figure 3. No SCADA at edge or cloud historic sitesFigure 3. No SCADA at edge or cloud historic sites

The Industrial Protocol Convertor Cloud Server is capable of direct data ingestion from the gateways and PLCs, and issuing control commands to them. It uses the secure private connection over AWS networking services such as Direct Connect, Site-to-Site VPN, or Global Accelerator to communicate with assets at the edge. The functionality of the Industrial Protocol Convertor Cloud Server, the Renewables Data Lake and Analytics solution on AWS, Amazon SNS, and Amazon Workspaces Family remain the same as described in the previous regulated scenario.

Conclusion

We have proposed an overarching ROCC architecture that can be adjusted to help meet regulations needing control systems on-premises. Renewable operations need a lot of computing, data storage, modern algorithms, and coordination between different sites. This AWS cloud-based architecture offers operators with the flexibility of where to deploy assets based on regulatory requirements. This architecture allows renewable owner/operators to minimize their on-premises footprint to only what is necessary while keeping the bulk or all of their assets in the cloud.

For more information and for a deep dive on how to build a secure and reliable ROCC on AWS, contact your AWS account manager.

Avneet Singh

Avneet Singh

Avneet is the EMEA Principal Specialist Solutions Architect for Energy at Amazon Web Services. He is based out of Amsterdam, The Netherlands and is responsible for establishing AWS's leadership position in building resilient cloud native solutions for the Energy vertical. Avneet has more than 15 years of experience in the utility industry having delivered successful technology solution projects across the meter to cash cycle spanning smart metering, billing, invoicing, and regulatory compliance. Avneet has a keen interest in IoT, data analytics, and renewable energy optimization. He is the author, of the solution guidance on, Renewables Data Lake and Analytics on AWS. He is actively collaborating with renewable energy operators across the world in NAMER, EMEA and APJ regions, developing next generation, renewable energy solutions on the AWS cloud.

Ranjan Banerji

Ranjan Banerji

Ranjan Banerji is a Principal Partner Solutions Architect at AWS focused on the power and utilities vertical. Ranjan has been at AWS for seven years, first on the Department of Defense (DoD) team helping the branches of the DoD migrate and/or build new systems on AWS ensuring security and compliance requirements and now supporting the power and utilities team. Ranjan's expertise ranges from serverless architecture to security and compliance for regulated industries. Ranjan has over 25 years of experience building and designing systems for the DoD, federal agencies, energy, and financial industry.