Running OSIsoft PI System on AWS Outposts to enable a hybrid experience
Introduction to OSIsoft PI System
OSIsoft is a select AWS Partner and leader in industrial digital transformation. It has a comprehensive data infrastructure platform with the capability to ingest data from various industrial sensors using a variety of industrial protocols.
Using PI System, organizations can run KPIs in real-time to assess the health of equipment and industrial processes, build real-time dashboarding, and send data to AWS storage and streaming services.
According to OSIsoft, 80% of the world’s largest oil and gas companies and 65% of the industrial companies in the Fortune 500 rely on the PI System for their operations.
AWS for Industrial: Scaling Design, Workloads, Operations & More
To remain competitive, industrial customers need to digitally transform to maximize productivity and asset availability, and lower costs. Digital transformation enables industrial customers to maximize productivity and asset availability, and lower costs.
Large industrial enterprises in manufacturing, oil and gas, healthcare life sciences, electric transmission, and distribution collect operational technology (OT) data from millions of sensors. Much of this valuable data remains unused and could be harvested for deeper insights with AWS AI/ML and Data Analytics services.
The AWS for Industrial initiative simplifies the process of building and deploying innovative Internet of Things (IoT), Artificial Intelligence (AI), Machine Learning (ML), analytics and edge computing solutions to achieve step change improvements in operational efficiency, quality, and agility.
Running PI System on AWS Outposts
AWS for the Edge brings AWS Cloud capabilities on-premises to speed time to results. AWS Outposts is a fully managed infrastructure that is ideal for industrial applications that need low latency access to on-premises systems, local data processing, and data residency. Outposts allows customers to extend capabilities that they need to be available on premises, and to make them fit seamlessly into the things that they have already developed to run in the cloud.
By running PI System on Outposts, customers no longer need to invest time and expense managing detailed hardware and software compatibility matrixes, to have low latency access to PI System using familiar AWS services and tools.
Today, the majority of enterprises have their data infrastructure platform hosted on-premises within their control and business network which demands large on-premises hardware infrastructure that is too expensive to maintain, hard to scale, and ages quickly over time. With billions of industrial data streams being collected, many organizations are looking ahead to modernize their data infrastructure platform and innovate on AWS for its flexibility, scalability, and breath of services.
Industrial companies require low latency access to operational data from data sources such as real-time dashboards, notification systems, PLCs, HMI, DSC and SCADA systems into PI System(s) running on the edge in the operations network. Real-time access is critical in many industries such as drug manufacturing, where intense monitoring of batch processes is crucial for detecting anomalies in process parameters.
PI System also serves data in real-time to other dependent applications running on edge e.g. reactive analytics platforms, IT systems like MES, SAP, data warehouse management systems, and PLM running on the edge. These applications need nearly continuous data inputs and are sensitive to the drops in data connectivity.
Companies can be subjected to compliance requirements such as NERC-CIP regulations in North America for utilities, and FDA regulations for pharmaceutical companies. In some cases, compliance requires the data not to leave on-premises.
Large organizations, such as, electric utilities would like to adhere to these federal and local government regulations, but want to manage their on-premises and cloud infrastructure from the same control pane.
Below, we take a look at how OSIsoft PI system can run on Outposts and how it addresses the problems stated above.
Outposts brings the same AWS infrastructure, AWS services, API operations, and tools to virtually any data center, co-location space, or on-premises facility for a truly consistent hybrid experience. Once installed, AWS takes care of the monitoring, maintenance, and patching of the Outposts infrastructure. Outposts also allows you to use same control pane to manage the workload running on-premises that you use to manage workloads in the AWS Cloud.
You can use familiar services like Amazon CloudWatch and AWS CloudTrail to monitor and audit the activities on Outposts using the AWS Management Console and the AWS Command Line Interface (CLI) enabling a consistent experience across the cloud and on-premises. Plus, the data stored on Outposts doesn’t have to leave on-premises if your workload is subjected to regulatory compliance such as NERC-CIP.
You can also integrate with other enterprise-level IT systems running on-premises, such as, MES, SAP, Warehouse Management System, PLM that sits close to the physical equipment, and PLCs and need millisecond responsiveness.
With applications still running within the on-premises network on Outposts, operators can monitor and remediate issues in near-real time related to processes and equipment, improving IT efficiency and reducing operational risk with a fully managed infrastructure.
With low latency data available close to the shop floor, customers can now innovate by seamlessly integrating on-premises data from Outposts to the AWS Cloud to leverage AI/ML and Data Analytics services.
The diagram below illustrates a reference architecture of OSIsoft PI System running on Outposts at the edge location, such as a manufacturing plant or a processing facility. This PI System communicates to a central PI System hosted in an AWS Region that is configured to collect data from multiple sites.
A detailed walk-through
The AWS Outposts rack includes two network switches that physically connect to the customer’s local network with 2 to 8 connections of 1, 10, 40, or 100G Ethernet. These connections are bundled into a single logical grouping of bandwidth (using LACP) which will carry all traffic in and out of the Outpost—traffic that is destined to the AWS Region (orange) or the customers local network (blue). The Outposts local gateway (LGW) is a logical router that will speak BGP with the customers routers and route traffic between the Outpost and the customer’s local network.
Once physical connectivity has been established, the Outpost will establish a secure connection to the AWS Outposts Service Anchor in the AWS Region over a Direct Connect public or private virtual interface, or the Internet. This connection creates the Outpost service-link that will allow the customer to seamlessly extend VPCs from the AWS region to their Outpost and carry customer traffic between VPC subnets on Outposts and VPC subnets, interface endpoints, and internet gateways (IGW) in the AWS Region. The service-link will also carry control plane traffic for AWS to monitor and manage the Outpost. If the service-link experiences a brief loss of connectivity, the PI System will continue to run locally without disruption.
Now, let’s take a step-by-step view of the reference architecture diagram shown above:
- PI Interfaces/Connectors collect data from sensors, PLCs, Scada, and HMIs etc. and send this data into PI System components running on Amazon EC2 in AWS Outposts.
- This traffic is routed into AWS Outposts through the Local Gateway (LGW). PI System receives the timeseries and context data and stores in PI Asset Framework and PI Data Archive.
- Microsoft Active Directory provides Windows Integrated Security access between PI System and is used for user Authentication and Authorization.
- SQL Servers running on Amazon EC2 instances stores the meta data used by PI Vision and PI AF.
- PI Vision is a visualization tool to access, organize and visualize PI Server data and share data visualizations across your organization.
- You can use PI Integrator for Business Analytics to export asset and event view data from PI System into AWS managed Services, namely, Amazon S3, Amazon Redshift, Amazon Kinesis, and Amazon Managed Streaming for Kafka.
- AWS Outposts network devices connect to the on-premises network equipment for connectivity to the customers local network and the AWS Region. The local network and AWS Region traffic are logically isolated onto separate VLANs (blue and orange).
- AWS Outposts establishes a secure connection to its AWS Outposts Anchor endpoint in the AWS Region over a public or private Direct Connect virtual interface.
- Traffic between PI System components on AWS Outposts and PI Interfaces on the local network is routed through the AWS Outposts local gateway.
- Traffic between the PI System components on the AWS Outposts VPC subnets is routed locally within AWS Outpost.
- Traffic between the PI System components on AWS Outposts subnets and AWS Region subnets follows the AWS Outposts service link.
- Traffic between the PI System components on AWS Outposts and AWS services in the Region can use the customers local internet connection via the local gateway, the service-link via an internet gateway, or a VPC endpoint in the Region.
As outlined above, PI System on AWS Outposts renders a consistent hybrid experience, while addressing concerns like low latency access to OT and IT systems running on-premises. AWS has successfully tested the deployment of OSIsoft PI System on Outposts in collaboration with OSIsoft and their preferred System Integrator partner Radix, and validated the solution. Radix leverages executive level experience and relationships, understanding of the midstream industries business models, and PI System-certified pool of engineers to help solve complex customer problems.