This Guidance demonstrates how to implement and monitor two-way Open Platform Communication using AWS IoT Greengrass. Customers can collect and aggregate data from IoT edge devices to send and receive commands from the edge to the cloud.
Users can access AWS IoT Core service in the AWS Management Console to start sending and receiving messages through the Message Queue Telemetry Transport (MQTT) test client or Named Device Shadows.
AWS IoT Greengrass (V2) core runs in a Virtual Machine (VM) located on the factory premise or edge location. It manages communication between the Open Process Communication (OPC), Unified Architecture (UA), or Data Access (DA) servers and AWS Cloud.
Using Inter Process Communication (IPC), MQTT messages are available for subscription through the AWS IoT Greengrass provided MQTT Bridge private component.
AWS IoT Greengrass provides the Shadow Manager component that enables the local shadow service on the AWS IoT Core device. The local shadow service allows components to interact using IPC. Shadows allow synchronization of OPC server status, device readings, and configurations with AWS Cloud.
A custom component parses and validates messages received through IPC. This checks for data type, expiry time limits, and safety boundaries.
It also enables the synchronization of readings and configurations of OPC compatible equipment and OPC servers to AWS Cloud by interacting with the shadow manager component provided by AWS IoT Greengrass.
A custom OPC-UA/DA connector establishes a connection to the respective OPC server from the AWS IoT Greengrass core VM to connect, read, and write messages to the on-premise OPC-UA/DA servers.
It interacts with the provided shadow manager component to synchronize server status, errors, clock, and other critical parameters with AWS Cloud.
On-premise OPC-UA/DA servers run on the same corporate network.
OPC-UA/DA compatible equipment such as wind/solar farms and other industrial equipment communicate with the on-premise OPC-UA/DA servers.
The AWS Well-Architected Framework helps you understand the pros and cons of the decisions you make when building systems in the cloud. The six pillars of the Framework allow you to learn architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems. Using the AWS Well-Architected Tool, available at no charge in the AWS Management Console, you can review your workloads against these best practices by answering a set of questions for each pillar.
The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.
This Guidance helps customers improve processes and procedures by helping them manage defective protocol converters and individual edge devices in the cloud. This helps with unification and standardization of OPC platforms.
Changes to the custom AWS IoT Greengrass components can be deployed using the AWS IoT Greengrass Development Kit Command-Line Interface (GDK CLI).
This Guidance encrypts data at rest and in-transit. Data at rest is stored in an encrypted Amazon Simple Storage Service (Amazon S3) bucket, and data in transit is encrypted over the MQTT bridge using TLS. The Amazon S3 bucket, created with the GDK CLI, is made private by default and encrypted. Data is therefore private and encrypted at rest.
AWS IoT Greengrass uses a public key infrastructure (PKI) for authentication, using X.509 certificates to protect against network impersonators. AWS IoT Greengrass policies and AWS Identity and Access Management (IAM) are utilized for authorization control.
This Guidance is designed to handle intermittent connectivity by storing important data locally when there is no connectivity before sending data to the cloud when connectivity is restored.
AWS IoT Core progress events about each message are sent to Amazon CloudWatch for logging and the Device Shadow service documents are stored.
The GDK CLI can be used to seamlessly create, test, build, and publish AWS IoT Greengrass deployments.
AWS IoT Greengrass is purpose-built for edge computing at IoT devices. Users can experiment with virtual machines and OPC emulators instead of physical IoT devices and OPC servers. For high-volume data ingestion, users can further optimize this Guidance with AWS IoT Core Basic Ingest.
The location should be set to one's nearest region to improve performance and decrease latency.
Each OPC device is treated as its own device, and each device will handle its own computing before sent back to the cloud. This helps utilize the minimum required resources to meet the demand.
This Guidance utilizes only the required amount of hardware per IoT device. This allows customers to minimize the impact of their workloads by reducing the total resources required for them to run in AWS data centers.
A detailed guide is provided to experiment and use within your AWS account. Each stage of building the Guidance, including deployment, usage, and cleanup, is examined to prepare it for deployment.
The sample code is a starting point. It is industry validated, prescriptive but not definitive, and a peek under the hood to help you begin.
The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.