Creating programmable 5G systems for the Industrial IoT

Ericsson CTO Erik Ekudden’s view on programmable 5G systems for Industry 4.0

Industrial use cases often have highly specific requirements that cannot be met by a one-size-fits-all connectivity solution. From our perspective at Ericsson, we see the need to support industrial use cases with 5G networks that include an exposure service that enables the operational technology ecosystem to customize their 5G connectivity using standardized exposure interfaces.

In this article, the authors present an innovative proof-of-concept project with ABB that demonstrates the benefits of using programmable 5G systems to support Industrial Internet of Things use cases. Looking ahead, enterprises in the operational technology industry will be able to use this type of standardized exposure service to seamlessly integrate their industrial automation systems with private 5G networks provided by communication service providers. 

In close collaboration with the operational technology company ABB, we have developed and tested a prototype of a programmable 5G system and successfully integrated it with an ABB automation system. Beyond demonstrating the advantages of using 5G to support industrial automation solutions, the ABB proof of concept highlights the importance of emerging 3GPP standards to address the expectations of industry verticals with regard to system integration.

A steadily growing number of factories, plants, mines and ports around the world are exploring the potential of 5G technology and considering how best to deploy it. This is to be expected, since 5G has been designed with vertical use cases in mind, and industrial automation systems are one of the most promising segments.

Private 5G networks [1] are becoming a critical and indispensable tool for enterprises in the operational technology (OT) vertical. The transformation of production environments such as process plants (chemical industry, mining, pharma, food and beverage, and so on) and factories (automotive or electronics manufacturing) driven by Industry 4.0 [2, 3] creates a dynamic environment that necessitates the reconfiguration of the automation system infrastructure and, by extension, the reconfiguration of the supporting 5G network and the continuous monitoring of the wireless connectivity service it provides.

Such flexibility enables the stepwise introduction of industrial applications over a common 5G infrastructure. In most cases today, the reconfiguration and monitoring of private 5G networks is done manually, often with the involvement of the communication service provider (CSP) or other entity that operates the 5G network. In wired automation networks based on technologies such as Industrial Ethernet or fieldbuses, the automated configuration and monitoring from within the automation system is the state of the art, translating the needs of applications into network configuration without lag, effort and quality problems. To use 5G as a part of the automation infrastructure on scale, that same seamless integration is required.

Therefore, the next step is to establish a live connection between private 5G networks and existing OT/IT systems. A private 5G network is expected to act as an integral part of the OT/IT communication infrastructure, seamlessly integrated with existing wired networks and upcoming technologies such as Time-Sensitive Networking (TSN) from the Institute of Electrical and Electronics Engineers (IEEE). Industry verticals expect to perform this system integration relying on their existing OT/IT skills, without the need to acquire additional competence in cellular wireless communication systems.

While 5G technology is designed to be scalable, flexible and extremely versatile regarding performance, these advantages come with a complex approach to building and operating networks that requires expertise commonly not available in OT companies today. The need to understand cellular technology in detail is therefore a significant roadblock to the adoption of 5G in the industry sector.

To overcome this challenge, private networks need to include user-oriented 5G exposure interfaces that are much simpler to use than any of the current telco-oriented exposure interfaces that assume deep knowledge of the internal workings of cellular systems. Such interfaces must offer the adequate level of abstraction that allows factory or plant operators to execute their regular operational tasks without the need for dedicated support from the service (and network) provider. In short, the ability to execute network automation across the organizational boundaries of CSP and OT enterprises needs to be an integral part of an industrial private 5G network offering.

Identifying 5G exposure requirements for industry verticals

With broad participation from the OT/IT and telecommunication industries, including Ericsson and ABB, the 5G Alliance for Connected Industries and Automation (5G-ACIA) collected and documented the requirements on 5G exposure capabilities for the process automation, production IT, logistics and warehousing industry verticals and published them in a white paper [4].

Figure 1 visualizes the concept of 5G exposure interfaces of a 5G private network, as presented in 5G-ACIA’s white paper [4]. These interfaces enable Industrial Internet of Things (IIoT) applications to program the 5G network in a variety of ways, such as establishing connections of device-to-device and device-to-enterprise-network types with customized quality of service (QoS).

The 5G-ACIA concept builds on nine key exposure requirements in the area of device management:

1. Device connectivity management
2. Device connectivity monitoring
3. Device group communication management
4. Device provisioning and onboarding
5. Device identity management
6. Device location information
7. Security
8. Time-sensitive networking (TSN) integration
9. Time-sensitive communications.

To test the concept, we addressed the majority of these requirements in the joint ABB-Ericsson proof of concept.

Device connectivity management

IIoT applications are often time-critical, requiring low bounded latency and reliable communication. Through the 5G exposure interfaces, applications must be able to set up one or more connections per device with customized QoS, including guaranteed and minimum bitrate, latency and packet transmission reliability. These IP or Ethernet connections must support device-to-device or device-to-enterprise-network configurations. The exposure interfaces must hide the underlying realization aspects of the 5G network, such as QoS flows, resilient connections with low interruption time in case of node/link failure or disjoint user plane paths.

Device connectivity monitoring

For business continuity reasons, it is essential that a factory or plant operator can monitor the 5G connectivity service continuously through its OT/IT applications. The 5G exposure interfaces must enable the monitoring of connections of a device or a group of devices, allowing the retrieval of current and historical performance metrics either on demand, periodically, or on an event-triggered basis related to connection bitrate, latency and packet loss, for example.

Device group communication management

Industry verticals expect to be able to isolate the traffic of different use cases and traffic types for the purposes of performance and security management. Traffic segmentation is enabled by 5G group communication, where devices in the same group communicate privately with one another and can also access services in enterprise networks. 5G provides group communication with 5G local area network (5GLAN)-type services for both IP virtual network (VN) groups and 5GLAN virtual local area networks (VLANs). The 5G exposure application programming interface (API) must provide the means for applications to manage device groups, including creating groups and adding and removing group members, as well as creating dynamic VLAN assignment for devices when connecting to the network.

Device provisioning and onboarding

Industry verticals want to be able to add devices to the 5G network in a plug-and-play manner. The 5G exposure interfaces must enable the provisioning of device identifiers and credentials into the 5G network both for individual devices and groups of devices. In the onboarding step, the 5G network must provide the means for the device to establish a user plane connection to the IIoT application and have the ability to notify the application about the newly established connection.

Device identity management

IIoT applications use a wealth of identifiers both in the application layer and in the connectivity layer, depending on the applied technology. In 5G networks, the primary unique identifier of 5G user equipment (UE) is the Generic Public Subscription Identifier (GPSI), which means that this ID must be used by the 5G exposure interfaces. Translation between the IIoT device’s application layer (OT/IT, for example) identifiers and the GPSI must be done in the application. The static IP address of the device or the device’s media access control (MAC) address may also be used as the device identifier in the 5G exposure interfaces.

Device location information

Use cases such as mobile robots, automated guided vehicles, portable assembly tools, mobile control panels and plant asset management require the positioning of IIoT devices with different levels of accuracy. IIoT applications may request the location information of one or a group of devices over the 5G exposure interfaces. Device tracking is achieved by reporting device location triggered by events such as movements.

Security

IEC 62443 standards [5] introduce the concepts of “zones” and “conduits” as a way to segment and isolate the various subsystems in a control system. A zone is defined as a grouping of logical or physical assets that share common security requirements based on factors such as criticality and consequence. A conduit consists of the grouping of cyber assets dedicated exclusively to communications within and also external to a zone and which share the same cybersecurity. Device groups (5GLAN VLANs or IP VN groups) combined with secured slicing and application-level security protect the factory zones achieving IEC 62443 Security Levels SL3 and SL4 [5].

Time-sensitive networking integration

OT verticals consider TSN to be the next-generation technology that will bring about convergence in OT networking. When combined with 5G networks, the fully centralized TSN configuration model of IEEE 802.1Qcc must be used. It postulates that a centralized network configuration (CNC) entity configures all the TSN streams in the 5G network, which acts as a TSN bridge. The 5G exposure interfaces must serve as the TSN application function (AF) and provide port and bridge management information. This enables the CNC to determine the allocation of network resources to the streams and configure them in the 5G network through the 5G exposure interfaces.

Time-sensitive communications

5G-native time-sensitive communications (TSC) refers to a time-sensitive communication service that the 5G network offers to 5G devices natively (that is, without integration into a TSN system). 5G exposure interfaces acting as TSC CNC enable applications such as Centralized User Configuration to discover the availability of resources for a TSC stream and request the creation of a TSC stream with QoS.

Validating the 5G-ACIA exposure concept in partnership with ABB

The proof of concept at ABB integrates Ericsson’s pre-standard, prototype 5G exposure interfaces implementation with ABB’s cloud-based digital ecosystem (ABB Ability [6] and ABB Ability Edgenius [7]) to achieve 5G network programming by an automation system and thereby validate the exposure capabilities in practice.

The proof of concept offers a plant operator an easy-to-use environment for managing and monitoring the 5G connectivity of networked industrial devices. It also makes it possible to tailor the behavior of the 5G network to the communication requirements of industrial applications and obtain knowledge regarding the status and performance of 5G connections and virtual networks. By means of these capabilities, network-aware applications can interact with an externally operated network infrastructure without the need to know or understand the details of the underlying network technologies.

As illustrated in Figure 2, the 5G network frontend allows the control of 5G connectivity for ABB core control devices and intelligent equipment from a web application using the Ability cloud platform and an on-site Edgenius edge module. The Edgenius module interacts with the 5G network’s programmable interfaces that expose the management capabilities of the 5G network, thereby offering a unified way of centrally controlling 5G performance (using ABB Ability, in this case).

The 5G network frontend web application provides the means to seamlessly provision and onboard 5G devices, monitor their connectivity performance and create device groups with different QoS attributes on top of the shared 5G infrastructure. Therefore, the developed tool also creates a convenient and scalable solution for configuring and monitoring the 5G network to facilitate the execution of everyday tasks by OT users, from automation engineers to plant operators.

By bringing 5G device management and monitoring data “closer” to the application operation and engineering data, this proof of concept allows the management of several 5G device groups from the tool, mainly based on ABB’s digital solutions. This approach would also make it possible to utilize existing tools in ABB’s digital portfolio to achieve easier and faster development of both simple and advanced network management solutions for the industrial wireless domain.

As a result of the collaboration with Ericsson, ABB also investigated the feasibility of using the exposure capabilities for flexible 5G network programming. This involved allowing different ABB automation solutions to make use of 5G technology, while at the same time shielding these solutions from 5G network implementation details and complexities. The results show how an OT organization (automation vendor or plant operator) could use one logical cloud instance to manage all 5G networks centrally as they grow, or as new ones are added.

The proof of concept at ABB clearly demonstrates that it is possible to run network automation across the boundaries between OT automation systems and private 5G networks, which is a prerequisite for using 5G as a part of automation solutions.

The critical role of 3GPP in enabling the IIOT

Both ABB and Ericsson are active proponents of standardized technologies such as 3rd Generation Partnership Project (3GPP)-based solutions. Emerging 3GPP standard technologies such as the network exposure function (NEF), the service enabler architecture layer (SEAL) for verticals and the common API framework (CAPIF) have the potential to address the exposure-related requirements of the verticals by offering integration points between automation systems and the 5G network.

3GPP standard exposure technologies hide the complexity of 5G and offer industry verticals a simple, secure, use-case-oriented configuration interface to the 5G system. The exposure interfaces will be invaluable to a multitude of industrial use cases, allowing industry verticals to make use of the key features and performance that 5G has to offer in a simple and straightforward manner.

The 3GPP has already made significant progress toward exposing the capabilities of mobile networks through APIs. While it is well known that the 3GPP core network capabilities are exposed by the NEF, since release 16 the 3GPP has also been standardizing higher-level APIs to address requirements from various vertical applications, with further enhancements specified in release 17, and additional functionality currently under study for release 18.

Figure 3 provides an overview of 3GPP standards that are applicable for IIoT use cases, as defined by the 3GPP SA6 working group. From the bottom to the top, the following three layers of 3GPP exposure are depicted:

1. The network exposure layer, which exposes core network capabilities
2. The SEAL, which exposes common service enablers for verticals
3. The vertical application enabler (VAE) layer, which exposes vertical-specific service enablers.

3GPP network exposure function

The basic 3GPP core network exposure layer consists of the 5G NEF, which offers network capabilities exposure of the 5G Core toward external applications integrated with the 3GPP network. The following subset of NEF APIs [8] are relevant for IIoT use cases:

• Event monitoring (device location, reachability, connection status)
• AF session with QoS (on-demand QoS for IP and Ethernet connections)
• Analytics exposure
• 5G LAN parameter provisioning (device group management)
• Service parameter provisioning (route selection parameters)
• Time sync exposure
• UE ID retrieval (AF-specific device ID retrieval, such as GPSI)

3GPP service enabler application layer

Because the NEF APIs expose network capabilities in a highly granular manner, application developers that use them must have a good understanding of the underlying network concepts. To simplify application development and deployment, 3GPP has specified a new layer of simplified service enablers. The SEAL [9] consists of service enablers that provide services that are not specific to any vertical – that is, they are common services that applications can utilize from various vertical domains. The APIs currently defined by SEAL are for group management, location management, identity and key management, and network resource management (NRM).

Group management allows the application to create and manage device groups for different purposes such as group communication and location-based groups, while the SEAL ensures that the devices are properly notified and joined into the group. Location management makes it possible to provide device location information from different sources – both 3GPP and non-3GPP (such as Global Navigation Satellite Systems) – to an application either on demand or upon change, and to define location areas of interest for specific use cases. Identity and key management support applications in managing security material used in the authentication and authorization of users and devices.

Lastly, NRM enables application-specific usage and monitoring of network resources used by the devices covering:

• Unicast and multicast connection activation, deactivation and modification including QoS parameters
• Unicast connection QoS monitoring including packet delay, packet loss rate, data rate and traffic volume
• Event monitoring including device mobility, communication, loss of connectivity, location reporting and connection status
• Time-sensitive, deterministic device-to-device and device-to-enterprise-network communication.

The SEAL is expected to evolve and grow with additional service enablers in the upcoming 3GPP release 18.

3GPP vertical application enabler layer

In contrast to the SEAL, the VAE layer is tailored to satisfy specific vertical applications. These types of vertical service enablers are currently defined for automotive applications referred to as vehicle-to-anything (V2X) communication and drone applications known as unmanned aerial systems (UAS). VAE for factories of the future will include future enhancements specific to OT verticals.

Meeting IIoT requirements with 3GPP exposure capabilities

Figure 4 shows how the IIoT requirements outlined by 5G-ACIA match up to 3GPP release 17 exposure capabilities and APIs.

Conclusion

Widespread use of private 5G networks in the Industrial Internet of Things (IIoT) ecosystem will require a standards-based exposure solution that makes it possible to flexibly configure the 5G system according to the specific communication requirements of individual production processes. Communication service providers (CSPs) have an excellent opportunity to monetize the IIoT with a service offering that exposes the powerful capabilities of 5G networks to industry verticals. The reduction in manual network configuration tasks allows customer support departments of CSPs to scale up the number of enterprise customers they can serve.

A standards-based 5G IIoT exposure solution will enable industrial enterprises to use 5G as a part of system infrastructure, increasing production flexibility and scaling up to a large number of 5G-connected devices in an organized and secure manner. It will also open the door for IT/OT platform vendors to develop their own products that take advantage of 5G capabilities and enable system integrators to simplify the integration of operational technology applications with the wireless connectivity that 5G systems provide.

1. Ericsson Technology Review, Boosting smart manufacturing with 5G wireless connectivity, February 20, 2019, Sachs, J; Wallstedt, K; Alriksson, F; Eneroth, G
2. Ericsson-Hexagon Report, Connected Manufacturing – A guide to Industry 4.0 transformation with private cellular technology, November 2020
3. German Federal Ministry for Economic Affairs and Energy (BMWi), Fortschreibung der Anwendungsszenarien der Plattform Industrie 4.0 (Continuation of the Application Scenarios of the Plattform Industrie 4.0), October 2016
4. 5G-ACIA white paper, Exposure of 5G Capabilities for Connected Industries and Automation Applications, February 2021
5. IEC, Understanding IEC 62443, February 2021
6. IEC 62443-3-3, Industrial communication networks – Network and system security – Part 3-3: System security requirements and security levels
7. ABB, ABB Ability
8. ABB, ABB Ability Edgenius Operations Data Manager
9. 3GPP Technical Specification 23.502, Procedures for the 5G System (5GS): Stage 2
10. 3GPP Technical Specification 23.434, Service Enabler Architecture Layer for Verticals (SEAL); Functional architecture and information flows