Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ericsson Technology Review: Spotlight on the Internet of Things

122 views

Published on

The Internet of Things (IoT) has emerged as a fundamental cornerstone in the digitalization of both industry and society as a whole. It represents a huge opportunity not only in economic terms, but also from a global challenges perspective – making it easier for governments, non-governmental organizations and the private sector to address pressing food, energy, water and climate related issues.

5G and the IoT are closely intertwined. One of the biggest innovations within 5G is support for the IoT in all its forms, both by addressing mission criticality as well as making it possible to connect low-cost, long-battery-life sensors.

With this in mind, we decided to create a special issue of Ericsson Technology Review solely focused on IoT opportunities and challenges. I hope it provides you with valuable insights about the IoT-related opportunities available to your organization, along with ideas about how we can overcome the challenges ahead.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Ericsson Technology Review: Spotlight on the Internet of Things

  1. 1. ERICSSON TECHNOLOGY C H A R T I N G T H E F U T U R E O F I N N O V A T I O N | V O L U M E 9 9 I 2 0 1 9 INTERNET OF THINGS SPOTLIGHT ON THE
  2. 2. FEATURE ARTICLE Driving transformation in the automotive and road transport ecosystem with 5G Several automotive and transport services that require cellular connectivity are already in commercial operation today, and many more are on the horizon. At Ericsson, we believe that the best way to address the growing connectivity needs of this industry sector is through a common network solution, as opposed to taking a single-segment silo approach. 07 2019 ✱ ERICSSON TECHNOLOGY REVIEW 5 CONTENTS ✱ 21 5G-TSN INTEGRATION MEETS NETWORKING REQUIREMENTS FOR INDUSTRIAL AUTOMATION Time-Sensitive Networking (TSN) is becoming the standard Ethernet-based technology for converged networks of Industry 4.0. Future industrial automation will depend to a large extent on a combination of TSN features and 5G URLLC capabilities to provide deterministic connectivity end to end. 31 END-TO-END SECURITY MANAGEMENT FOR THE IOT Service providers that want to capitalize on IOT opportunities without taking undue risks need a security solution that provides continuous monitoring of threats, vulnerabilities, risks and compliance, along with automated remediation. We have developed an end-to-end IOT security and identity management architecture that delivers on all counts. 39 DISTRIBUTED CLOUD: A KEY ENABLER OF AUTOMOTIVE AND INDUSTRY 4.0 USE CASES Emerging use cases in the automotive industry – as well as in manufacturing industries where the first phases of the fourth industrial revolution are taking place – have created a variety of new requirements for networks and clouds. At Ericsson, we believe that distributed cloud is a key technology to supportsuch use cases. 49 BOOSTING SMART MANUFACTURING WITH 5G WIRELESS CONNECTIVITY 5G wireless connectivity has been designed to enable the fully-connected factories of the future. The integration of 5G ultra-reliable low-latency communication (URLLC) in the manufacturing process will accelerate the transformation of the manufacturing industry and make smart factories more efficient and productive than ever. 59 KEY TECHNOLOGY CHOICES FOR OPTIMAL MASSIVE IOT DEVICES LTE-M and NB-IOT have enabled the introduction of a new generation of IOT devices that deliver on the promise of scalable, cost-effective massive IOT applications using LPWAN technology. However, a few key technology choices are necessary to create IOT devices that can support the multitude of existing and emerging massive IOT use cases. 59 Asset monitoring Wireless sensors Non-real-time Soft real-time Mobile robots Automated guided vehicles Hard real-time Time-critical closed-loop control Wi-Fi Low (milliseconds) Low High High (seconds) End-to-end latency Reliability (with load) Wi-Fi MulteFire LTE NR Unlicensed spectrum Licensed spectrum MulteFire LTE NR49 Local Re Local DC MTSO MTSO Local and regional Service ex HD maps Data exposure for au Access sites Video stream ECU sensors HD maps Video stream ECU sensors HD maps Intelligent driving Advanced driver assistance Huge amount of data 39 5G system SDN controller End-to-end Ethernet TSN FRER PDU session AF as TT PCF 5G control plane CUC control NETCONF/ RESTCONF I/O device (sensor/ activator) 5G user plane CUC End station End station Controller CNC TT TT UE UE gNB gNB UPF UPF TT TSN bridge TT TSN bridge TSN bridge TSN bridge CUC control PDU session 1 Virtual TSN bridge Virtual TSN bridge PDU session 2 21 31 OEM advanced driver assistance systems (ADAS) Fleet management (including remote assistance of driverless vehicles) Critical IoT Cellular connectivity Broadband IoT Massive IoT Logistics and connected goods Connected road infrastructure services Vehicle-centric OEM and aftermarket services (including telematics) Vehicle-as-a-sensor for general third-party applications (including weather and maps) Regulated Cooperative-Intelligent Transport Systems (C-ITS) Coverage Latency Reliability Coverage Latency Reliability Coverage Capacity Latency Reliability Coverage Capacity Latency Capacity Coverage Coverage Capacity Coverage Capacity Convenience and infotainment services 07
  3. 3. 2019 ✱ ERICSSON TECHNOLOGY REVIEW 7 EDITORIAL ✱✱ EDITORIAL Ericsson Technology Review brings you insights into some of the key emerging innovations that are shaping the future of ICT. Our aim is to encourage an open discussion about the potential, practicalities, and benefits of a wide range of technical developments, and provide insight into what the future has to offer. a d d r e s s Ericsson SE -164 83 Stockholm, Sweden Phone: +46 8 719 00 00 p u b l i s h i n g All material and articles are published on the Ericsson Technology Review website: www.ericsson.com/ericsson-technology-review p u b l i s h e r Erik Ekudden e d i t o r s Tanis Bestland, lead editor (Nordic Morning) tanis.bestland@nordicmorning.com Liam James (Nordic Morning) liam.james@nordicmorning.com e d i t o r i a l b o a r d Håkan Andersson, Anders Rosengren, Mats Norin, Erik Westerberg, Magnus Buhrgard, Gunnar Thrysin, Håkan Olofsson, Dan Fahrman, Robert Skog, Patrik Roseen, Jonas Högberg, John Fornehed, Jan Hägglund, Per Willars and Sara Kullman f e at u r e a r t i c l e Driving transformation in the automotive and road transport ecosystem with 5G a r t d i r e c t o r Liselotte Stjernberg (Nordic Morning) p r o j e c t m a n a g e r Susanna O’Grady (Nordic Morning) l ay o u t Liselotte Stjernberg (Nordic Morning) i l l u s t r at i o n s Jenny Andersén (Nordic Morning) s u b e d i t o r s Ian Nicholson (Nordic Morning) Paul Eade (Nordic Morning) i s s n : 0 0 1 4 - 0 17 1 Volume: 99, 2019 ■ the internet of things (IOT) has emerged as a fundamental cornerstone in the digitalization of both industry and society as a whole. It represents a huge opportunity not only in economic terms, but also from a global challenges perspective – making it easier for governments, non-governmental organizations and the private sector to address pressing food, energy, water and climate related issues. With this in mind, we decided to create a special issue of Ericsson Technology Review solely focused on IOT opportunities and challenges. At its heart, the IOT involves the collection and analysis of insights and the automation of processes involving machines, things, places and people, thus in essense fusing the physical and cyber realms into one system. In so doing, it transforms business models – making it possible to sell services rather than products, for example, or outcomes instead of services – as well as enabling the reengineering of business processes to achieve the same outcome in a more efficient way. Not a single technology, the IOT is instead composed of a set of key technologies, encompassing devices with sensors and actuators, connectivity, cloud and edge computing, artificial intelligence/machine learning (AI/ML) and security. 5G and the IOT are closely intertwined. One of the biggest innovations within 5G is support for the IOT in all its forms, both by addressing mission criticality as well as making it possible to connect low-cost, long-battery-life sensors. Supporting the fourth industrial revolution Industry 4.0 – also known as the fourth industrial revolution – is already heavily reliant on IOT technologies. Manufacturing companies have SPOTLIGHT ON THE INTERNET OF THINGS demanding requirements in terms of cost, flexibility, safety and performance, and it is critical that their requirements are addressed in the ongoing development of the IOT. The automotive and transportation industry is another sector that is undergoing fundamental technology changes that require specialized IOT support. Both of these sectors are examined in detail in this issue of the magazine. Harnessing the full potential Fundamental to any IOT solution is the ability to connect the things of interest. Huge potential is lost when it is not possible to get the relevant things and locations online. When everything is connected, however, a wealth of new data becomes available, raising questions about how it should be handled (and potentially monetized). The wealth of data that the IOT generates can be used for a wide range of different purposes – everything from controlling robots on a factory floor to tracking and monitoring perishable goods in logistics on a global scale by the creation of Digital Twins. As such, IoT and Cyber-Physical System are converging into one and the same concept. Data must be processed both in the cloud and close to where it is produced and consumed, driven by requirements for reliability, cost and performance. Compute and storage serves as a continuum from the cloud and data center across the network infrastructure to the machines and things. The network itself will become the perfect infrastructure for edge computing for all industries. Ensuring trust in data integrity and reliability Now that the IOT plays such a key role in the success of so many enterprises, securing data end-to-end has become a top requirement. While reliability and trust are key considerations in all IOT applications, they are of utmost importance in mission-critical applications such as the predictability of data delivery to robots. IhopethatthisspecialIOTissueofEricssonTechnology Review provides you with valuable insights about the IOT-relatedopportunitiesavailabletoyourorganization, along with ideas about how we can overcome the challenges ahead. If you would like to share a link to the whole magazine or to a specific article, you can find both PDF and HTML versions at https://www. ericsson.com/en/ericsson-technology-review ERIK EKUDDEN SENIOR VICE PRESIDENT, CHIEF TECHNOLOGY OFFICER AND HEAD OF GROUP FUNCTION TECHNOLOGY ERICSSON TECHNOLOGY REVIEW ✱ 2019 ONEOFTHEBIGGESTINNOVATIONS WITHIN5GISSUPPORTFORTHEIOT INALLITSFORMS
  4. 4. 8 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ 2019 9 ✱ XXXXXXXXXXX XXXXXXXXXX ✱✱ TRANSFORMING TRANSPORTATION WITH 5G TRANSFORMING TRANSPORTATION WITH 5G ✱ 2 SEPTEMBER 13, 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ SEPTEMBER 13, 2019 3 Major mobile network operators around the world have started rolling out 5G cellular networks, with subscriber penetration expected to reach about 20 percent by 2024 [1]. One of the many benefits of these powerful, multipurpose networks is their ability to provide reliable, secure and fit- for-purpose cellular connectivity in automotive and transport applications. THORSTEN LOHMAR, ALI ZAIDI, HÅKAN OLOFSSON, CHRISTER BOBERG Once considered merely “nice to have,” connectivity is rapidly becoming a critical part of road transportation systems. Ericsson predicts that the number of connected cars in operation will rise to more than 500 million in 2025 [9]. ■Alreadytoday,vehicleoriginalequipment manufacturers(OEMs)areincreasinglyfocusing ondeliveringservicesinadditiontosellingvehicles asproducts.Softwareisnowacriticalcomponent ofvehicles,andOEMsareinvestingheavilyin automation,architecturesimplificationandnew drivetraintechnologiessuchaselectrification. Atthesametime,trafficandroadauthoritiesare seekingnewtechnologysolutionstoreducecarbon emissions,trafficcongestionandcasualties– solutionsthatareoftendependentonvehicle functionalityandtheabilitytoprovidevarious typesofsupportfordriversandvehicles.Meeting thesediverseneedsrequiressoftware-definedand network-awarevehicles,combinedwithadvanced networkconnectivity. Whileitistruethatmanyoftoday’s2G-4G networkscanprovidesufficientconnectivityfor numerousInternetofThings(IoT)applications, thehigherdatarate,lowerlatencyandimproved capacityprovidedby5GNewRadio(NR)access make5Gsystemstheidealchoicetomaximize thesafety,efficiencyandsustainabilityofroad transportation. Overviewofautomotive androadtransportservices Awidearrayofautomotiveandroadtransport servicesrequirecellularconnectivity,withmany alreadyincommercialoperation.Tobetter understandthebigpicture,wehaveclassifiedthese servicesintoeightgroups,asshowninFigure1. RegulatedCooperative-IntelligentTransport Systems(C-ITS)focusongovernmentalregulated servicesforroadsafetyandtrafficefficiency.Traffic efficiencyusecaseshaverelaxedlatency requirements,whilesafety-relateddataoften requiresreliablelow-latencycommunication.A benefitofregulationistoencouragecross-OEM cooperationinstandardized(regulated)information exchange.RegulatedC-ITSservicesmayalsouse dedicatedITSspectrumincertainregions;for example,fordirectshort-rangecommunication using3GPPPC5orIEEE(InstituteofElectricaland ElectronicsEngineers)802.11ptechnologies. ThepurposeofOEMadvanceddriverassistance systems(ADAS)istoincreaseroadsafetyby focusingonthedriveranddrivingbehavior.They relyprimarilyonvehiclesensorinformationandare typicallynotcollaborativeacrossvehiclebrands. ADASservicescanalsobenefitfromdataprovided bytrafficauthoritiessuchastrafficlightinformation. Theyareexpectedtoevolvetosupportthedriverless vehiclesofthefuture. Fleetmanagementservicesareaimedatvehicle fleetownerssuchaslogisticsorcar-sharing companies.Thecommunicationserviceisprimarily usedtomonitorvehiclelocationsandthevehicle/ driverstatus.Whenthefleetconsistsofdriverless vehicles,thefleetmanagementalsoincludescommu- nicationsupportforoperationsmonitoringandremote assistance,whichcanimplyfullremotedriving. Theprimaryfocusinthelogisticsandconnected goodscategoryisonthetrackingoftransported objects(commodities,merchandisegoods,cargo Figure 1 Overview of automotive and road transport services that require cellular connectivity OEM advanced driver assistance systems (ADAS) Fleet management (including remote assistance of driverless vehicles) Critical IoT Cellular connectivity Broadband IoT Massive IoT Logistics and connected goods Connected road infrastructure services Vehicle-centric OEM and aftermarket services (including telematics) Vehicle-as-a-sensor for general third-party applications (including weather and maps) Regulated Cooperative-Intelligent Transport Systems (C-ITS) Coverage Latency Reliability Coverage Latency Reliability Coverage Capacity Latency Reliability Coverage Capacity Latency Capacity Coverage Coverage Capacity Coverage Capacity Convenience and infotainment services IN THE AUTOMOTIVE AND ROAD TRANSPORT ECOSYSTEM WITH 5G Driving transformation
  5. 5. 10 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ 2019 11 ✱ XXXXXXXXXXX XXXXXXXXXX ✱✱ TRANSFORMING TRANSPORTATION WITH 5G TRANSFORMING TRANSPORTATION WITH 5G ✱ 4 SEPTEMBER 13, 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ SEPTEMBER 13, 2019 5 Thefirstthreesegmentsarerelevantforautomotive andtransportservices.ThecoloreddotsinFigure1 indicatetheirrelevanceforeachoftheeightservice groups,basedonkeyconnectivityperformance indicators. MassiveIoT MassiveIoTconnectivitytargetslowcomplexity narrow-bandwidthdevicesthatinfrequentlysendor receivesmallvolumesofdata.Thedevicescanbein challengingradioconditionsrequiringcoverage extensioncapabilitiesandmaysolelyrelyonbattery powersupply.MassiveIoTissuitableforlow-data- rateusecasesthatcanbesupportedwithnarrow bandwidthmodems.Theseusecasescanbefound inlogistics,telematics,fleetmanagementand connectingpartsofroadinfrastructure,forexample. BroadbandIoT BroadbandIoTconnectivityenableslargevolumes ofdatatransfer,extremedataratesandlowlatencies fordeviceswithsignificantlylargerbandwidthsthan massiveIoTdevices.BroadbandIoTconnectivityis alsocapableofenhancingsignalcoverageperbase stationandextendingdevicebatterylifeifrequire- mentsondatarateandlatencyarenotstringent. BroadbandIoTisvitalforthemajorityoftheauto- motiveusecasesthatrequirehighdataratesandlow latency,suchasinfotainment,telematics,fleet management,sensorsharing,basicsafetyandADAS. CriticalIoT CriticalIoTconnectivityenablesultra-reliable and/orultra-lowlatencycommunication.Itaimsto delivermessageswithstrictlyboundedlowlatencies eveninheavilyloadedcellularnetworks.CriticalIoT canenablesomeveryadvancedservices,suchas remotedrivingofautomatedcommercialvehicleson specificroutes. 4GnetworksalreadysupportmassiveIoT(based onLTECategoryM1andNarrowbandIoTaccess) andbroadbandIoT(basedonLTEaccess).5G networkswillboostbroadbandIoTperformance andenablecriticalIoTwiththeintroductionofNR. WiththeevolutionofcellularIoTinthe5Gera, cellularnetworkswouldenablethefullrangeof existingandemergingautomotiveapplications. Thishorizontalapproachofsupportingallservices throughthecellularnetworkismuchfasterandmore cost-efficientthandeployingdedicatedsystemsfor differentservices,suchasadedicatedshort-range communicationsystemforregulatedC-ITS[3]. Acceleratingtheadoptionof5Gconnectivity Whenrollingout5Gnetworks,MNOsaimto balanceinvestments,newrevenuesand competitiveness.Decisionsaboutwhereandwhen todeploy5Gnetworksdependnotonlyon commercialfactorsbutalsoonspectrumavailability indifferentregions.Acceleratedadoptionof5G intheecosystem,includingtheautomotiveand transportindustry,requires: ❭ The ability of 5G NR deployments to deliver value from day one. ❭ The ability to efficiently share spectrum resources between 5G NR and 4G LTE. ❭ Operators’ ability to reuse 4G LTE radio base station equipment for 5G NR deployments as much as possible. Oneofthe5Gfundamentalsistightinterworking between4GLTEand5GNRradioaccess. Thisinterworkingallows5G-capabledevicesto simultaneouslyaccess4GLTEand5GNRcarriers. A5G-capablemodemcanconnectwithNR(whenin NRcoverage)toexperienceaboostinperformance andcapacitywhilemaintainingits4GLTE connection.Thisapproachensuresthat5GNR deploymentscandelivervalueforautomotiveand transportservicesfromdayone. Bothwide-area5Gcoverageandautomotive sectorrequirementsdemandthat5GNRand4G LTEareabletoefficientlysharespectrumresources. Lowercarrierfrequencieswhere4GLTEis operationalareidealfromacoverageperspective (duetobetterradiowavepropagationcharacteristics) andveryattractivefor5GNRdeployments. However,4GLTEwillberequiredformanyyearsto supportlegacydevices(suchasvehicleswith4G andsoon)duringtheproductionandtransport cycleoftheobject. Convenienceandinfotainmentservicesdeliver contentsuchastrafficnewsandaudioentertainment fordrivers,andgamingandvideoentertainmentfor passengers. Invehicle-as-a-sensorforgeneralthird-partyuse cases,thesensorsinstalledinthevehicletoprovide informationtosolutionsaimedatachievingdriving improvements(suchasADASorautomateddriving) arereusedtoprovideanonymizeddatatoother partiestomonitorcityinfrastructureandroad status,maintainstreetmapsortogiveaccurateand up-to-dateweatherinformation. Vehicle-centricOEMsandaftermarketservices focusonvehicleperformanceandusage.Theymake itpossiblefortheOEMtocollectvehiclediagnostics datathatenablesittomonitor/adjustthevehicleand giveadvicetothedriverforimproveddriving efficiency.Otherexamplesofservicesinthis categoryincludevehicletracking andpredictive maintenance. Connectedroadinfrastructureservicesare operatedbycitiesandroadauthoritiestomonitor thestateofthetrafficandcontrolitsflow,suchas physicaltrafficguidancesystems,parking managementanddynamictrafficsigns. Eachservicegroupcontainsmultipleusecases, andrequirementscanbediversewithinagroup. Thekeyconnectivityrequirementspersegment arenotedinFigure1. 5G-enablednetworkforallservices Connectedvehiclesandroadinfrastructurearepart ofabroaderIoTecosystemthatiscontinuously evolving.Toensurecostefficiencyandfuture-proof support,mobilenetworkoperators(MNOs)aimto meettheconnectivitydemandsofmultipleindustry verticals,includingtheautomotiveandtransport industry,usingcommonphysicalnetworkinfra- structure,networkfeaturesandspectrumresources. EricssondividescellularconnectivityfortheIoT intofourdistinctsegments:massiveIoT,broadband IoT,criticalIoTandindustrialautomationIoT[2]. Examples of connected services trials In addition to all the connected services already in commercial operation, there are many noteworthy advanced trials on 4G/5G cellular networks, including: ❭ C-ITS in Australia: https://exchange.telstra.com.au/making-our-roads-safer-with-connected-vehicles/ ❭ C-ITS in Europe: https://5gcar.eu ❭ Multi-party information exchange for C-ITS: https://www.nordicway.net/ ❭ Connected traffic light information and driver advice for C-ITS: https://www.talking-traffic.com/en ❭ ADAS: https://www.ericsson.com/veoneer ❭ AD-aware traffic control: https://www.drivesweden.net/en/events/demo-ad-aware-traffic-control-0 ❭ Tele-operated driving and HD mapping: https://5gcroco.eu/ ❭ Self-driving, remote-assisted trucks: https://www.ericsson.com/en/press-releases/2018/11/ericsson- einride-and-telia-power-sustainable-self-driving-trucks-with-5g ❭ Service continuity at border crossings: https://www.ericsson.com/en/blog/2019/5/connected-vehicle-cross- border-service-coverage ❭ Connected logistics: https://clc.ericsson.net/#/use-cases
  6. 6. 12 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ 2019 13 ✱ XXXXXXXXXXX XXXXXXXXXX ✱✱ TRANSFORMING TRANSPORTATION WITH 5G TRANSFORMING TRANSPORTATION WITH 5G ✱ 6 SEPTEMBER 13, 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ SEPTEMBER 13, 2019 7 Insomecases,thefleetoperatorprovides connectivitytothetransportedobjects(passengers inthiscase),asillustratedinFigure2.Alternatively, thevehicle’sOEMsubscriptioncanbeusedto providepassengerWi-Fi. Insteadofusingthevehicle-mountedconnectivity support,infotainmentandnavigationareoften providedbyasmartphonewithitsownsubscription thatiscarriedintothevehicle.AsfutureITSand ADASservicesevolve,theytoowillbeavailable throughsmartphones,whichwillincreaseservice penetrationtooldervehicles. Achievingglobalconsistency inautomotiveandtransportconnectivity Vehiclesallaroundtheworldneedconnectivityto communicate,and,likeanyotherdevice,avehicle needsanMNOsubscriptiontoaccessacellular network.Thestarkcontrastbetweentheglobal natureofvehicles’connectivityrequirementsand thelocalnatureofMNOspresentssignificant challengestomeettheautomotiveandtransport ecosystem’sconnectivityneeds,mostnotablyinthe areasofsubscriptionprovisioning,roaming,local breakout/distributedcomputingandcost separation/trafficprioritization. Subscriptionprovisioning Oneofthechallengesparticulartotheautomotive andtransportecosystemisthatthelonglifecycleof vehiclesandtheirvaryingroamingneedsovertime maymakeitnecessaryforavehicleownerand/or OEMtochangethesubscriptionmultipletimes. SincethephysicalSIMcardsthatcontainthe subscriptioncredentialsarenoteasilyaccessible invehicles,itisproblematictohavetochangethem. EmbeddedSIM(eSIM)technologyovercomes thischallengebyenablingremoteprovisioningof MNOsubscriptions.AneSIMunitcanbesoldered intothecellulardevicewhichstorestheMNO- specificnetworkaccesscredentials(thesubscription) asaSIMcardprofile.Thesubscriptionscanthenbe changedremotelyover-the-airwithoutphysically touchingthevehicle.Tosimplifytheusageofthis technology,theGSMAhasdevelopedaneSIM profilespecification[6]. Roaming Itiscommontodayforavehicletobeproducedinone country,soldinanother,ownedinathird,anddriven acrossborderstonumerousadditionalcountriesor regions,withhighrequirementsondatathroughput andlatencyindependentoflocation.Inlightofthis, roamingisfrequentlythedefaultoperatingmodelfor aconnectedvehicle.Today’sroamingsolution,how- ever,issingle-human-user-centric–designedto supportuserstravelingoutsidethecoverageoftheir homemobilenetworks.Itisnotdesignedforconnected vehiclesonaglobalscale.Asaresult,ithasanumber oflimitationsinautomotiveandtransportapplications. modems).Toaddressthis,Ericssonhasdeveloped fullydynamicspectrumsharingbetweenNRand LTEonamillisecondlevelforoptimizedutilization ofspectrum[4]. Withrespecttooperators’abilitytoreuse4GLTE radiobasestationequipmentfor5GNRdeployments, theEricssonRadioSystemcanbefullyreusedon existingsitesfollowingaremotesoftwareupgrade, includingbasebandunits,radiosandantennas (whenNRandLTEshareaspectrumband)[4].This important5Gfunctionalitywillfacilitatemarket- drivendeploymentsalongmoststreetsandroads. However,insomecases,publicincentivescantrigger fasterroadcoveragedeployment,forexampleby lettingMNOsdeploynetworksusingroad authorities’siteassets,orregulatingroadcoverage requirementsinspectrumlicenseauctions[5]. Therelationbetweenin-vehicle andwide-areaconnectivity Figure2illustrateshowcellularconnectivityworks forvehiclesandroadsideequipment.Itvisualizes vehiclesasmultipurposedevicesinwhichseveral connectivity-dependentusecasesareexecuted simultaneously.Atthesametime,eachvehiclealso containsaninternalnetworkthatinterconnects in-vehiclesensors,actuatorsandotherdevices, includingdriverandpassengersmartphones. Agatewayfunction(traditionallyimplemented intheTelematicsControlUnit)connectsthe vehicle-internalnetwork(s)totheexternalnetwork. Amongotherthings,thisgatewayfunctionprotects thevehicle-internaldevicesagainstexternalmisuse. Additionalsecurityandtrafficseparationsolutions restrictaccesstosensitivein-vehicledevicesfrom insidethevehicleaswell. Connectivitytotheexternalnetworkisrealized byoneormoremodems,containingoneormore subscriptions(representedbySIMcards)when usingcellularaccess.Thenumberofmodems andsupportedsubscriptions(providedbythe OEM,forexample)hasgenerallybeenatrade-off betweencostconstraintsandsimpleserviceusage. Morerecently,capacityandredundancygains havealsobeentakenintoconsideration. Figure 2 Cellular connectivity for vehicles and roadside equipment Fleet GW Fleet mgmt services Passenger Wi-Fi Telematics, ADAS, C-ITS Infotainment Private vehicle Roadside equipment Wide-area cellular network Commercial vehicle for people transport Wi-Fi Telematics OEM GW OEM GW Owner GW Terms and abbreviations 3GPP – 3rd Generation Partnership Project | ADAS – Advanced Driver Assistance Systems | AMQP – Advanced Message Queuing Protocol | C-ITS – Cooperative Intelligent Transportation Systems | DSDA – Dual Sim Dual Active | eSIM – Embedded SIM | GW – Gateway | HTTP – Hypertext Transfer Protocol | IEEE – Institute of Electrical and Electronics Engineers | IOT – Internet of Things | MAC – Media Access Control | MNO – Mobile Network Operator | MQTT – Message Queuing Telemetry Transport | NR – New Radio | OEM – Original Equipment Manufacturer | PC5 – LTE-V2X short-range access interface | PGW – Packet Data Network Gateway | PDCP – Packet Data Convergence Protocol | PHY – Physical Layer | RLC – Radio Link Control | SCEF – Service Capability Exposure Function | SLA – Service Level Agreement | TCP – Transmission Control Protocol | TLS – Transport Layer Security | Uu – Utran-UE (interface in 3GPP)
  7. 7. 14 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ 2019 15 ✱ XXXXXXXXXXX XXXXXXXXXX ✱✱ TRANSFORMING TRANSPORTATION WITH 5G TRANSFORMING TRANSPORTATION WITH 5G ✱ 8 SEPTEMBER 13, 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ SEPTEMBER 13, 2019 9 Firstly,sinceroamingfeesareonlypartially regulated,theydependtoalargeextentonbilateral agreementsbetweentwoMNOs.Asaresult,thefees canvary,whichcanmakeitdifficulttopredictthe costfortheusedconnectivityincertaincases. Secondly,ithastraditionallybeenthecasethat onlybasicconnectivityandcommunicationisenabled whileroaming,whichmeansthatsomemore advancedserviceandcapacityrequirementsmay notbemetwhenavehicleconnectsoutsideitshome network.RoamingagreementsbetweenMNOs typicallyputlimitationsonhowtheconnectivitycan beused,andthevisitedMNOcandisconnectthe deviceifitisnotinlinewiththeagreement. Thirdly,thecurrentlydeployedroamingarchi- tectureisdesignedtoroutetraffictothehomenetwork first,whichincreaseslatency.Thisisproblematicin automotiveusecasesthatarelatency-criticalor producehighdatathroughput.Inthesecases,fast accesstonational/localdatacentersisrequired. Fourthly,thefactthatamobiledeviceloses connectivityforsometime(uptoabout120seconds) whenbeinghandedoverfromoneMNOtoanother isaseriousissueformanyusecases.Thereason forthedelayisthatthemobiledeviceneedsto firstscanforasuitablenetworkproviderand thenregisteritselfinthenewmobilenetwork. Thisappliesatbothinternationalcountryborders andnationalcoverageborders. InEricsson’sview,therearetwocomplementary pathstoovercomingroamingchallengesinthe automotiveandtransportindustry: 1. Enhancing the existing roaming solution through the creation of an alliance of MNOs. 2. Avoiding roaming altogether by using local subscriptions and eSIM technology for provisioning in each local network. Theenhancementoftheexistingroamingsolution wouldensurethatoperatorstreatroamingusersthe samewaytheytreatlocalusers–thatis,therewould benoadditionalcostsandroaminguserswouldhave consistentcapabilityandsupportforlow-latencyand high-volumeservices.Thiscouldbeachieved throughthecreationofanallianceofMNOsthat enablesthe3GPProamingarchitecture“Local breakoutinthevisitednetwork,”[7]whichwould providedirect,fastaccesstolocaldatacenters. Alternatively,itispossibletoavoidtheroaming modelaltogetherbyusinglocalsubscriptionsand eSIMtechnologyforprovisioningineachlocal network.Thisapproachensuresaccesstoallthe functionalityandcapacityprovidedbythelocal network,includingdirectaccesstolocaldatacenters. Someformofcoordinationofservice,subscription andcostmodelsbetweentheinvolvedoperators wouldberequiredtoachieveconsistency. Bothofthesealternativesinvolvetheuseof differentcorenetworks,whichmeansthattherecan bevariancesinserviceexperienceandSLAsupport betweenoperators.Thisisduetothefactthatthecore networkistheentitythatcontrolsmostoftheservice- specificparametersandmanagesthetechnicalSLAs. FullharmonizationofservicesandSLAcontrol requiresanalignmentofcorenetworkfunctions. Regardlessofwhichoptionischosen,afastinter- MNOmobilitysolutionisalsorequiredtoreduce thetimefornetworkswap.Acombinationofnetwork featuresinarecenttrialhasbeenshowntoprovide fastinter-networkservicecontinuity[8]. Localbreakoutanddistributedcomputing Severalemergingautomotiveservicesrequire vehiclestobeconnectedtothecloudandnetworks tofacilitatethetransferofalargeamountofdata betweenvehiclesandthecloud.Someoftheservices maybemoretime-critical,whileotherservicesallow timephasingtoadifferenttimeslotoranotheraccess network.TheAECC(AutomotiveEdgeComputing Consortium)addressesthetechnicalrealization ofsuchusecasesbydesigningatopology-aware distributedcloudsolutiononaglobalscale, tobetteraccommodatetheneedsoftheautomotive industry[9,10]. Costseparationandtrafficprioritization Intheautomotiveandtransportecosystemthereisa needtoseparatethecostsforcellularconnectivity fordifferentservicesinthevehicletargetedat differentstakeholders–suchastheownerofthe vehicleorvehiclefleet,thedriver/userofthevehicle, thevehicleOEMandtraffic/roadauthorities.For example,onemaywantentertainment-relatedcosts tobechargedtothepassengers,whiletheOEM coversthecostforvehicle-centricsensordata uploads.Supportfordatatrafficprioritizationisalso essential,particularlyattimesofhighnetworkusage, suchaswhenvehiclesarestuckinatrafficjam. Therearetwomainalternativesforcost separation:multiplesubscriptionsormultiple connectionsusingasinglesubscription(alsoknown asdedicatedbearers).Avehiclecanhavemultiple subscriptionstoconnectwithoneormultiplemobile networksformultipleservices.Multiple subscriptionscanbeactivesimultaneouslywhen multipleservicesareneededconcurrently.The vehiclecanbeeithernativelyequippedtosupport multiplesimultaneousactivesubscriptionsthrough theuseofaDual-SimDualActive(DSDA)device, forexample,oradditionalcommunicationdevices canbeaddedtothevehiclelater(eachwithitsown subscription).Thesedevicescouldbepermanently mountedortheycouldbetemporarydevicessuchas thedriver’ssmartphone. Adedicatedbearerframeworkallowsseparation oftrafficflowsfordifferentiatedQoShandlingand chargingusingasinglesubscriptionandsingle modem.3GPPsystemssupporttrafficdifferentiation basedonPolicyandChargingControlrules. Theterm‘policy’referstovarioustraffic-handling policies,suchasdifferentQoSfordifferenttrafficflows. In4Gnetworks,theseparateddatastreamsare handledasdifferentbearers,whichareknownas dedicatedbearers.Thecellularnetworkidentifies thetrafficflowsbasedontrafficflowtemplates– typicallya5-tupleintheformofIPaddresses, protocolandtransportlayerports.Theconsumed datavolumescanbeaccountedseparatelyforeach bearer.Within5Gnetworks,theseparateddata streamsarehandledasdifferentQoSflows. Figure3depictsanend-to-endarchitecture usingdedicatedbearersfortrafficseparation, consideringdistributedcomputingwithedgeclouds. Figure 3 Usage of dedicated bearers for traffic separation within one vehicle OEM cellular subscription Cellular network Default bearer Dedicated bearers with different priorities Request network feature OEM edge cloud IoT protocol stack Other servers OEM central cloud PGW SCEF GW MQTT, AMQP, HTTP, etc. TLS TCP 3GPP Uu IP PDCP RLC MAC PHY
  8. 8. 16 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ 2019 17 ✱ XXXXXXXXXXX XXXXXXXXXX ✱✱ TRANSFORMING TRANSPORTATION WITH 5G TRANSFORMING TRANSPORTATION WITH 5G ✱ 10 SEPTEMBER 13, 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ SEPTEMBER 13, 2019 11 Theedgecloudserversareshieldingthecentral cloudserversbyexecutingtheheavylifting workloads.Thecentralserverscoordinatetheheavy workloadfunctionsanddistributetheloadacross differentedgecloudserversandsites. Thecentralcloudserverssteerthevehicle’s connectiontoanappropriateedge,whichsupports theserviceandhassufficientcomputational capacity.Thepolicyrulesfortrafficseparationcan beprovidedeitherstaticallywithinthepolicysystem ofthenetworkordynamicallyusingtheService CapabilityExposureFunction(SCEF),whichis providedbythemobilenetworktowardtheOEM. TheSCEFisevolvingintotheNetworkExposure Functionin5G. Figure3alsoillustratesanexampleprotocolstack fordifferentIoTconnectivityprotocols.Popular publish/subscribeIoTprotocolslikeMQTT(S)or AMQP(S)canbeusedforeventnotificationtoone ormorereceivers.Vehiclescansubscribeto channels(calledtopics)thatprovideinformation relevanttoacertaingeographicalarea. HTTP(S)istypicallyusedtofetchinformationor providefeedback.Forusecasessuchasremote driving,additionalprotocolsareusedforsending uplinkvideoanddownloadvehiclecontrol commands.Whenusedwithdedicatedbearers,all themessagesusingthesametransportconnection (TCP,forexample)willbetreatedaccordingtothe samepolicyrule(prioritization,forexample). Inupcoming5Gnetworks,thenetworkslicing concept[11]maybeusedforserviceandcost separation. Conclusion Theconnectivityneedsoftheautomotiveand transportecosystemarediverseandcomplex, requiringacommonnetworksolutionratherthan asingle-segmentsiloapproach.Theongoingrollout of5Gprovidesacost-efficientandfeature-rich foundationforahorizontalmultiservicenetwork. 5Gnetworks(including2G-4Gaccesses)offer excellentcapabilitiesthatmakethemtheideal choicetomeetthewidevarietyofneedsinthe automotiveandtransportecosystem.Thetime-to- marketfor5Gnetworksandservicesisfasterthan earliergenerations,andtheconnectivitycapabilities canbetailoredtodifferentservicesusingmechanisms thatenablebothseparatedQoStreatmentand separatedcharging.Thisfunctionalitycontributes tomaking5Ginstrumentalinhelpingtomaximize thesafety,efficiencyandsustainabilityofroad transportation. References 1. Ericsson Mobility Report, June 2019, available at: https://www.ericsson.com/49d1d9/a ssets/local/mobility- report/documents/2019/ericsson-mobility-report-june-2019.pdf 2. Ericsson white paper, Cellular IoT Evolution for Industry Digitalization, January 2019, available at: https://www.ericsson.com/en/white-papers/cellular-iot-evolution-for-industry-digitalization 3. 5GAA white paper, C-ITS Vehicle to Infrastructure Services: how C-V2X technology completely changes the cost equation for road operators, available at: https://5gaa.org/wp-content/uploads/2019/01/5GAA- BMAC-White-Paper_final2.pdf 4. Ericsson, 5G deployment considerations, available at: https://www.ericsson.com/en/networks/trending/ insights-and-reports/5g-deployment-considerations 5. BundesnetzagenturfürElektrizität,Gas,Telekommunikation,PostundEisenbahnen,2018,availableat: https://www.bundesnetzagentur.de/SharedDocs/Downloads/EN/Areas/Telecommunications/ Companies/TelecomRegulation/FrequencyManagement/ElectronicCommunicationsServices/ FrequencyAward2018/20181214_Decision_III_IV.pdf;jsessionid=0A5E0D5D76E944D2218CF71B6D9EC500?__ blob=publicationFile&v=3 6. GSMA, The SIM for the next Generation of Connected Consumer Devices, available at: https://www.gsma.com/esim/ 7. 3GPP TS 23.501, System architecture for the 5G System (5GS), available at: https://www.3gpp.org/DynaReport/23501.htm 8. Ericsson blog, Keeping vehicles connected when they cross borders, May 21, 2019, available at: https://www.ericsson.com/en/blog/2019/5/connected-vehicle-cross-border-service-coverage 9. Ericsson Technology Review, Distributed cloud – a key enabler of automotive and industry 4.0 use cases, November 20, 2018, available at: https://www.ericsson.com/en/ericsson-technology-review/archive/2018/ distributed-cloud 10. AECC white paper, General Principle and Vision, version 2.1.0, December 25, 2018, available at: https://aecc.org/wp-content/uploads/2019/04/AECC_White_Paper_v2.1_003.pdf 11. Ericsson, Network Slicing, available at: https://www.ericsson.com/en/digital-services/trending/network- slicing?gclid=CjwKCAjw-ITqBRB7EiwAZ1c5U-MQSqTjzDQJRiH43LlO4CPSFvBZC7sBbDRt-iSMX7yXrDd_ hzn1LxoCFCwQAvD_BwE Further reading ❭ Learn more about evolving cellular IOT for industry digitalization at: https://www.ericsson.com/en/networks/ offerings/cellular-iot 5GPROVIDESACOST- EFFICIENTANDFEATURE-RICH FOUNDATIONFORAHORIZONTAL MULTISERVICENETWORK
  9. 9. 18 ERICSSON TECHNOLOGY REVIEW ✱ 2019 ✱ XXXXXXXXXXX✱ TRANSFORMING TRANSPORTATION WITH 5G 12 ERICSSON TECHNOLOGY REVIEW ✱ SEPTEMBER 13, 2019 Thorsten Lohmar ◆ joined Ericsson in Germany in 1998 and has worked primarily within Ericsson Research. He specializesinmobilenetwork architectures, focusing on end-to-end procedures and protocols. He is currently working as an expert for media delivery and acts as the Ericsson delegate in different standards groups and industry forums. Recently, he has focused on industry verticals such as automotive and transport. Lohmar holds a Ph.D. in electrical engineering from RWTH Aachen University, Germany. Ali Zaidi ◆ is a strategic product manager for cellular IoT at Ericsson. He received an M.Sc. and a Ph.D. in telecommunications from KTH Royal Institute of Technology, Stockholm, Sweden, in 2008 and 2013, respectively. Since 2014, he has been working with technology and business development of 4G and 5G radio access at Ericsson. He has co-authored more than 50 peer-reviewed research publications and two books, filed over 20 patents and made several 3GPP and 5G-PPP contributions. He is currently responsible for LTE for machines, NR ultra-reliable low-latency communication, NR Industrial IoT, vehicle-to- everything communication and local industrial networks. Håkan Olofsson ◆ has 25 years’ experience of the mobile industry, and its RAN aspects in particular. He joined Ericsson in 1994 and has served the company and the industry in a variety of capacities, mostly dealing with strategic technology development and evolution of 2G to 5G. He is currently head of the System Concept program in Development Unit Networks. He is also codirector of the Integrated Transport Research Lab in Stockholm, founded together with the KTH Royal Institute of Technology and the Swedish vehicle manufacturer Scania. Olofsson holds an M.Sc. in physics engineering from Uppsala University, Sweden. Christer Boberg ◆ serves as a director at Ericsson’s CTO office, responsible for IoT technology strategies aimed at solving networking challenges for the industry on a global scale. He initially joined Ericsson in 1983 and during his career he has focused on software and system design as a developer, architect and technical expert, both within and outside Ericsson. In recent years, Boberg’s work has centered on the IoT and cloud technologies with a special focus on the automotive industry. As part of this work, he founded and drives the Automotive Edge Computing Consortium (AECC) together with industry leading companies. theauthOrs Theauthorswould liketothank TomasNylander, MaciejMuehleisen, Stefano Sorrentino, MichaelMeyer, MarieHogan, MikaelKlein, AndersFagerholt, TimWouda, FredrikAlriksson, RobertSkogand HenrikSahlinfor theircontributions tothisarticle.
  10. 10. 20 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ 2019 21 ✱ 5G-TSN INTEGRATION FOR INDUSTRIAL AUTOMATION 5G-TSN INTEGRATION FOR INDUSTRIAL AUTOMATION ✱ 2 AUGUST 27, 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ AUGUST 27, 2019 3 The move toward smart manufacturing creates extra demands on networking technologies – namely ubiquitous and seamless connectivity while meeting the real-time requirements. Today, 5G is good for factories; nevertheless, its integration with Time-Sensitive Networking (TSN) would make smart factories fully connected and empower them to meet all key requirements on industrial communication technology. JÁNOS FARKAS, BALÁZS VARGA, GYÖRGY MIKLÓS, JOACHIM SACHS Industrial automation is one of the industry verticals that can benefit substantially from 5G, including, for example, increased flexibility, the reduction of cables and support of new use cases [1]. At the same time, factory automation is going through a transformation due to the fourth industrial revolution (also known as Industry 4.0), and this requires converged networks that support various types of traffic in a single network infrastructure. ■Asitstands,IEEE(InstituteofElectrical andElectronicsEngineers)802.1Time-Sensitive Networking(TSN)isbecomingthestandard Ethernet-basedtechnologyforconvergednetworks ofIndustry4.0.Itispossiblefor5GandTSNto coexistinafactorydeploymentandaddresstheir primaryrequirements,suchas5Gforflexibility andTSNforextremelylowlatency.Beyondthat, 5GandTSNcanbeintegratedtoprovidesolutions totheaforementioneddemandsofubiquitousand seamlessconnectivitywiththedeterministicQoS requiredbycontrolapplicationsendtoend. Ultimately,integratingthesekeytechnologies provideswhatisneededforsmartfactories. 5G:addingultra-reliablelow-latency communication 5Ghasbeendesignedtoaddressenhancedmobile broadbandservicesforconsumerdevicessuchas smartphonesortablets,butithasalsobeentailored forInternetofThings(IoT)communicationand connectedcyber-physicalsystems.Tothisend,two requirementcategorieshavebeendefined:massive machine-typecommunicationforalargenumberof connecteddevices/sensors,andultra-reliablelow- latencycommunication(URLLC)forconnected controlsystemsandcriticalcommunication[1][2].It isthecapabilitiesofURLLCthatmake5Gasuitable candidateforwirelessdeterministicandtime- sensitivecommunication.Thisisessentialfor industrialautomation,asitcanenablethecreation ofreal-timeinteractivesystems,andalsoforthe integrationwithTSN. Severalfeatureshavebeenintroducedto5G inphase1(3GPPRelease15)andphase2(3GPP Release16,tobefinalizedbyMarch2020)that reducetheone-waylatencyandenablethe transmissionofmessagesovertheradiointerface withreliabilityofupto99.999percent,achievable inacontrolledenvironmentsuchasafactory. 5GRANfeatures 5GRAN[3]withitsNewRadio(NR)interface includesseveralfunctionalitiestoachievelow latencyforselecteddataflows.NRenablesshorter slotsinaradiosubframe,whichbenefitslow-latency applications.NRalsointroducesmini-slots,where prioritizedtransmissionscanbestartedwithout waitingforslotboundaries,furtherreducinglatency. Aspartofgivingpriorityandfasterradioaccessto URLLCtraffic,NRintroducespreemption–where URLLCdatatransmissioncanpreemptongoingnon- URLLCtransmissions.Additionally,NRapplies veryfastprocessing,enablingretransmissionseven withinshortlatencybounds. FOR INDUSTRIAL AUTOMATION 5G-TSNintegration meetsnetworking requirements Definition of key terms Smart factories are being developed as part of the fourth industrial revolution. They require ubiquitous connectivity among and from the devices to the cloud through a fully converged network, supporting various types of traffic in a single network infrastructure, which also includes mobile network segments integrated into the network. ULTIMATELY,INTEGRATING THESEKEYTECHNOLOGIES PROVIDESWHATISNEEDED FORSMARTFACTORIES
  11. 11. 22 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ 2019 23 ✱ 5G-TSN INTEGRATION FOR INDUSTRIAL AUTOMATION 5G-TSN INTEGRATION FOR INDUSTRIAL AUTOMATION ✱ 4 AUGUST 27, 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ AUGUST 27, 2019 5 forIEEEStd802.3Ethernet,whichmeans theyutilizeallthebenefitsofstandardEthernet, suchasflexibility,ubiquityandcostsavings. TSNstandardscanbeseenasatoolbox thatincludesseveralvaluabletools,whichcan becategorizedintofourgroups:trafficshaping, resourcemanagement,timesynchronization andreliability,asshowninFigure2.Here,wefocus onlyontheTSNtoolsthatarestrongcandidatesfor earlyTSNdeploymentsinindustrialautomation. TSNguaranteestheworst-caselatencyforcritical databyvariousqueuingandshapingtechniques andbyreservingresourcesforcriticaltraffic. TheScheduledTrafficstandard(802.1Qbv) providestime-basedtrafficshaping.Ethernetframe preemption(802.3brand802.1Qbu),whichcan suspendthetransmissionofanon-criticalEthernet frame,isalsobeneficialtodecreaselatencyand latencyvariationofcriticaltraffic. Resourcemanagementbasicsaredefinedbythe TSNconfigurationmodels(802.1Qcc).Centralized NetworkConfiguration(CNC)canbeappliedtothe networkdevices(bridges),whereas,Centralized UserConfiguration(CUC)canbeappliedtouser devices(endstations).Thefullycentralized configurationmodelfollowsasoftware-defined networking(SDN)approach;inotherwords,the CNCandCUCprovidethecontrolplaneinstead ofdistributedprotocols.Incontrast,distributed controlprotocolsareappliedinthefullydistributed model,wherethereisnoCNCorCUC. Highavailability,asaresultofultra-reliability, isprovidedbyFrameReplicationandElimination forReliability(FRER)(802.1CB)fordataflows throughaper-packet-levelreliabilitymechanism. Thisprovidesreliabilitybytransmittingmultiple copiesofthesamedatapacketsoverdisjointpaths inthenetwork.Per-StreamFilteringandPolicing (802.1Qci)improvesreliabilitybyprotectingagainst bandwidthviolation,malfunctioningandmalicious behavior. TheTSNtoolfortimesynchronizationisthe 5Gdefinesextra-robusttransmissionmodesfor increasedreliabilityforbothdataandcontrolradio channels.Reliabilityisfurtherimprovedbyvarious techniques,suchasmulti-antennatransmission, theuseofmultiplecarriersandpacketduplication overindependentradiolinks. Timesynchronizationisembeddedintothe 5Gcellularradiosystemsasanessentialpartoftheir operation,whichhasalreadybeencommonpractice forearliercellularnetworkgenerations.Theradio networkcomponentsthemselvesarealsotime synchronized,forinstance,throughtheprecisiontime protocoltelecomprofile[4].Thisisagoodbasisto providesynchronizationfortime-criticalapplications. Figure1illustratesURLLCfeatures.Itshowsthat 5Gusestimesynchronizationforitsownoperations, aswellasthemultipleantennasandradiochannels thatprovidereliability.5Gbringsinredefined schemesforlowlatencyandresourcemanagement, whichcanbecombinedtoprovideultra-reliability andlowlatency. Besidesthe5GRANfeatures,the5Gsystem (5GS)alsoprovidessolutionsinthecorenetwork (CN)forEthernetnetworkingandURLLC.The5G CNsupportsnativeEthernetprotocoldataunit (PDU)sessions.5Gassiststheestablishment ofredundantuserplanepathsthroughthe5GS, includingRAN,theCNandthetransportnetwork. The5GSalsoallowsforaredundantuserplane separatelybetweentheRANandCNnodes, aswellasbetweentheUEandtheRANnodes. Time-SensitiveNetworking forconvergednetworks TSNprovidesguaranteeddatadeliveryina guaranteedtimewindow;thatis,boundedlow latency,low-delayvariationandextremelylowdata loss,asillustratedinFigure2.TSNsupportsvarious kindsofapplicationshavingdifferentQoS requirements:fromtime-and/ormission-critical datatraffic,forexample,closed-loopcontrol, tobest-efforttrafficoverasinglestandardEthernet networkinfrastructure;inotherwords,througha convergednetwork.Asaresult,TSNisanenabler of Industry4.0byprovidingflexibledataaccess andfullconnectivityforasmartfactory. Time-SensitiveNetworkingstandards TSNisasetofopenstandardsspecifiedby IEEE802.1[5].TSNstandardsareprimarily Figure 2 Valuable tools within the TSN toolbox that enable deployments in industrial automation Traffic shaping TSN Time synchronization Reliability Resource management CNC Guaranteed delivery in a guaranteed time window Latency Figure 1 5G URLLC overview Enhanced mobile broadband Ultra-reliable low-latency communication Massive machine-type communication Low latency NR slot = 14 OFDM symbols 5G URLLC 5G Time synchronization Reliability Resource management 5G system 5G ultra-reliable low- latency communication Latency Mini-slot gNB UL transmission UL grantUL scheduling request (SR) Skip SR-to-grant delay UE
  12. 12. 24 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ 2019 25 ✱ 5G-TSN INTEGRATION FOR INDUSTRIAL AUTOMATION 5G-TSN INTEGRATION FOR INDUSTRIAL AUTOMATION ✱ 6 AUGUST 27, 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ AUGUST 27, 2019 7 Figure3illustratesthe5G-TSNintegration, includingeachTSNcomponentshowninFigure2. Itshowsthefullycentralizedconfigurationmodel, whichistheonlyconfigurationmodelsupportedin 5Gphase2(3GPPRelease16). The5GSappearsfromtherestofthenetworkasa setofTSNbridges–onevirtualbridgeperUserPlane Function(UPF)asshowninthefigure.The5GS includesTSNTranslator(TT)functionalityforthe adaptationofthe5GStotheTSNdomain,bothfor theuserplaneandthecontrolplane,hidingthe5GS internalproceduresfromtheTSNbridgednetwork. The5GSprovidesTSNbridgeingressand egressportoperationsthroughtheTTfunctionality. Forinstance,theTTssupportholdandforward functionalityforde-jittering.Thefigureillustrates functionalitiesusinganexampleoftwouser equipments(UEs) withtwoPDUsessions supportingtwocorrelatedTSNstreamsfor redundancy.Butadeploymentmayonlyinclude onephysicalUEwithtwoPDUsessionsusing dual-connectivityinRAN.Thefigureillustrates thecasewhenthe5GSconnectsanendstation toabridgednetwork;however, the5GSmayalso interconnectbridges. Thesupportforbasebridgingfeaturesdescribed hereisapplicablewhetherthe5Gvirtualbridges areClassAorClassBcapable.The5GShasto supporttheLLDPfeaturesneededforthecontrol andmanagementofanindustrialnetwork,suchas forthediscoveryofthetopologyandthefeaturesof the5Gvirtualbridges.The5GSalsoneedstoadapt tothelooppreventionmethodappliedinthebridged network,whichmaybefullySDNcontrolledwithout anydistributedprotocolotherthanLLDP. 5GsupportingTime-SensitiveNetworking Ultra-reliabilitycanbeprovidedendtoendbythe applicationofFRERoverboththeTSNand5G domains.Thisrequiresdisjointpathsbetweenthe FRERendpointsoverbothdomains,asillustrated inFigure3. generalizedPrecisionTimeProtocol(gPTP) (802.1AS),whichisaprofileofthePrecisionTime Protocolstandard(IEEE1588).ThegPTPprovides reliabletimesynchronization,whichcanbeusedby otherTSNtools,suchasScheduledTraffic(802.1Qbv). ItisimportanttonotethatTSNstandardsare builtuponthebaseIEEE802.1bridgingstandards, someofwhichhavetobesupportedinTSN deploymentsaswell–includingindustrialautomation. AspecialsetofTSNstandardsarethe TSNprofilesbecauseaprofileselectsTSNtools anddescribestheiruseforaparticularusecase orvertical. Time-SensitiveNetworking forindustrialautomation TheIEC/IEEE60802profile[6]specifiesthe applicationofTSNforindustrialautomation,and alsogivesguidelinestowhat5Gneedstosupport. IEC/IEEE60802providesbasisforotherstandards targetinginteroperabilityinindustrialautomation. Forinstance,OpenPlatformCommunications (OPC)Foundation’sFieldLevelCommunications[7] initiativeaimsforonecommonmulti-vendor convergedTSNnetworkinfrastructure. TheIEC/IEEE60802profilewillspecifymultiple classesofdevices.Therewillbeatleasttwoclasses ofdevicesforbothdevicetypes–bridgesandend stations.Oneclassisfeaturerich(currentlycalled ClassA),andtheotherclassisconstrained(currently calledClassB),meaningthatitsupportsasmallerset offeatures.Bridgesandendstationsbelongingtothe sameclasshavethesamemandatoryandoptional TSNcapabilities. TheLinkLayerDiscoveryProtocol(LLDP) (802.1AB)ismandatoryforalldevicetypesand classesforthediscoveryofthenetworktopology andneighborinformation. Timesynchronizationisalsomandatoryforall devicetypesandclasses.Thecurrenttargetisto supportaminimumofthreetimedomainsforClass AandaminimumoftwotimedomainsforClassB. ClassAdevicesmustsupportawiderangeof TSNfunctions(suchasScheduledTraffic,Frame Preemption,Per-StreamFilteringandPolicing, FRERandTSNconfiguration),whichareoptional forClassBdevices. Integrated5GandTime-SensitiveNetworking 5GURLLCcapabilitiesprovideagoodmatchto TSNfeatures(asillustratedinFigures1and2). Thetwokeytechnologiescanbecombinedand integratedtoprovidedeterministicconnectivityend toend,suchasbetweeninput/output(I/O)devices andtheircontrollerpotentiallyresidinginanedge cloudforindustrialautomation.Theintegration includessupportforboththenecessarybase- bridgingfeaturesandtheTSNadd-ons. Figure 3 5GS integrated with TSN providing end-to-end deterministic connectivity 5G system SDN controller End-to-end Ethernet TSN FRER PDU session AF as TT PCF 5G control plane CUC control NETCONF/ RESTCONF I/O device (sensor/ activator) 5G user plane CUC End station End station Controller CNC TT TT UE UE gNB gNB UPF UPF TT TSN bridge TT TSN bridge TSN bridge TSN bridge CUC control PDU session 1 Virtual TSN bridge Virtual TSN bridge PDU session 2 Terms and abbreviations 5GS – 5G System | 5QI – 5G QoS Indicator | AF – Application Function | CN – Core Network | CNC – Centralized Network Configuration | CUC – Centralized User Configuration | FRER – Frame Replication and Elimination for Reliability | gNB – Next generation Node B (5G base station) | gPTP – Generalized Precision Time Protocol | I/O – Input/Output | IEC – International Electrotechnical Commission | IEEE – Institute of Electrical and Electronics Engineers | IOT – Internet of Things | LLDP – Link Layer Discovery Protocol | NR – New Radio | OFDM – Orthogonal Frequency Division Multiplexing | OPC – Open Platform Communications | PCF – Policy Control Function | PDU – Protocol Data Unit | SDN – Software-Defined Networking | TSN – Time-Sensitive Networking | TT – TSN Translator | UE – User Equipment | UL – Uplink | UPF – User Plane Function | URLLC – Ultra-Reliable Low-Latency Communication
  13. 13. 26 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ 2019 27 ✱ 5G-TSN INTEGRATION FOR INDUSTRIAL AUTOMATION 5G-TSN INTEGRATION FOR INDUSTRIAL AUTOMATION ✱ 8 AUGUST 27, 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ AUGUST 27, 2019 9 A5GUEcanbeconfiguredtoestablishtwoPDU sessionsthatareredundantintheuserplaneover the5Gnetwork[2].The3GPPmechanisminvolves theappropriateselectionofCNandRANnodes (UPFsand5Gbasestations(gNBs)),sothattheuser planepathsofthetwoPDUsessionsaredisjoint. TheRANcanprovidethedisjointuserplanepaths basedontheuseofthedual-connectivityfeature, whereasingleUEcansendandreceivedataoverthe airinterfacethroughtwoRANnodes. Theadditionalredundancy–includingUE redundancy–ispossiblefordevicesthatare equippedwithmultipleUEs.TheFRERendpoints areoutsideofthe5GS,whichmeansthat5Gdoes notneedtospecifyFRERfunctionalityitself. Also,thelogicalarchitecturedoesnotlimitthe implementationoptions,whichincludethesame physicaldeviceimplementingendstationandUE. RequirementsofaTSNstreamcanbefulfilledonly whenresourcemanagementallocatesthenetwork resourcesforeachhopalongthewholepath.Inline withTSNconfiguration(802.1Qcc),thisisachieved throughinteractionsbetweenthe5GSandCNC (seeFigure3).Theinterfacebetweenthe5GSand theCNCallowsfortheCNCtolearnthe characteristicsofthe5Gvirtualbridge,andforthe 5GStoestablishconnectionswithspecificparameters basedontheinformationreceivedfromtheCNC. Boundedlatencyrequiresdeterministicdelay from5GaswellasQoSalignmentbetweenthe TSNand5Gdomains.Notethat5Gcanprovidea directwirelesshopbetweencomponentsthatwould otherwisebeconnectedviaseveralhopsina traditionalindustrialwirelinenetwork.Ultimately, themostimportantfactoristhat5Gcanprovide deterministiclatency,whichtheCNCcandiscover togetherwithTSNfeaturessupportedbythe5GS. Forinstance,ifa5GvirtualbridgeactsasaClass ATSNbridge,thenthe5GSemulatestime- controlledpackettransmissioninlinewith ScheduledTraffic(802.1Qbv).Forthe5Gcontrol plane,theTTintheapplicationfunction(AF)ofthe 5GSreceivesthetransmissiontimeinformationof theTSNtrafficclassesfromtheCNC.Inthe5Guser plane,theTTattheUEandtheTTattheUPFcan regulatethetime-basedpackettransmission accordingly.TTinternaldetailsarenotspecifiedby 3GPPandareleftforimplementation.Forexample, aplay-out(de-jitter)bufferpertrafficclassisa possiblesolution.ThedifferentTSNtrafficclasses aremappedtodifferent5GQoSIndicators(5QIs) intheAFandthePolicyControlFunction(PCF) aspartoftheQoSalignmentbetweenthetwo domains,andthedifferent5QIsaretreated accordingtotheirQoSrequirements. Timesynchronization Timesynchronizationisakeycomponentinall cellularnetworks(illustratedbytheblack5GSclock inFigure3).Providingtimesynchronizationina 5G-TSNcombinedindustrialdeploymentbringsin newaspects.Inmostcases,enddevicesneedtime referenceregardlessofwhetheritisusedbyTSN bridgesfortheirinternaloperations.Bridgesalso requiretimereferenceiftheyuseaTSNfeature thatisbasedontime,suchasScheduledTraffic (802.1Qbv).ThegreenclocksinFigure3illustrate acasewhenbothbridgesandendstationsaretime synchronized. AsgPTPisthedefaulttimesynchronization solutionforTSN-basedindustrialautomation, the5GSneedstointerworkwiththegPTPofthe connectedTSNnetwork.The5GSmayactasa virtualgPTPtime-awaresystemandsupportthe forwardingofgPTPtimesynchronization informationbetweenendstationsandbridges throughthe5GuserplaneTTs.Theseaccount fortheresidencetimeofthe5GSinthetime synchronizationprocedure.Onespecialoptionis whenthe5GSclockactsasagrandmasterand providesthetimereferencenotonlywithinthe5GS, butalsototherestofthedevicesinthedeployment, includingconnectedTSNbridgesandendstations. Overall,5Gstandardizationhasaddressedthe keyaspectsneededfor5G-TSNintegration. Conclusion Together,5GandTime-SensitiveNetworking(TSN) canmeetthedemandingnetworkingrequirements ofIndustry4.0.The5G-TSNintegrationisakey topicofimportanceatEricsson,andweseethatthe combinationof5GandTSNisperfectforsmart factories,giventhefeaturesprovidedforultra- reliabilityandlowlatency.Thatsaid,acertainlevel ofintegrationofthetwotechnologiesisneeded toprovideanend-to-endEthernetconnectivityto meettheindustrialrequirements. Integratedtimesynchronizationviawireless5G andwiredTSNdomainsprovidesacommon referencetimeforindustrialendpoints.5G isalsointegratedwiththegivenTSNtoolused inaparticulardeploymenttoprovidebounded lowlatency.Thedisjointforwardingpathsofthe 5GandTSNsegmentsarealignedtoprovide end-to-endultra-reliabilityandhighavailability. Thefirststepofcontrolplaneintegrationisbeing carriedoutforasoftware-definednetworking-based approach(thefullycentralizedmodelofTSN). Fundamentally,5GandTSNincludethekey technologycomponentsrequiredforcombined deploymentinindustrialautomationandhigh availability. THE5G-TSNINTEGRATION ISAKEYTOPICOFIMPORTANCE ATERICSSON Further reading ❭ IEEE, Adaptive 5G Low-Latency Communication for Tactile Internet Services, in Proceedings of the IEEE, vol. 107, no. 2, pp. 325-349, February 2019, Sachs, J; Andersson, L. A. A.; Araújo, J; Curescu, C; Lundsjö, J; Rune, G; Steinbach, E; and Wikström, G, available at: http://ieeexplore.ieee.org/stamp/stamp. jsp?tp=&arnumber=8454733&isnumber=8626773 ❭ IEEE, Time-Sensitive Networking Standards, feature topic of IEEE Communications Standards Magazine, June 2018, Farkas, J; Lo Bello L; and Gunther, C, available at: https://ieeexplore.ieee.org/document/8412457 Papers available at: https://ieeexplore.ieee.org/xpl/tocresult.jsp?isnumber=8412445 ❭ Learn more about Ericsson Mission Critical and Broadband Networks at: https://www.ericsson.com/en/ networks/offerings/mission-critical-private-networks References 1. Ericsson Technology Review, Boosting smart manufacturing with 5G wireless connectivity, January 2019, Sachs, J.; Wallstedt, K.; Alriksson, F.; Eneroth, G., available at: https://www.ericsson.com/en/ericsson- technology-review/archive/2019/boosting-smart-manufacturing-with-5g-wireless-connectivity 2. 3GPP TS 23.501, System Architecture for the 5G System; Stage 2, available at: https://www.3gpp.org/ DynaReport/23501.htm 3. 3GPP TS 38.300, NR; NR and NG-RAN Overall Description; Stage 2, available at: https://www.3gpp.org/ DynaReport/38300.htm 4. ITU-T G.8275.1 Precision time protocol telecom profile for phase/time synchronization with full timing support from the network, available at: https://www.itu.int/rec/T-REC-G.8275.1/en 5. IEEE 802.1, Time-Sensitive Networking (TSN) Task Group, available at: http://www.ieee802.org/1/tsn 6. IEC/IEEE 60802 TSN Profile for Industrial Automation, available at: http://www.ieee802.org/1/tsn/iec- ieee-60802/ 7. OPC Foundation, Initiative: Field Level Communications (FLC) OPC Foundation extends OPC UA including TSN down to field level, April 2019, available at: https://opcfoundation.org/flc-pdf
  14. 14. 28 ERICSSON TECHNOLOGY REVIEW ✱ 2019 ✱ 5G-TSN INTEGRATION FOR INDUSTRIAL AUTOMATION 10 ERICSSON TECHNOLOGY REVIEW ✱ AUGUST 27, 2019 János Farkas ◆ is a principal researcher in the area of deterministic networking at Ericsson Research. He is the chair of the IEEE 802.1 Time- Sensitive Networking Task Group,editorandcontributor of multiple IEEE 802.1 standards. He is cochair of the IETF Deterministic Networking Working Group and coauthor of multiple drafts. He joined Ericsson Research in 1997. He holds a Ph.D. and M.Sc. in electrical engineering from the Budapest University of Technology and Economics in Hungary. Balázs Varga ◆ is an expert in multiservice networking at Ericsson Research. He is currently working on 5G-related technologies to integrate mobile, IP/multi-protocol label switching, Ethernet and industrial networks. He is active in related standardizations: 3GPP (RAN2, SA2), MEF Forum (IP Services), IETF (DetNet) and IEEE (TSN). Before joining Ericsson in 2010, he directed and coordinated activities of an R&D group responsible for the enhancement of a broadband service portfolio and related technologies at Telekom. He holds a Ph.D. and M.Sc. in electrical engineering from the Budapest University of Technology and Economics. György Miklós ◆ is a master researcher at Ericsson Research. Since joining Ericsson in 1998, he has worked on research topics including wireless LAN, ad hoc networking and mobile core network evolution. He has served as an Ericsson delegate in 3GPP for many years for 4G standardization. His current research interests include 5G industrial applications and redundancy support in mobile networks. He holds a Ph.D. and M.Sc. in informatics from the Budapest University of Technology and Economics. Joachim Sachs ◆ is a principal researcher at Ericsson Corporate Research in Stockholm, Sweden, where he coordinates research activities on 5G for industrial Internet of Things solutions and cross-industry research collaborations. He joined Ericsson in 1997 and has contributed to the standardization of 3G, 4G and 5G networks. He holds an Engineering Doctorate from the Technical University of Berlin, Germany, and was a visiting scholar at Stanford University in the US in 2009. theauthOrs Theauthorswould liketothank thefollowing peoplefortheir contributions tothisarticle: ShabnamSultana, AnnaLarmo, KunWang, TorstenDudda, Juan-Antonio Ibanez,MariletDe AndradeJardim, StefanoRuffini.
  15. 15. 30 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ 2019 31 ✱ IoT SECURITY MANAGEMENT IoT SECURITY MANAGEMENT ✱ 2 ERICSSON TECHNOLOGY REVIEW ✱ NOVEMBER 22, 2017 3NOVEMBER 22, 2017 ✱ ERICSSON TECHNOLOGY REVIEW theIoTserviceprovider,andthedevicesthat enabletheprovisionoftheIoTservice.The supportingactorsaretheIoTplatformservice provider,whoseroleistoprovidetheIoTplatform fortheIoTserviceprovider,andtheconnectivity serviceprovider,whoseroleistoprovide connectivityfortheIoTdevicesandservice. Thetrustworthinessofservicesandservice usedependsonhowtheactorsgovernidentities anddata,securityandprivacy,andthedegreeto whichtheycomplywiththeagreedpoliciesand regulations.Thecombinationofthesecurityand identityfunctionsisimportantfordefiningthe trustlevel.Forexample,hardware-basedtrust doesnothelpiftheapplicationdoesnotmakeuse ofit.Afullytrustedapplicationdoesnothelpif thecommunicationcannotbetrusted.AnE2E approachisthereforeessentialtoensuretrust amongallactorsacrossthesystem. E2EIoTsecurityarchitecture ThepurposeofanE2EIoTsecurityarchitecture istoensurethesecurityandprivacyofIoTservices, protecttheIoTsystemitselfandpreventIoT devicesfrombecomingasourceofattacks–a DistributedDenialofService(DDoS)attack,for example–againstothersystems. Figure3illustratesEricsson’sviewofhow securitycanbemanagedanddeployedinan E2EmannerthroughoutIoTdomainstomonitor Figure 1 E2E approach to security and identity Threat intelligence Legend: Security and identity management Security and identity functions Trust anchoring E2E security and identity management M M Domain security and identity management for devices and GWs Domain security and identity management for access and network Access and network Apps and cloud Domain security and identity management for apps and cloud Domain security and identity management for users M M M M SW SW SW As the diversity of IoT services and the number of connected devices continue to increase, the threats to IoT systems are changing and growing even faster. ■ Tocopewiththesethreats,theICTindustry needsacomprehensiveIoTsecurityandidentity managementsolutionthatisabletomanageand orchestratetheIoTcomponentshorizontally(from devicetoserviceandserviceuser)andvertically (fromhardwaretoapplication).Inadditiontothis, theabilitytoaddressbothsecurityandidentity fromtheIoTdeviceallthewayacrossthecomplete servicelifecyclewillalsobeessential. Figure1illustratesanE2Eapproachtosecurity andidentitythathighlightsthreekeyaspects: securityandidentitymanagement,securityand identityfunctions,andtrustanchoring. IoTactorsandtrust IoTsystemssupportnewbusinessmodels thatinvolvenewactorsinconjunctionwith traditionaltelecommunicationservices.Aside fromconsumersandmobilenetworkoperators, enterprises,verticals,partnerships,infrastructure, andservicesplayincreasinglyvitalroles.Allof theseactorsaffecttrust. Figure2presentsthemainandsupportingIoT actorsandtheirtrustrelationships.Thethreemain actorsinanIoTsolutionaretheIoTserviceuser, KEIJO MONONEN, PATRIK TEPPO, TIMO SUIHKO Industries everywhere are digitizing, which is creating a multitude of new security requirements for the Internet of Things (IoT). End-to-end (E2E) security management will be essential to ensuring security and privacy in the IoT, while simultaneously building strong identities and maintaining trust. FOR THE IoT Security Management END-TO-END
  16. 16. 32 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ 2019 33 ✱ IoT SECURITY MANAGEMENT IoT SECURITY MANAGEMENT ✱ 4 ERICSSON TECHNOLOGY REVIEW ✱ NOVEMBER 22, 2017 5NOVEMBER 22, 2017 ✱ ERICSSON TECHNOLOGY REVIEW andapplicationsecuritypolicies.Applicationlevel securitycanbeindependentofordependenton (federatedwith)theconnectivitylevelsecurity. Verticalsecurityfromhardwaretoapplicationcan beusedineverydomaintoprovidehardware-based rootoftrust,ensuringtheintegrityofthedomain. Thedomainsarebuiltontrustedhardwareand software.Whenrequiredbytheindustryandtheuse case,trustisanchoredtohardware. Thedomainsincludesecurityandprivacyfunctions tohandleidentityandaccessmanagement,data protectionandrighttoprivacy,networksecurity, logging,keyandcertificatemanagement,and platform/infrastructuresecurity(includingvirtuali- zationsecurityandhardware-basedrootoftrust). ForcriticalIoTservices,thelevelofsecurity functionsmustbesethighinaccordancewiththe riskmanagementresultsandserviceprovider securitypolicies.ForlesscriticalIoTservices, alowerlevelmaybesufficient. Securitypolicyandcompliancemanagement Business-optimalandtrust-centricIoTsecurityis dependentoncontinuousriskmanagementthat balancescriticality,cost,usabilityandeffectiveness tofulfilldifferenttypesofsecurityServiceLevel Agreementsinmulti-tenantIoTsystems.Since thecurrentmanagementofIoTsecurityisspotty atbest,itmustbetransformedintounified securitymanagementwithadaptiveprotection, detection,responseandcompliancedrivenby securitypolicies.Onlyinthisenvironmentcan serviceprovidersandtheircustomersleverage E2Enetworkandapplicationknowledgetosecure assetsacrossallcontexts. Ourvisionofsecuritypolicyandcompliance managementdefinessecuritypoliciesusingindustry standards,regulationandorganizationalpolicies. Thisapproachhelpstoautomatesecurityand privacycontrols,maintainthematadesiredlevel eveninachangingthreatlandscape,andshorten thereactiontimeinresponsetopotentialbreaches. Real-timevisibilityregardinggeneralandindustry- specificsecuritystandardsandregulationsmakesit possibleforIoTserviceproviderstoremediatepolicy violationsquicklyanddemonstratecomplianceto securityframeworks,includingISO,NIST,CSA, GDPRandCISbenchmarks,aswellasanenterprise’s ownsecurityandprivacypolicies.Havingthesecurity baselineconfigurationandcompliancefunctionat domainlevelensurestheautomatedhardeningofthe protectedassetsandsupportscontinuouscompliance monitoringinthedefinedsecuritybaseline. Domainlevelsecuritymanagementrequiresan accurateassetinventoryincludingalltheassetsthat mustbeprotectedinthemanageddomain,suchas authorizedIoTdevicesandsoftware.Automation ofassetdiscoveryandcontinuousmonitoringis essentialtokeeptheassetinventoryupdated.The vulnerabilityinformationisalsocorrelatedwith theassetinventorytomonitorandremediatethe vulnerabilitiesofprotectedassets. Rapiddetectionofattacksiscrucial.Security monitoringandanalyticsfunctionalitiesmusthave theabilitytoanalyzelogs,eventsanddatafrom IoTdomaincomponentscombinedwithexternal dataaboutthreatsandvulnerabilities.Machine learningtechnologymakesitpossibletolearnfrom andmakepredictionsbasedondata.Couplinga machinelearninganalyticsenginewithcentralthreat intelligenceimprovesthedetectionofzerodayattacks andreducestheresponsetimeforknownthreats. Ontopofamonitoringandanalyticsengine, solutionsrelatingtovulnerability,threat,fraudand riskmanagement,alongwithsecuritypolicyand orchestrationcomponents,arealsorequiredto automatesecuritycontrolsandmaintainthemat desiredlevelsinachangingthreatlandscape. Combiningtheinformationfeedsforvulnerability, threatandfraudmanagementresultsintimely AHIGHDEGREEOF AUTOMATIONISNECESSARY TOENSUREASWIFTRESPONSE TOANYIDENTIFIEDTHREATS ANDANOMALIES Figure 2 The main and supporting IoT actors and their trust relationships IoT service provider IoT service user Main trust relationship Supporting trust relationship IoT platform service provider Connectivity service provider Device and protect system resources and assets. The architecture consists of an E2E security and identity management layer, domain (device, gateway, access, platform and application) specific management layers, and security and identity functions in each domain component. AnIoTsystemspansfromthedeviceviadifferent networkinterfacestothecloudthathoststhe platformandapplicationsthatprovideservicesthat areconsumedbyIoTserviceusers.Eachelement ofthechainmustbeconsideredwhendesigningan E2EapproachtosecurityandidentityintheIoT. Thisapproachleveragesadvancedsecurity analyticsandmachinelearningtoprovidethreat, riskandfraudmanagementatbothE2Eanddomain managementlayers.Tomeetindustrysecurityand privacystandards,anE2Esecuritymanagement solutionmustalsobeinchargeofoverallsecurity andprivacypoliciesandcomplianceandbe abletocoordinateacrossamultitudeofdomain managementsystemsthroughtheestablishment ofcross-domainidentitiesandrelevantpolicies. Domainmanagementofsecurityandidentity functionswithindomainsensuresthatsecurityand identitiesareproperlymanaged,configuredand monitoredwithinthedomainaccordingtopolicies, regulations,andagreements.Vulnerabilityandsecurity baselinemanagementalsooccursatthedomain managementlayerbasedonE2Elevelpolicies. Accordingtothisapproach,theIoTservice providerisresponsibleformanagingIoTservice securityandidentitiesE2E,whereasdomain-level managementcanbedelegatedtotheIoTplatform serviceproviderandconnectivityserviceprovider. Figure3showshowtheIoTdomainsare managedbothhorizontallyandvertically. Horizontal(cross-domain)securityisrequiredat twolevels:connectivityandapplication.Depending onconnectivitytype,securitycontrolssuchas mutualauthenticationandencryptionofdatain transitareprovidedattheconnectivitylevel.On topofconnectivity,securityisprovidedatthe applicationlevelfromdevicetocloud,basedon identificationandaccessmanagementfunctions
  17. 17. 34 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ 2019 35 ✱ IoT SECURITY MANAGEMENT IoT SECURITY MANAGEMENT ✱ 6 ERICSSON TECHNOLOGY REVIEW ✱ NOVEMBER 22, 2017 7NOVEMBER 22, 2017 ✱ ERICSSON TECHNOLOGY REVIEW Theleveloftrustinthedeviceidentitydependsonthe strengthofauthenticationbothattheconnectivity (forexample,3GPP,Wi-Fiandfixed)andapplication layers.Fordeviceidentitytobetrusted,strong authenticationandfollow-upofthedeviceintegrity –withthehelpofhardware-basedrootoftrustinthe device,forexample–wouldbeneeded. Adevicewillhavedifferentidentifiersdepending onwhereitisinitslifecycle.Lifecyclemanagement ofdeviceidentitiesispartofthesecuritymanage- mentlayer.Morethanonesecuritymanagement domainisinvolvedwhenprovisioningidentities. ConnectivityandIoTserviceprovidercouldbe differentplayerswhereeachplayertakescareofits ownidentitylifecyclemanagement. Whenadeviceismanufactured,thevendorwill giveitanidentifierthatcouldhavedifferenttrust levels.Vendorcredentialscouldbeprotectedin hardware(preferred)ortheycouldbenothingmore thanaserialnumberprintedonthedevice.Thedevice hastobeauthenticatedbytheIoTsystem,andnewly givenidentifiersandcredentials(bootstrapprocess) willbeusedforconnectivityandapplicationaccesses. Identifiersandcredentialscanbechanged duringthedevicelifecycledependingondifferent triggerssuchasexpirationofcredentials,changeof serviceproviderandsoon.Connectivityidentities aredependentontheconnectivitytypeandhave differentlifecyclemanagementprocesses.For example,3GPPaccessisbasedonSIMidentities (IMSIandAKAcredentials).SIMsareeither physicallyremovableonesorSIMs(i.e.eUICC) thatcanberemotelyprovisioned[1]. The user identities are needed to identify the users of the services within the applications and cloud domain. There may be several different ways to verify (authenticate) the user identities such as single- or multi-factor authentication, federated authentication, or authentication tokens. Each of these provides a certain level of authentication strength. Duetolayeredsecuritymanagementarchitecture andtheinvolvementofseveralactors(including industries)intheIoT,anyidentityandaccess managementsolutionmustbeabletocooperate withandadapttoexternalidentityandaccess managementsystems.Ontopofidentification andauthentication,theremustalsobeaccess controlforuserssothatonlythepermitted servicesareauthorized. Threatintelligence Threatintelligenceisbuiltandsharedin communities.Therefore,acentralizedthreat intelligencesolutionmustbeabletointerface withdifferentthreatintelligencesourcestolearn aboutexistingandnewthreats.Consolidationand correlationofsecurityauditfeedsfromdifferent domainsarenecessarytoprovideaclearviewof threatinsightsacrossallIoTdomains. Automation and machine learning can be used to great advantage in threat intelligence, to create and share indicators of compromise that are actionable, timely, accurate and relevant to support strategic decision-making and to understand business risks in detail. Targeted threat intelligence feeds are a great way to generate customer-specific threat intelligence. TwoIoTusecases TwoconcreteexamplesofhowanE2Esecurity managementsolutioncanhelpaddressIoT challengesareprovidedbelow. DDoSdetectionandprevention InOctober2016,theMiraibotnetexploiteda vulnerabilityinIoTdevicestolaunchaDDoS attackagainstacriticalDNSserverthatdisrupteda numberoftheinternet’sbiggestwebsites,including PayPal,SpotifyandTwitter. Miraiwasdesignedtoexploitthesecurity weaknessesofmanyIoTdevices.Itcontinuously scansforIoTdevicesthatareaccessibleoverthe internetandareprotectedbyfactorydefaultor hardcodedusernamesandpasswords.Whenitfinds them,Miraiinfectsthedeviceswithmalwarethat forcesthemtoreporttoacentralcontrolserver,turning themintobotsthatcanbeusedinDDoSattacks. Strong detection and prevention mechanisms are needed against DDoS attacks that attempt Figure 3 E2E approach to security and identity Threat intelligence Legend: Security and identity management Security and identity functions Trust anchoring E2E security and identity management M M IoT deviceM IoT gatewayM Access and network connectivity M IoT app, platform and cloud M IoT user IoT device IoT gateway Access and network IoT app, platform and cloud IoT service user M Application Connectivity Device platform Connectivity Gateway platform Connectivity Network infrastructure Application Connectivity Cloud infrastructure Application andaccurateinformationforevaluatingpotential risksandhelpstodirecteffortsinprotectingthe mostexposedcriticalassets.Ahighdegreeof automationisnecessarytoensureaswiftresponse toanyidentifiedthreatsandanomalies. Since not all security breaches and attacks can be prevented, it is crucial to have an efficient security incident management process that ensures rapid response and recovery. Real-time insights and audit trails from tools such as security monitoring, analytics and log management help to find the root cause of an incident. The same information can be also used as the evidence in digital forensic investigations. Identitymanagement Themainpurposeofidentitymanagementisto managethelifecycleofidentitiesandprovide identification,authenticationandaccesscontrol servicesforidentities.Therearevariousidentitiesthat servedifferentpurposesintheIoTapproach,butthe mainonesarefordeviceanduseridentification.The othersareusedformanagementofdevices,functions andservices.Identifiersandkeysarealsousedto signdata,includingsoftwareandfirmware.These differentdeviceidentitiesareneededtoidentifythe devicesforconnectivitywithintheaccessandnetwork domains,andtoidentifydeviceapplicationsintheIoT platformandclouddomain.
  18. 18. 36 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ 2019 37 ✱ IoT SECURITY MANAGEMENT IoT SECURITY MANAGEMENT ✱ 8 ERICSSON TECHNOLOGY REVIEW ✱ NOVEMBER 22, 2017 9NOVEMBER 22, 2017 ✱ ERICSSON TECHNOLOGY REVIEW 1. GSMARemoteSIMProvisioningSpecifications,availableat:https://www.gsma.com/rsp/ 2. OfficialJournaloftheEuropeanUnion,May2016,Regulation(EU)2016/679,GeneralData ProtectionRegulation(GDPR),availableat: http://eur-lex.europa.eu/legal-content/EN/TXT/ PDF/?uri=CELEX:32016R0679&qid=1490179745294&from=en References Further reading 〉〉 Ericsson white paper, February 2017, IoT Security – Protecting the Networked Society, available at: https://www.ericsson.com/en/publications/white-papers/iot-security-protecting-the-networked-society 〉〉 Ericsson, Security Management, available at: https://www.ericsson.com/en/in-focus/security /security-management 〉〉 Ericsson,IdentityManagement,availableat:https://www.ericsson.com/en/in-focus/security/identity-management 〉〉 ETSI GS NFV-SEC 013, V3.1.1, February 2017, Network Functions Virtualisation (NFV) Release 3; Security; Security Management and Monitoring specification, available at: http://www.etsi.org/deliver /etsi_gs/NFV-SEC/001_099/013/03.01.01_60/gs_NFV-SEC013v030101p.pdf Keijo Mononen ◆ is general manager of Security Solutions at Ericsson. In this role he is responsible for end-to- end security management solutions including security automation and analytics. Mononen joined Ericsson in 1990andforthepast15years hehasheldleadingpositions in professional security services and in security technology development. HeholdsanM.Sc.incomputer science and engineering from Chalmers University of Technology in Gothenburg, Sweden. Patrik Teppo ◆ joined Ericsson in 1995 and is currently working as a security architect with the CTO Office, Architecture and Portfolio team. He is responsible for the security part of the Ericsson architecture and leads Ericsson’s IoT security architecture work. He holds a B.Sc. in software engineering from Blekinge Institute of Technology, Sweden. Timo Suihko ◆ joinedEricssonin1992 andiscurrentlyworkingasa seniorsecurityspecialistinthe EricssonNetworkSecurity, SecurityTechnologiesteam, whichbelongstoGroup FunctionTechnologyand EmergingBusiness.He holdsanM.Sc.fromHelsinki UniversityofTechnology. theauthors to saturate the network by exhausting the band- width capacity of the attacked site, the server resources or service availability. In our view, an optimal outbound DDoS (botnet) detection and mitigation solution includes remote attestation to verify device trustworthiness and detect malware, monitoring of outbound traffic, anomaly detection, infected entities isolation or blocking and setting of traffic limit policies. Optimal inbound DDoS detection and mitigation includes monitoring of inbound traffic, anomaly detection, setting of traffic limit policies and redirecting malicious traffic to a botnet sinkhole. Thesecuritymanagementlayerplaysacritical roleindetectingandmitigatingDDoSattacks. Inourframework,DDoSattacksaredetectedby thesecuritymonitoringandanalyticsfunctions throughtheobservationofdeviceandnetwork behaviorandidentificationofanomalies.Oncean anomalyisdetected,immediatemitigationactions canbetriggered. GDPRcompliance ThereisalegitimateexpectationinsocietythatIoT solutionswillbedesignedwithprivacyinmind.This isbecomingespeciallyevidentincertainjurisdictions: forexample,intheEuropeanUnionwiththenew GeneralDataProtectionRegulation(GDPR)[2]. Dataintegrity,dataconfidentiality,accountability andprivacybydesignareallfundamentaltothe protectionofsensitivepersonaldata.Suchdata canbeprotectedviaappropriateprivacycontrols. Thesecontrolsincludepersonaldataidentification andclassification,personaldatamanagement andfairdataprocessingpractices.Whenactual personaldatamightbeexposed,additionalprivacy protectivemeasureswillbeappliedsuchasdata encryptionanddataanonymization. AnotherfocusareaintheIoTsecuritydomain istheprivacybreachresponse.Dedicatedprivacy loggingandaudittrailfunctionalitycanbeusedto improvetheabilitytoprevent,detectandrespond toprivacybreachesinamorepromptandflexible way.Suchcapabilitieswillbeessentialtorespond toprivacybreachesswiftly(within72hours,as prescribedbytheGDPR). ImplementingaGDPRcompliancetoolinthe securitymanagementlayermakesiteasiertomeet GDPRrequirements.Todoitsjobright,itmust beabletoprovideidentificationandclassification ofpersonaldata,enforcementofdataprivacy policiesaccordingtotheGDPR,demonstrationof compliancetotheGDPR,anddetection,response andrecoveryfromprivacyincidents. Conclusion TheIoToffersawealthofnewopportunitiesfor serviceproviders.Thosewhowanttocapitalizeon themwithouttakingunduerisksneedasecurity solutionthatprovidescontinuousmonitoringof threats,vulnerabilities,risksandcompliance,along withautomatedremediation.Ericsson’sE2EIoT securityandidentitymanagementarchitecture isdesignedwiththisinmind,managingand orchestratingtheIoTdomainsbothhorizontally andvertically,andaddressingbothsecurityand identityfromtheIoTdevicethroughouttheservice lifecycle. Terms and abbreviations AKA–AuthenticationandKeyAgreement|CIS–CenterforInternetSecurity|CSA–CloudSecurityAlliance| DDoS–DistributedDenialofService|DNS–DomainNameSystem|E2E–end-to-end|eUICC–embeddedUniversal IntegratedCircuitCard|GDPR–GeneralDataProtectionRegulation|GW–gateway|IMSI–InternationalMobile SubscriberIdentity|IoT–InternetofThings|ISO–InternationalOrganizationforStandardization|NIST–National InstituteofStandardsandTechnology|SIM–SubscriberIdentityModule|SW–software
  19. 19. 38 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ 2019 39 ✱ DISTRIBUTED CLOUD DISTRIBUTED CLOUD ✱ 2 NOVEMBER 20, 2018 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ NOVEMBER 20, 2018 3 ofalargeamountofdatabetweenvehiclesandthe cloud,oftenwithreal-timecharacteristicswithin alimitedtimeframewhilethevehicleisinactive operation. Highdatavolume Lookingattheautomotiveindustry,weoftenfocus onthereal-timeusecasesforsafety,asdefinedby V2X/C-ITS(vehicletoeverything/cooperative intelligenttransportsystem),wherereal-time aspectssuchasshortlatencyarethemostsignificant requirements.However,theautomotiveindustry’s newmobilityservicesalsoplacehighdemandson networkcapacityduetotheextremeamountofdata thatmustbetransportedtoandfromhighlymobile devices,oftenwithnear-real-timecharacteristics. Dataneedstobetransportedwithinalimitedtime window(~30min/day),withavaryinggeographical concentrationofvehiclesusingamultitudeof differentnetworktechnologiesandconditions. Themarketforecaststhataregenerallyreferred toindicatethattheglobalnumberofconnected vehicleswillgrowtoapproximately700millionby 2025andthatthedatavolumetransmittedbetween Emerging use cases in the automotive industry – as well as in manufacturing industries where the first phases of the fourth industrial revolution are taking place – have created a variety of new requirements for networks and clouds. At Ericsson, we believe that distributed cloud is a key technology to support such use cases. CHRISTER BOBERG, MALGORZATA SVENSSON, BENEDEK KOVÁCS vehiclesandthecloudwillbearound100petabytes permonth.AtEricsson,however,weanticipatethat theautomotiveservicesofthenearfuturewillbe muchmoredemanding.Weestimatethatthedata trafficcouldreach10exabytesormorepermonthby 2025,whichisapproximately10,000timeslargerthan thepresentvolume.Gartnerrecentlyraisedthe expectationsfurtherinitslatestreport(June2018), estimatingthevolumetobeashighasoneterabyte permonthpervehicle[1]. Suchmassiveamountsofdatawillplacenew demandsontheradionetwork,asthemainpartis ULdata.Newbusinessmodelswillberequired,asa resultofthehighcostofhandlingmassiveamounts ofdata.AsexplainedintheAECC(AutomotiveEdge ComputingConsortium)whitepaper[2],thecurrent mobilecommunicationnetworkarchitecturesand conventionalcloudcomputingsystemsarenotfully optimizedtohandleallofthisdataeffectivelyona globalscale.Thewhitepapersuggestsmanypossible optimizationstoconsider–basedontheassumption thatmuchofthedatacouldbeanalyzedandfiltered atanearlystagetolimittheamountofdata transferred. Both 4G and 5G mobile networks are designed to enable the fourth industrial revolution by providing high bandwidth and low-latency communication on the radio interface for both downlink (DL) and uplink (UL) data. Distributed cloud exploits these features, enabling a distributed execution environment for applications to ensure performance, short latency, high reliability and data locality. ■ Distributedcloudmaintainstheflexibilityof cloudcomputingwhileatthesametimehidingthe complexityoftheinfrastructure,withapplication componentsplacedinanoptimallocationthat utilizesthekeycharacteristicsofdistributedcloud. Theautomotivesectorandmanymanufacturing industriesalreadyhaveusecasesthatmakethem verylikelytobeearlyadoptersofdistributed cloudtechnology. Next-generationautomotiveservices andtheirrequirements Mobilecommunicationinvehiclesisincreasing inimportanceastheautomotiveindustryworks tomakedrivingsafer,smooththeflowoftraffic, consumeenergymoreefficientlyandlower emissions.Automatedandintelligentdriving, thecreationanddistributionofadvancedmaps withreal-timedata,andadvanceddrivingassistance usingcloud-basedanalyticsofULvideostreams areallexamplesofemergingservicesthatrequire vehiclestobeconnectedtothecloud.Theseservices alsorequirenetworksthatcanfacilitatethetransfer A KEY ENABLER OF AUTOMOTIVE AND INDUSTRY 4.0 USE CASES Distributed cloud Definition of key terms ❭ Distributed cloud is a cloud execution environment for applications that is distributed across multiple sites, including the required connectivity between them, which is managed as one solution and perceived as such by the applications. ❭ Edge computing refers to the possibility of providing execution resources (compute and storage) with the adequate connectivity (networking) at close proximity to the data sources. ❭ The fourth industrial revolution is considered to be the fourth big step in industry modernization, enabled by cyber-physical systems, digitalization and ubiquitous connectivity provided by 5G and Internet of Things (IoT) technologies. It is also referred to as Industry 4.0.
  20. 20. 40 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ 2019 41 ✱ DISTRIBUTED CLOUD DISTRIBUTED CLOUD ✱ 4 NOVEMBER 20, 2018 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ NOVEMBER 20, 2018 5 datalocally.Thisreducesthetotalamountofdata exchangedbetweenvehiclesandcloudswhile enablingtheconnectedvehiclestoobtainfaster responses.Theconceptischaracterizedbythree keyaspects:alocalizednetwork,edgecomputing anddataexposure. Alocalizednetworkisalocalnetworkthatcovers alimitednumberofconnectedvehiclesinacertain area.Thissplitsthehugeamountofdatatrafficinto reasonablevolumesperareaofdatatrafficbetween vehiclesandtheclouds. Edgecomputingreferstothegeographical distributionofcomputationresourceswithinthe vicinityoftheterminationofthelocalizednetworks. Thisreducestheconcentrationofcomputationand shortenstheprocessingtimeneededtoconclude atransactionwithaconnectedvehicle. Dataexposuresecuresintegrationofthedata producedlocallybyutilizingthecombinationofthe localizednetworkandthedistributedcomputation. Bynarrowingrelevantinformationdowntoa specificarea,datacanberapidlyprocessedto integrateinformationandnotifyconnectedvehicles inrealtime.Theamountofdatathatneedstobe exchangediskepttoaminimum. Privateandlocalconnectivity Aspartofthefourthindustrialrevolution,industry verticalsandcommunicationserviceproviders (CSPs)aredefiningasetofnewusecasesfor5G[3]. Privatedeploymentsand5Gnetworksprovidedby CSPstomanufacturingcompanies,smartcitiesand otherdigitalindustriesareonthehorizonaswell. However,therearetwomainchallengestomobile networkoperators’abilitytodeliver.Thefirstisthe toughlatency,reliabilityandsecurityrequirements ofthesenewusecases.Thesecondisfiguringout howtoshieldtheindustriesfromthecomplexity oftheinfrastructure,toenableeaseofusewhen programmingandoperatingnetworks. Secureprivatenetworkswith centralizedoperations Securityanddataprivacyarekeyrequirements forindustrialnetworks.Insomecases,regulations orcompanypoliciesstipulatethatthedatamust notleavetheenterprisepremises.Inothercases, someorallofthedatamustbeavailableatremote locationsforpurposessuchasproductionanalytics oremergencyprocedures.Atypicalindustrial environmenthasmultipleapplicationsdeployedand operatedbydifferentthirdparties.Whatthismeans inpracticeisthatthesameon-premises,cloud-edge instancethatafactoryalreadyusesforbusiness supportandITsystemswouldalsoneedtosupport theconnectivityforitsrobotstointeractwitheach other.Asaresult,thereisarequirementofmulti- tenancyforboththedevicesandtheinfrastructure. Tactileinternetandaugmentedreality Augmentedreality(AR)andmachinelearning(ML) technologiesarewidelyrecognizedasthemain pillarsofthedigitalizationofindustries[4],and researchsuggeststhatwidedeploymentof interactivemediaapplicationswillhappenon5G networks.Manyobserversenvisiontheworker oftomorrowassomeonewhoisequippedwith eye-trackingsmartglasses[5]andtactilegloves ratherthanscrewdriversets[6].Human-to-machine applicationsrequirelowlatencywhiledemanding highnetworkbandwidthandheavycompute resources.Runningthemonthedeviceitself wouldresultinhighbatteryconsumptionandheat dissipation.Atthesametime,latencyrequirements donotallowtherunningofthecompleteapplication inlargecentraldatabasesduetothephysicallimits oflightspeedinopticalfibers. Topology-awarecloudcomputingandstorageis anexampleofonesuchsolutionthatprovideswhat wecallaglobalautomotivedistributededgecloud. Thelimitationontheamountofdatathatcanbe effectivelytransportedoverthecellularnetwork mustnotbeallowedtoaffecttheserviceexperience negatively,asthatwouldhindertheevolutionofnew automotiveservices.Itisthereforenecessaryto increasecapacity,availabilityandcoverageaswellas findingappropriatemechanismstolimittheamount ofdatatransferred.Orchestratingapplicationsand theirdifferentcomponentsrunninginamultitudeof differentcloudsfromdifferentvendorsisoneofthe challenges.Vehiclesconnectingtonetworkswithout anexistingapplicationedgeinfrastructureis another. Theplacementofapplicationcomponentsat edgesdependsonthebehavioroftheapplication andtheavailableinfrastructureresources. Whendealingwithhighlymobiledevicesthat connecttoamultitudeofnetworks,itmustbe possibletomoveexecutionoftheedgeapplication automaticallywhenamoreappropriatelocation forthevehicleisdiscovered.Someapplications requiretransferofpreviouslyanalyzeddataand findingstothenewlocation,whereanewapplication componentinstancewillseamlesslytakeovertoserve themovingvehicle. Distributedcomputingonalocalizednetwork Wehavedevelopedtheconceptofdistributed computingonalocalizednetworktosolvethe problemsofdataprocessingandtrafficinexisting mobileandcloudsystems.Inthisconcept,several localizednetworksaccommodatetheconnectivity ofvehiclesintheirrespectiveareasofcoverage. AsshowninFigure1,computationpowerisadded totheselocalizednetworks,sothattheycanprocess Figure 1 High-volume data automotive services and their characteristics Local Regional Regional DCLocal DC MTSO MTSO MTSO H National DC National sitesLocal and regional sites Service exposure HD maps HD maps Data exposure for automotive services Access sites Hub sites Video stream ECU sensors HD maps Video stream ECU sensors HD maps Mobile telephone switching office Intelligent driving Intelligent driving Advanced driver assistance Advanced driver assistance Huge amount of data INDUSTRYVERTICALS ANDCOMMUNICATION SERVICEPROVIDERSARE DEFININGASETOFNEW USECASESFOR5G
  21. 21. 42 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ 2019 43 ✱ DISTRIBUTED CLOUD DISTRIBUTED CLOUD ✱ 6 NOVEMBER 20, 2018 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ NOVEMBER 20, 2018 7 models.Oneexampleofapossiblescenarioisfora CSPtoofferconnectivityandacloudexecution environmenttoenterprisesasaservice.Inthiscase, aCSPmanagesthecomputationandconnectivity resources,butthesearelocatedattheenterprise premises.Theapplicationcharacteristicsdetermine theplacementofapplicationsatvariousgeolocations. InthecaseofAR/VRandimagerecognition applicationsusedbytechnicianstofixabroken powerstation,forexample,itwouldbemosteffective toplacethemclosetothebrokenpowerstation. Edgecomputing Ourdistributedcloudsolutionenablesedge computing,whichmanyapplicationsrequire. Wedefineedgecomputingastheabilitytoprovide executionresources(specificallycomputeand storage)withadequateconnectivityatclose proximitytothedatasources. Intheautomotiveusecase,thenetworkis designedtosplitdatatrafficintoseverallocations thatcoverreasonablenumbersofconnected vehicles.Thecomputationresourcesare hierarchicallydistributedandlayeredinatopology- awarefashiontoaccommodatelocalizeddataandto allowlargevolumesofdatatobeprocessedina timelymanner.Inthisinfrastructureframework, localizeddatacollectedvialocalandwidearea networksisstoredinthecentralcloudandintegrated AsimpleARapplicationanditsmaincomponents areshowninFigure2.Thecomponentsofthe applicationcouldbeexecutedeitheronthedevice itself,theedgeserverorinthecentralcloud. Deployingapplicationcomponentsatthenetwork edgemaymakeitpossibletooffloadthedevicewhile maintainingshortlatency.Edgecomputeisalso optimizingtheflowwhencoordinationisrequired– forexample,whenusingmultiplereal-timecamera feedstodeterminethe3Dpositionofobjects,also asshowninFigure2.Furthermore,advancedcloud softwareasaservice–ML,analyticsandDBsasa service,forexample–mayalsobeprovidedonthe edgesite. Ourdistributedcloudsolution Ericssonhasdevelopedadistributedcloudsolution thatprovidestherequiredcapabilitiestosupport theusecasesofthefourthindustrialrevolution, includingprivateandlocalizednetworks.Our solutionsatisfiesthespecificsecurityrequirements neededtodigitalizeindustrialoperations,with automotivebeingoneofthekeyusecases.Ericsson’s distributedcloudsolutionprovidesedgecomputing andmeetsend-to-endnetworkrequirementsaswell asofferingmanagement,orchestrationandexposure forthenetworkandcloudresourcestogether. AsshowninFigure3,wedefinethedistributed cloudasacloudexecutionenvironmentthatis geographicallydistributedacrossmultiplesites, includingtherequiredconnectivityinbetween, managedasoneentityandperceivedassuchby applications.Thekeycharacteristicofour distributedcloudisabstractionofcloud infrastructureresources,wherethecomplexityof resourceallocationishiddentoauserorapplication. Ourdistributedcloudsolutionisbasedonsoftware- definednetworking,NetworkFunctions Virtualization(NFV)and3GPPedgecomputing technologiestoenablemulti-accessandmulti-cloud capabilitiesandunlocknetworkstoprovideanopen platformforapplicationinnovations.Inthe managementdimension,distributedcloudoffers automateddeploymentinheterogeneousclouds. ThiscouldbeprovidedbymultipleCSPs,where workloadplacementispolicydrivenandbased onvariousexternalizedcriteria. Toenablemonetizationandapplicationinnovation, distributedcloudcapabilitiesareexposedon marketplacesprovidedbyEricsson,thirdparties andCSPs.Thedistributedcloudcapabilitiescanbe offeredaccordingtovariousbusinessandoperational Figure 3 Distributed cloud architecture Service and resource orchestration Any workload Access sites Local and regional DC sites National sites Anywhere in the network End-to-end orchestration Marketplace Service exposure Global clouds Public safety Automotive FWA Factory Video streaming Metering APP APP VNF VNF APP APP APP VNF VNF VNF VNF VNFVNF Figure 2 An AR application and its modules optimized for edge computing Capturing Preprocessing Object detection feature extraction Recognition database match DB Display Tracking and annotation Position estimation Template matching IoT device/user equipment -20ms BW reduction -20ms/frame Computation heavy -20ms Computation heavy Multiple device data aggregation -100ms Requires access to central storage Edge site National site OURDISTRIBUTED CLOUDSOLUTIONENABLES EDGECOMPUTING,WHICH MANYAPPLICATIONS REQUIRE

×