The objective of thte Arrowhead Framework architecture is to facilitate the creation of local clouds, that implement a set of fundamental services potentially used by all applications system of systems.

To facilitate this, the Service Oriented Architecture (SOA) paradigm is used. Thus the following important properties are considered as important starting points:

Loose coupling

  • Autonomy - a service exchange is not supervised.
  • Distributed - services are distributed over several devices.
  • A system is responsible, owns the information and can decide whom to share with

Late binding

  • Possible to use information any time by connecting to the correct resource at a given time

 Lookup

  • Publish and register services to notify others about endpoints (how to reach me)
  • Discover others that I comply with (expected/wanted service type)

The design of the Arrowhead Framework is further based on the following fundamental approaches:

  • Information-centric
  • Information assurance provided at service exchange level

The local cloud concept takes the view that specific geographically local automation tasks should be encapsulated and protected. These tasks have strong requirements on real time, ease of engineering, operation and maintenance and in addition system security and safety. The local cloud idea is to let the local cloud include the devices and systems required to perform the desired automation tasks. So providing a local room which can be protected from outside activities.

An Arrowhead Framework local cloud should provide a number of properties important to automation. Some of these properties are related to cloud technology as such. Others are related to real time, engineering, security, scalability and functionality. These properties are summarised as:

Self contained: no external resources needed to establish the local cloud.

  • Device, System and Service registry
  • Service orchestration: SoS run time configuration
  • Service authentication and authorisation

Automation support

  • Support for automation system design, configuration, deployment, operation and maintenance
  • Enabling event based information exchange
  • Enabling information exchange audit
  • Support for communication QoS

Provide a security fence to external networks

  • Secure bootstrapping and software update
  • Support for device, system and service meta data
  • Support for protocol and semantics transparency
  • Support for secure administration and data exchange with external resources

Arrowhead Framework defines three different classes of local cloud services:

  • Mandatory core services
  • Automation support core services
  • Application services

A local Arrowhead Framework cloud can compared to global cloud provide improvements and guarantees regarding:

  • Real time data handling
  • Data and system security
  • Automation system engineering
  • Scalability of automation systems

In a SOA context a few cloud properties are necessary to create a service cloud. First a system that provides a service have to register the service with the cloud. Secondly it should be possible to discovery all registered services.

The registration of any service to a local cloud should be possible to restrict, Thus the service registry have to consult the authentication and authorisation service before allowing the service registration to the local cloud. This is illustrated in Figure \ref{fig:service_registry_authentication} This gives a way to prevent unwanted or malicious systems to register services with the local cloud.

Lets assume the we register a number of services to create an automation control loop. For example sensor data has to be provided to a controller which will output set-points to an actuator. In a local cloud this is enabled by a sensing service providing data to a controller service which in turn provides an actuation set-point service to an actuation service.

The control loop specific service exchanges are determined by through the orchestration. Thus orchestration is an essential functionality of a local automation cloud. This sequence diagram shows a controller pull of sensor data and the actuator subscribing to control event, a data push from the controller to the actuator if a change is necessary.

In an orchestrated control loop it's obvious that it is important that the involved systems can be identified and authenticated and that for each service exchange the service consumer can be authorised for that specific service exchange. Thus to provide internal security a control loop within a local cloud both authentication and authorisation of a system and its service exchanges have to be established. Thus authentication and authorisation services are important to provide in a local automation cloud.

The here described local cloud services are the minimal set of service necessary to create a local cloud having internal security mechanisms. In Arrowhead Framework these services are provided by:

  • ServiceRegistry system
  • Authorisation system
  • Orchestration system