CN-121984998-A - MQTT edge-to-service based monitoring and data acquisition method and system

Abstract

The invention discloses a SCADA method and a SCADA system based on MQTT edge-to-service, and belongs to the technical field of industrial Internet of things. The system adopts five layers of architecture of an equipment layer, an edge layer, a centralized management and control layer, a development layer and a safety isolation layer. The method is characterized in that edge nodes collect multi-protocol industrial equipment data at high frequency, edge controller integration MQTTBroker and sFTP deployed in a DMZ zone serve to achieve data aggregation, edge calculation and off-network caching, and upload the data to a central server through independent double channels, and the central server performs centralized monitoring, analysis and instruction issuing. The development layer realizes configuration multiplexing through a unified information model. The security layer combines DMZ isolation, double firewalls and transport encryption to construct deep protection. The system solves the problems of difficult expansion, poor heterogeneous compatibility, low remote operation and maintenance efficiency and the like of the traditional SCADA system, and realizes the distributed monitoring with low cost, high safety and easy expansion.

Inventors

• MA JIN
• QIAN ZHIHAO
• FU LIN
• LU XINYU

Assignees

• 宏集科技(上海)有限公司

Dates

Publication Date

20260505

Application Date

20260116

Claims (10)

1. 1. The method for monitoring and data acquisition based on MQTT edge-to-service is characterized by comprising the following steps: Collecting operation data of the industrial field device through at least one industrial communication protocol by an edge node arranged at the side of the industrial field device, and carrying out standardized preprocessing on the collected original operation data to generate a normalized data unit; receiving the reduced data units from one or more edge nodes by an edge controller arranged in a network isolation area, performing edge-side analysis and calculation on the reduced data units to generate a local control instruction or an alarm event, and storing the reduced data units to be uploaded in a local nonvolatile memory when the connection interruption with an upper network is identified; The real-time data message obtained through the edge side analysis and calculation and the non-real-time file data comprising the application program package and the configuration parameters are respectively transmitted through a first independent communication channel and a second independent communication channel which are established between the edge controller and a remote central server; analyzing, storing and centrally monitoring the received real-time data message by the central server, generating a downlink control instruction based on a global monitoring result, and transmitting the downlink control instruction to the edge controller through the first independent communication channel; In the data communication process between the edge controller and the central server, composite security policies including transmission channel encryption, network port access control and logical subnet isolation are implemented.
2. 2. The MQTT edge-to-service based monitoring and data collection method of claim 1, wherein the collecting of operational data by the edge node deployed on the industrial field device side comprises: The edge node is configured to support a plurality of heterogeneous industrial control protocols to accommodate different vendors or models of the industrial field devices; the edge node polls a data register of the industrial field device at a preset acquisition period, the duration of the acquisition period being set to be significantly shorter than a data refresh interval of a conventional monitoring system.
3. 3. The MQTT edge-to-service based monitoring and data collection method of claim 1, wherein the edge-side analysis of the normalized data units and management of local storage comprises: The edge controller is internally integrated with a message proxy service instance and a security file transmission service instance to form a complete local communication hub; When the network link between the edge controller and the central server is interrupted, the switching from the online transmission mode to the local cache mode is automatically executed, the reduced data units are sequentially written into the local storage array, and after the network link is restored, continuous transmission is automatically started from the last successfully transmitted data sequence point.
4. 4. The MQTT edge-to-service based monitoring and data collection method of claim 1, wherein the transmitting data over the first and second independent communication channels, respectively, comprises: transmitting on the first independent communication channel using a first level of message quality of service for device status telemetry data uploaded from the edge controller to the central server; For device control instructions issued from the central server to the edge controller, transmitting using a second level of message quality of service higher than the first level over the first independent communication channel.
5. 5. The MQTT edge-to-service based monitoring and data collection method of claim 1, wherein the parsing, storing and centralized monitoring of the real-time data messages by the central server comprises: Temporarily storing the continuously arrived real-time data messages in a memory database to support real-time data display and refreshing of a monitoring interface; and according to a predefined archiving strategy, transferring the historical data temporarily stored in the memory database to a relational database in batches for long-term persistent storage.
6. 6. The MQTT edge-to-service based monitoring and data collection method of claim 1, further comprising system configuration and maintenance: The data model, business logic and application functions of the edge node, the edge controller and the central server are subjected to visual configuration and program development through a unified integrated development platform; And remotely installing the developed application configuration package to target equipment through a deployment tool provided by the integrated development platform, and monitoring the running state index of the target equipment.
7. 7. The MQTT edge-to-service based monitoring and data collection method of claim 6, wherein, The visual configuration and program development of the data model, the business logic and the application function comprise the following steps: A unified information model architecture is defined that maintains consistency between the edge controllers and the central server, the architecture specifying the type, attributes, interrelationships, and triggerable methods of data points.
8. 8. The MQTT edge-to-service based monitoring and data collection method of claim 1, wherein the enforcing the composite security policy comprises: applying a transport layer security protocol to the real-time data message transmitted through the first independent communication channel for end-to-end encryption; encrypting the non-real time file data transmitted over the second independent communication channel using a secure shell protocol; A firewall device performing a packet filtering policy is deployed between the network isolation region and the internal enterprise network, the access control list of the firewall device configured to allow communication only with a particular network port corresponding to a preset business service.
9. 9. An MQTT edge-to-service based monitoring and data collection system for implementing the MQTT-edge-to-service based monitoring and data collection method of any one of claims 1 to 8, comprising: a data acquisition module implemented by the edge node, configured to acquire operational data from an industrial field device and perform standardized preprocessing; An edge computation and caching module implemented by the edge controller configured to aggregate and process data from the plurality of data acquisition modules and provide local data storage capabilities; The central management module is realized by the central server and is configured to provide data persistence, global monitoring and control instruction issuing functions; An operation and maintenance module, which is realized by the integrated development platform and is configured to provide configuration, development, deployment and monitoring functions of the system components; and the network security module is realized by the firewall equipment and the encryption communication protocol stack and is configured to provide security guarantee on the whole system data transmission path.
10. 10. A computer-readable storage medium storing computer-executable instructions that, when executed by a processor, cause the processor to perform the MQTT-edge-to-service-based monitoring and data collection method of any one of claims 1 to 8.

Description

MQTT edge-to-service based monitoring and data acquisition method and system Technical Field The invention provides a monitoring and data acquisition method and system based on MQTT edge-to-service, and belongs to the technical field of industrial Internet of things. Background In the current industrial field, enterprises generally face two core pain points in the management of cross-region multi-site facilities, namely, the field maintenance cost is high, the scale is difficult, the traditional SCADA system relies on frequent field maintenance of professionals to carry out equipment debugging, fault checking and system upgrading, traveling and labor cost are high, and the management requirements of hundreds of distributed sites are difficult to adapt, and the heterogeneous system fragmentation and safety risks are prominent, industrial equipment (such as PLC (programmable logic controller), sensors and executors) of different brands and versions adopt different communication protocols such as Modbus and OPCUA to form a 'data island', and the safety problems such as data leakage and malicious attack are easily caused due to lack of effective isolation when IT (information technology) and OT (operation technology) networks are directly interacted. Although the improvement direction of the existing SCADA system is evolved towards the 'edge + cloud', the method still has obvious limitations that part of schemes excessively depend on public cloud, so that an edge side cannot independently operate when a network is interrupted, part of schemes depend on external middleware to realize data communication, deployment complexity and maintenance cost are increased, and a unified data model is not established, and the edge is inconsistent with a central data structure, so that data integration efficiency is low and engineering configuration is repeated. These problems make it difficult for conventional SCADA systems to meet the digital conversion needs of industrial enterprises for "decentralized collection, centralized management and control, safe and reliable, low-cost operation and maintenance". Disclosure of Invention The invention provides a monitoring and data acquisition method and system based on MQTT edge-to-service, which are used for solving the problems that the traditional centralized SCADA system in the prior art is difficult to realize safe and controllable low-cost large-scale operation and maintenance under a cross-region multi-site scene due to four core contradictions of architecture rigidness, protocol isomerism, network dependence and security, and the adopted technical scheme is as follows: A monitoring and data acquisition method based on MQTT edge-to-service comprises the following steps: Collecting operation data of the industrial field device through at least one industrial communication protocol by an edge node arranged at the side of the industrial field device, and carrying out standardized preprocessing on the collected original operation data to generate a normalized data unit; receiving the reduced data units from one or more edge nodes by an edge controller arranged in a network isolation area, performing edge-side analysis and calculation on the reduced data units to generate a local control instruction or an alarm event, and storing the reduced data units to be uploaded in a local nonvolatile memory when the connection interruption with an upper network is identified; The real-time data message obtained through the edge side analysis and calculation and the non-real-time file data comprising the application program package and the configuration parameters are respectively transmitted through a first independent communication channel and a second independent communication channel which are established between the edge controller and a remote central server; analyzing, storing and centrally monitoring the received real-time data message by the central server, generating a downlink control instruction based on a global monitoring result, and transmitting the downlink control instruction to the edge controller through the first independent communication channel; In the data communication process between the edge controller and the central server, composite security policies including transmission channel encryption, network port access control and logical subnet isolation are implemented. Further, the collecting, by an edge node disposed at the industrial field device side, operation data includes: The edge node is configured to support a plurality of heterogeneous industrial control protocols to accommodate different vendors or models of the industrial field devices; the edge node polls a data register of the industrial field device at a preset acquisition period, the duration of the acquisition period being set to be significantly shorter than a data refresh interval of a conventional monitoring system. Further, the performing edge-side analysis calculation on the normalized data unit