US-12621277-B2 - Virtual gateway proxy

Abstract

The system and method in accordance with the present disclosure include an edge gateway to separate insecure protocols from the cloud and to securely transmit data to the cloud over a physical medium. Embodiments also include a virtual gateway that executes in a secure environment, and an adapter that enables a developer to have an endpoint to push data into an already segmented data area provided by the virtual gateway. The system and method allow a developer to publish data virtually to a data aggregator from a developer machine, or to publish data from a first gateway to a second virtual gateway to a data aggregator.

Inventors

• Clinton Chapman
• Felipe Klein
• Prince Mathew Samuel
• Gang Qu
• Akshay Hemant Dhavale

Assignees

• SCHLUMBERGER TECHNOLOGY CORPORATION

Dates

Publication Date

20260505

Application Date

20231208

Claims (19)

1. 1 . A method for publishing edge data to a data aggregator from an edge system, the edge system including a gateway and a developer machine, the method comprising: initiating, by a developer adapter, communication with a gateway adapter, wherein the developer adapter includes a first adapter that executes in the developer machine, and a second adapter and the gateway adapter that execute in the gateway, the first adapter and the second adapter enabling communication of the edge data between the developer machine and the gateway, the gateway adapter enabling communication of the edge data between the gateway and the data aggregator, wherein the gateway adapter performs connection management and data translation between the gateway and the data aggregator, wherein the gateway adapter resides in a segmented data area on the gateway, provides a programmatic interface to receive requests from a web service, wherein the requests are proxied by the developer adapter, and provides the web service employing secure protocols for authentication and authorization; encrypting communications between the developer adapter and the gateway adapter; communicating, by the gateway, with the developer machine and managing, by the gateway, the edge data provided by the developer machine; partitioning, by the gateway, the edge data; and securely transmitting the partitioned edge data to the data aggregator and on to a landing point.
2. 2 . The method of claim 1 , wherein the gateway executes on a physical system, a virtual machine, the data aggregator, the developer machine, or a combination thereof.
3. 3 . The method of claim 1 , wherein the gateway communicates with the developer machine using transmission control protocol/user datagram protocol (TCP/UDP) ports and/or hardware ports, wherein the TCP/UDP ports include message queuing telemetry transport (MQTT)/advanced message queuing protocol (AMQP), hypertext transfer protocol secure (HTTPS), remote dictionary server (Redis), or other web services, and hardware ports, wherein the hardware ports include serial ports, universal serial bus (USB) ports, and network ports.
4. 4 . The method of claim 1 , further comprising: managing the gateway by device management software.
5. 5 . The method of claim 4 , wherein the managing the gateway is local to the gateway.
6. 6 . The method of claim 4 , wherein the managing the gateway is remote to the gateway.
7. 7 . The method of claim 1 , wherein the gateway comprises: a routing message broker.
8. 8 . The method of claim 7 , wherein the first adapter resides in a segmented data area on the developer machine, wherein the developer adapter provides a programmatic interface that proxies calls to the gateway adapter for connections to the routing message broker, wherein the programmatic interface provides proxied services to web services provided on the gateway, and provides synchronized file storage on an area of the developer machine to a storage area allocated to the gateway adapter on the gateway.
9. 9 . The method of claim 1 , wherein the gateway comprises: components that (a) provide web services, (b) compute, transform, store, transmit, and receive the edge data, and (c) manage security, deployment, and monitoring services.
10. 10 . The method of claim 1 , wherein the edge data comprises: the edge data acquired using protocols which are insecure, the edge data transformed into a secure protocol for transmission to the data aggregator, or the edge data contextualized based upon a configuration at the gateway.
11. 11 . The method of claim 1 , wherein securely transmitting comprises: transmitting over a physical medium by cellular, satellite, WiFi, or Ethernet protocols.
12. 12 . The method of claim 1 , wherein the gateway communicates with another gateway.
13. 13 . A computing system for publishing edge data to a data aggregator from an edge system, the edge system including a gateway and a developer machine, the computing system including one or more processors and operations that execute instructions comprising: initiating, by a developer adapter, communication with a gateway adapter, the developer adapter including a first adapter and a second adapter, wherein the first adapter executes in the developer machine and the second adapter and the gateway adapter execute in the gateway, wherein the first adapter resides in a segmented data area on the developer machine, wherein the developer adapter provides a programmatic interface that proxies calls to the gateway adapter for connections to a routing message broker, and provides synchronized file storage on an area of the developer machine to a storage area allocated to the gateway adapter on the gateway, wherein the programmatic interface provides proxied services to web services provided on the gateway; encrypting, by the gateway, communications between the developer adapter and the gateway adapter; communicating, by the gateway, with the developer machine and managing, by the gateway, the edge data provided by the developer machine, wherein the gateway communicates with the developer machine using transmission control protocol/user datagram protocol (TCP/UDP) ports and/or hardware ports, wherein the TCP/UDP ports include message queuing telemetry transport (MQTT)/advanced message queuing protocol (AMQP), hypertext transfer protocol secure (HTTPS), remote dictionary server (Redis), or other web services, wherein the hardware ports include serial ports, universal serial bus (USB) ports, and network ports; partitioning, by the gateway, the edge data, wherein the edge data includes information acquired using protocols which are insecure, information transformed into a secure protocol for transmission to the data aggregator, or information contextualized based upon a configuration at the gateway; securely transmitting, by the gateway, the partitioned edge data to the data aggregator and on to a landing point, wherein securely transmitting includes transmitting over a physical medium by cellular, satellite, WiFi, or Ethernet protocols; and enabling displaying the edge data at the landing point.
14. 14 . The computing system of claim 13 , wherein the gateway executes on a physical system, a virtual machine, the data aggregator, the developer machine, or a combination thereof.
15. 15 . The computing system of claim 13 , wherein the instructions further comprise: remotely managing the gateway by device management software.
16. 16 . The computing system of claim 13 , wherein the gateway comprises: the routing message broker.
17. 17 . The computing system of claim 13 , wherein the gateway comprises: components that (a) provide the web services, (b) compute, transform, store, transmit, and receive the edge data, and (c) manage security, deployment, and monitoring services.
18. 18 . The computing system of claim 13 , wherein the gateway adapter resides in a segmented data area on the gateway, provides a programmatic interface to receive requests from a web service, wherein the requests are proxied by the developer adapter, and provides the web service employing secure protocols for authentication and authorization.
19. 19 . A non-transitory computer-readable medium storing instructions for publishing edge data to a data aggregator from an edge system, the edge system including a gateway and a developer machine, the instructions, when executed by one or more processors of a computing system, cause the computing system to perform operations, the operations comprising: deploying the gateway to handle the edge data provided by the edge system, wherein the gateway: executes on a physical system, a virtual machine, the data aggregator, and the developer machine, communicates with the developer machine using transmission control protocol/user datagram protocol (TCP/UDP) ports, wherein the TCP/UDP ports include message queuing telemetry transport (MQTT)/advanced message queuing protocol (AMQP), hypertext transfer protocol secure (HTTPS), remote dictionary server (Redis), or other web services, and/or hardware ports, wherein the hardware ports include serial ports and/or universal serial bus (USB) ports and/or network ports, is managed by device management software, wherein the management is local and/or remote, contains a routing message broker, and includes components that (a) provide the web services, (b) compute, transform, store, transmit, and receive the edge data, and (c) manage security, deployment, and monitoring services; deploying a developer adapter including a first adapter executing on the developer machine and a second adapter and a gateway adapter executing on the gateway, wherein: the first adapter resides in a segmented data area on the developer machine, the second adapter and the gateway adapter reside in a segmented data area on the gateway, the developer adapter provides a first programmatic interface that proxies calls to the gateway adapter for connections to the routing message broker, the developer adapter provides a second programmatic interface, wherein the second programmatic interface provides proxied services to the web services provided on the gateway, the gateway adapter provides a third programmatic interface to receive requests from a web service, wherein the requests are proxied by the developer adapter, the developer adapter provides synchronized file storage on an area of the developer machine to a storage area allocated to the gateway adapter on the gateway, the developer adapter initiates communication with the gateway adapter, and the gateway adapter provides the web service employing secure protocols for authentication and authorization; encrypting communications between the developer adapter and the gateway adapter; partitioning, by the gateway, the edge data, wherein the edge data includes: the edge data acquired using protocols which are insecure, the edge data transformed into a secure protocol for transmission to the data aggregator, and the edge data contextualized based upon a configuration at the gateway; securely transmitting the edge data to the data aggregator over a physical medium, and on to a landing point, wherein the transmission is enabled by cellular, satellite, WiFi, or Ethernet protocols, wherein the gateway communicates with another gateway; enabling displaying the edge data at the landing point; and enabling performing a wellsite action based at least on the edge data being sent to the landing point.

Description

BACKGROUND An edge artificial intelligence (AI) platform that is designed for the oil, gas, and the broader energy industry includes openness, security, and ability to scale. Openness means, among other things, that the edge AI platform can work with equipment from a variety of manufacturers. Edge AI platforms and Internet of Things (IoT) solutions for the energy industry are designed to be secure from the field to the cloud. Edge AI platforms and IoT solutions are scalable. The edge AI platform can facilitate edge device management through remote tools and over-the-air updates. Because many remote wellsites suffer from connectivity issues, edge computing enables some AI-based control and decision-making functions to be concentrated at the wellsite (or “at the edge”), rather than exclusively at remote data centers located elsewhere on the Internet (or “in the cloud”). The use of edge computing is making wellsite operations increasingly autonomous, with AI providing the “brains” to keep remote sites operating completely on their own, at peak efficiency, even during episodes of poor connectivity. When connectivity is available, the data collection and computing activities conducted at the wellsite can be reported back to users and services operating at data centers and other remote locations. When developing solutions for an edge AI platform, a problem is that there is no easy way to generate data and see their effect in the cloud. Allowing a developer to publish data directly to the cloud from a development machine raises issues related to security and usability making it difficult for the targeted user, for example, but not limited to, a subject matter expert or a non-cloud developer, to deal with the problems of securing the edge. The step to move from development to using a hardware-based gateway is a difficult step. Relatedly, it is difficult to connect a customer's edge gateway to the cloud (or referred to herein as a data aggregator) without custom development on a gateway deployed in a customer's network. At the wellsite, a gateway device begins the process of connecting and interacting with edge devices. A Trusted Platform Module (TPM), a computer chip that can securely store artifacts used to authenticate a platform such as a personal computer (PC) or laptop, provides the gateway with an unforgeable identity and secure storage for cryptographic secrets. The gateway can enforce a secure measured boot by leveraging the TPM to provide protection against software tampering and malware infection. Another issue is to connect an application with a physical asset (for example, sensors/actuators/serial ports/satellite/cellular/etc.) that is available in the gateway while testing. What is needed is to share, for example, serial and network ports on the gateway as though they were located on the developer's machine. SUMMARY A system of one or more computers can be configured to perform particular operations or actions by virtue of having software, firmware, hardware, or a combination of them installed on the system that in operation causes or cause the system to perform the actions. One or more computer programs can be configured to perform particular operations or actions by virtue of including instructions that, when executed by data processing apparatus, cause the apparatus to perform the actions. One general aspect includes a non-transitory computer-readable medium storing instructions for publishing edge data to a data aggregator from an edge system deploying the gateway to handle the edge data provided by the edge system, where the gateway executes on a physical system, a virtual machine, the data aggregator, the developer machine, or a combination thereof. The gateway communicates with the developer machine using transmission control protocol (TCP)/user datagram protocol (UDP) ports, where the TCP/UDP ports include message queuing telemetry transport (MQTT)/advanced message queuing protocol (AMQP), hypertext transfer protocol secure (HTTPS), remote dictionary server (Redis), or other web services, and/or hardware ports, where the hardware ports include serial ports and/or universal serial bus (USB) ports and/or network ports. The gateway can be managed by device management software, where the management is local and/or remote. The gateway can include a routing message broker, and can include components that (a) provide the web services, (b) compute, transform, store, transmit, and receive the edge data, and (c) manage security, deployment, and monitoring services. The instructions also include deploying a developer adapter running on the developer machine and a gateway adapter running on the gateway, where the developer adapter resides in a segmented data area on the developer machine. The gateway adapter can reside in a segmented data area on the gateway. The developer adapter can provide a first programmatic interface that proxies calls to the gateway adapter for connections to the routing message bro