Ericsson Technology Review: Spotlight on the Internet of Things

ERICSSON
TECHNOLOGY
C H A R T I N G T H E F U T U R E O F I N N O V A T I O N | V O L U M E 9 9 I 2 0 1 9
INTERNET
OF THINGS
SPOTLIGHT ON THE

FEATURE ARTICLE
Driving transformation in the automotive
and road transport ecosystem with 5G
Several automotive and transport services that require cellular connectivity
are already in commercial operation today, and many more are on the horizon.
At Ericsson, we believe that the best way to address the growing connectivity
needs of this industry sector is through a common network solution, as opposed
to taking a single-segment silo approach.
07
2019 ✱ ERICSSON TECHNOLOGY REVIEW 5
CONTENTS ✱
21 5G-TSN INTEGRATION MEETS NETWORKING REQUIREMENTS FOR
INDUSTRIAL AUTOMATION
Time-Sensitive Networking (TSN) is becoming the standard Ethernet-based
technology for converged networks of Industry 4.0. Future industrial automation
will depend to a large extent on a combination of TSN features and 5G
URLLC capabilities to provide deterministic connectivity end to end.
31 END-TO-END SECURITY MANAGEMENT FOR THE IOT
Service providers that want to capitalize on IOT opportunities without
taking undue risks need a security solution that provides continuous
monitoring of threats, vulnerabilities, risks and compliance, along with
automated remediation. We have developed an end-to-end IOT security
and identity management architecture that delivers on all counts.
39 DISTRIBUTED CLOUD: A KEY ENABLER OF AUTOMOTIVE
AND INDUSTRY 4.0 USE CASES
Emerging use cases in the automotive industry – as well as in manufacturing
industries where the first phases of the fourth industrial revolution are taking place
– have created a variety of new requirements for networks and clouds. At Ericsson,
we believe that distributed cloud is a key technology to supportsuch use cases.
49 BOOSTING SMART MANUFACTURING
WITH 5G WIRELESS CONNECTIVITY
5G wireless connectivity has been designed to enable the fully-connected
factories of the future. The integration of 5G ultra-reliable low-latency
communication (URLLC) in the manufacturing process will accelerate
the transformation of the manufacturing industry and make smart factories
more efficient and productive than ever.
59 KEY TECHNOLOGY CHOICES FOR
OPTIMAL MASSIVE IOT DEVICES
LTE-M and NB-IOT have enabled the introduction of a new generation of IOT
devices that deliver on the promise of scalable, cost-effective massive IOT
applications using LPWAN technology. However, a few key technology choices
are necessary to create IOT devices that can support the multitude of existing
and emerging massive IOT use cases.
59
Asset monitoring
Wireless sensors
Non-real-time
Soft real-time
Mobile robots
Automated guided vehicles
Hard real-time
Time-critical
closed-loop control Wi-Fi
Low
(milliseconds)
Low
High
High
(seconds)
End-to-end latency
Reliability
(with load)
Wi-Fi
MulteFire
LTE
NR Unlicensed
spectrum
Licensed
spectrum
MulteFire
LTE
NR49
Local Re
Local DC
MTSO
MTSO
Local and regional
Service ex
HD maps
Data exposure for au
Access sites
Video stream
ECU sensors
HD maps
Video stream
ECU sensors
HD maps
Intelligent driving
Advanced driver
assistance
Huge
amount
of data
39
5G system
SDN controller
End-to-end Ethernet
TSN FRER
PDU session
AF as
TT
PCF
5G control plane
CUC control
NETCONF/
RESTCONF
I/O device
(sensor/
activator)
5G user plane
CUC
End
station
End
station
Controller
CNC
TT
TT
UE
UE
gNB
gNB
UPF
UPF
TT
TSN
bridge
TT
TSN
bridge
TSN
bridge
TSN
bridge
CUC control
PDU session 1
Virtual TSN bridge
Virtual TSN bridge
PDU session 2
21
31
OEM advanced driver
assistance systems (ADAS)
Fleet management (including remote
assistance of driverless vehicles)
Critical IoT
Cellular
connectivity
Broadband IoT
Massive IoT
Logistics and connected goods
Connected road
infrastructure services
Vehicle-centric OEM and aftermarket
services (including telematics)
Vehicle-as-a-sensor for general
third-party applications (including
weather and maps)
Regulated Cooperative-Intelligent
Transport Systems (C-ITS)
Coverage
Latency
Reliability
Coverage
Latency
Reliability
Coverage
Capacity
Latency
Reliability
Coverage
Capacity
Latency
Capacity
Coverage
Coverage
Capacity
Coverage
Capacity
Convenience and
infotainment services
07

2019 ✱ ERICSSON TECHNOLOGY REVIEW 7
EDITORIAL ✱✱ EDITORIAL
Ericsson Technology Review brings you
insights into some of the key emerging
innovations that are shaping the future of ICT.
Our aim is to encourage an open discussion
about the potential, practicalities, and benefits
of a wide range of technical developments,
and provide insight into what the future
has to offer.
a d d r e s s
Ericsson
SE -164 83 Stockholm, Sweden
Phone: +46 8 719 00 00
p u b l i s h i n g
All material and articles are published on the
Ericsson Technology Review website:
www.ericsson.com/ericsson-technology-review
p u b l i s h e r
Erik Ekudden
e d i t o r s
Tanis Bestland, lead editor (Nordic Morning)
tanis.bestland@nordicmorning.com
Liam James (Nordic Morning)
liam.james@nordicmorning.com
e d i t o r i a l b o a r d
Håkan Andersson, Anders Rosengren,
Mats Norin, Erik Westerberg,
Magnus Buhrgard, Gunnar Thrysin,
Håkan Olofsson, Dan Fahrman, Robert Skog,
Patrik Roseen, Jonas Högberg,
John Fornehed, Jan Hägglund, Per Willars and
Sara Kullman
f e at u r e a r t i c l e
Driving transformation in the automotive and
road transport ecosystem with 5G
a r t d i r e c t o r
Liselotte Stjernberg (Nordic Morning)
p r o j e c t m a n a g e r
Susanna O’Grady (Nordic Morning)
l ay o u t
Liselotte Stjernberg (Nordic Morning)
i l l u s t r at i o n s
Jenny Andersén (Nordic Morning)
s u b e d i t o r s
Ian Nicholson (Nordic Morning)
Paul Eade (Nordic Morning)
i s s n : 0 0 1 4 - 0 17 1
Volume: 99, 2019
■ the internet of things (IOT) has emerged as
a fundamental cornerstone in the digitalization of
both industry and society as a whole. It represents
a huge opportunity not only in economic terms, but
also from a global challenges perspective – making
it easier for governments, non-governmental
organizations and the private sector to address
pressing food, energy, water and climate related
issues. With this in mind, we decided to create a
special issue of Ericsson Technology Review solely
focused on IOT opportunities and challenges.
At its heart, the IOT involves the collection and analysis
of insights and the automation of processes involving
machines, things, places and people, thus in essense
fusing the physical and cyber realms into one system.
In so doing, it transforms business models – making
it possible to sell services rather than products, for
example, or outcomes instead of services – as well as
enabling the reengineering of business processes to
achieve the same outcome in a more efficient way.
Not a single technology, the IOT is instead composed
of a set of key technologies, encompassing devices
with sensors and actuators, connectivity, cloud and
edge computing, artificial intelligence/machine
learning (AI/ML) and security.
5G and the IOT are closely intertwined. One of the
biggest innovations within 5G is support for the IOT
in all its forms, both by addressing mission criticality
as well as making it possible to connect low-cost,
long-battery-life sensors.
Supporting the fourth industrial revolution
Industry 4.0 – also known as the fourth industrial
revolution – is already heavily reliant on IOT
technologies. Manufacturing companies have
SPOTLIGHT ON THE
INTERNET OF THINGS
demanding requirements in terms of cost,
flexibility, safety and performance, and it is critical
that their requirements are addressed in the
ongoing development of the IOT. The automotive
and transportation industry is another sector that is
undergoing fundamental technology changes that
require specialized IOT support. Both of these
sectors are examined in detail in this issue
of the magazine.
Harnessing the full potential
Fundamental to any IOT solution is the ability to
connect the things of interest. Huge potential is lost
when it is not possible to get the relevant things and
locations online. When everything is connected,
however, a wealth of new data becomes available,
raising questions about how it should be handled
(and potentially monetized).
The wealth of data that the IOT generates can be
used for a wide range of different purposes –
everything from controlling robots on a factory floor
to tracking and monitoring perishable goods in
logistics on a global scale by the creation of Digital
Twins. As such, IoT and Cyber-Physical System are
converging into one and the same concept. Data
must be processed both in the cloud and close to
where it is produced and consumed, driven by
requirements for reliability, cost and performance.
Compute and storage serves as a continuum from
the cloud and data center across the network
infrastructure to the machines and things. The
network itself will become the perfect infrastructure
for edge computing for all industries.
Ensuring trust in data integrity and reliability
Now that the IOT plays such a key role in the success
of so many enterprises, securing data end-to-end
has become a top requirement. While reliability and
trust are key considerations in all IOT applications,
they are of utmost importance in mission-critical
applications such as the predictability of data
delivery to robots.
IhopethatthisspecialIOTissueofEricssonTechnology
Review provides you with valuable insights about the
IOT-relatedopportunitiesavailabletoyourorganization,
along with ideas about how we can overcome the
challenges ahead. If you would like to share a link to
the whole magazine or to a specific article, you can
find both PDF and HTML versions at https://www.
ericsson.com/en/ericsson-technology-review
ERIK EKUDDEN
SENIOR VICE PRESIDENT,
CHIEF TECHNOLOGY OFFICER AND
HEAD OF GROUP FUNCTION TECHNOLOGY
ERICSSON TECHNOLOGY REVIEW ✱ 2019
ONEOFTHEBIGGESTINNOVATIONS
WITHIN5GISSUPPORTFORTHEIOT
INALLITSFORMS

8 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ 2019 9
✱ XXXXXXXXXXX XXXXXXXXXX ✱✱ TRANSFORMING TRANSPORTATION WITH 5G TRANSFORMING TRANSPORTATION WITH 5G ✱
2 SEPTEMBER 13, 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ SEPTEMBER 13, 2019 3
Major mobile network operators around the world have started rolling
out 5G cellular networks, with subscriber penetration expected to reach
about 20 percent by 2024 [1]. One of the many benefits of these powerful,
multipurpose networks is their ability to provide reliable, secure and fit-
for-purpose cellular connectivity in automotive and transport applications.
THORSTEN LOHMAR,
ALI ZAIDI,
HÅKAN OLOFSSON,
CHRISTER BOBERG
Once considered merely “nice to have,”
connectivity is rapidly becoming a critical
part of road transportation systems.
Ericsson predicts that the number of
connected cars in operation will rise
to more than 500 million in 2025 [9].
■Alreadytoday,vehicleoriginalequipment
manufacturers(OEMs)areincreasinglyfocusing
ondeliveringservicesinadditiontosellingvehicles
asproducts.Softwareisnowacriticalcomponent
ofvehicles,andOEMsareinvestingheavilyin
automation,architecturesimplificationandnew
drivetraintechnologiessuchaselectrification.
Atthesametime,trafficandroadauthoritiesare
seekingnewtechnologysolutionstoreducecarbon
emissions,trafficcongestionandcasualties–
solutionsthatareoftendependentonvehicle
functionalityandtheabilitytoprovidevarious
typesofsupportfordriversandvehicles.Meeting
thesediverseneedsrequiressoftware-definedand
network-awarevehicles,combinedwithadvanced
networkconnectivity.
Whileitistruethatmanyoftoday’s2G-4G
networkscanprovidesufficientconnectivityfor
numerousInternetofThings(IoT)applications,
thehigherdatarate,lowerlatencyandimproved
capacityprovidedby5GNewRadio(NR)access
make5Gsystemstheidealchoicetomaximize
thesafety,efficiencyandsustainabilityofroad
transportation.
Overviewofautomotive
androadtransportservices
Awidearrayofautomotiveandroadtransport
servicesrequirecellularconnectivity,withmany
alreadyincommercialoperation.Tobetter
understandthebigpicture,wehaveclassifiedthese
servicesintoeightgroups,asshowninFigure1.
RegulatedCooperative-IntelligentTransport
Systems(C-ITS)focusongovernmentalregulated
servicesforroadsafetyandtrafficefficiency.Traffic
efficiencyusecaseshaverelaxedlatency
requirements,whilesafety-relateddataoften
requiresreliablelow-latencycommunication.A
benefitofregulationistoencouragecross-OEM
cooperationinstandardized(regulated)information
exchange.RegulatedC-ITSservicesmayalsouse
dedicatedITSspectrumincertainregions;for
example,fordirectshort-rangecommunication
using3GPPPC5orIEEE(InstituteofElectricaland
ElectronicsEngineers)802.11ptechnologies.
ThepurposeofOEMadvanceddriverassistance
systems(ADAS)istoincreaseroadsafetyby
focusingonthedriveranddrivingbehavior.They
relyprimarilyonvehiclesensorinformationandare
typicallynotcollaborativeacrossvehiclebrands.
ADASservicescanalsobenefitfromdataprovided
bytrafficauthoritiessuchastrafficlightinformation.
Theyareexpectedtoevolvetosupportthedriverless
vehiclesofthefuture.
Fleetmanagementservicesareaimedatvehicle
fleetownerssuchaslogisticsorcar-sharing
companies.Thecommunicationserviceisprimarily
usedtomonitorvehiclelocationsandthevehicle/
driverstatus.Whenthefleetconsistsofdriverless
vehicles,thefleetmanagementalsoincludescommu-
nicationsupportforoperationsmonitoringandremote
assistance,whichcanimplyfullremotedriving.
Theprimaryfocusinthelogisticsandconnected
goodscategoryisonthetrackingoftransported
objects(commodities,merchandisegoods,cargo
Figure 1 Overview of automotive and road transport services that require cellular connectivity
OEM advanced driver
assistance systems (ADAS)
Fleet management (including remote
assistance of driverless vehicles)
Critical IoT
Cellular
connectivity
Broadband IoT
Massive IoT
Logistics and connected goods
Connected road
infrastructure services
Vehicle-centric OEM and aftermarket
services (including telematics)
Vehicle-as-a-sensor for general
third-party applications (including
weather and maps)
Regulated Cooperative-Intelligent
Transport Systems (C-ITS)
Coverage
Latency
Reliability
Coverage
Latency
Reliability
Coverage
Capacity
Latency
Reliability
Coverage
Capacity
Latency
Capacity
Coverage
Coverage
Capacity
Coverage
Capacity
Convenience and
infotainment services
IN THE AUTOMOTIVE AND ROAD
TRANSPORT ECOSYSTEM WITH 5G
Driving
transformation

Thefirstthreesegmentsarerelevantforautomotive
andtransportservices.ThecoloreddotsinFigure1
indicatetheirrelevanceforeachoftheeightservice
groups,basedonkeyconnectivityperformance
indicators.
MassiveIoT
MassiveIoTconnectivitytargetslowcomplexity
narrow-bandwidthdevicesthatinfrequentlysendor
receivesmallvolumesofdata.Thedevicescanbein
challengingradioconditionsrequiringcoverage
extensioncapabilitiesandmaysolelyrelyonbattery
powersupply.MassiveIoTissuitableforlow-data-
rateusecasesthatcanbesupportedwithnarrow
bandwidthmodems.Theseusecasescanbefound
inlogistics,telematics,fleetmanagementand
connectingpartsofroadinfrastructure,forexample.
BroadbandIoT
BroadbandIoTconnectivityenableslargevolumes
ofdatatransfer,extremedataratesandlowlatencies
fordeviceswithsignificantlylargerbandwidthsthan
massiveIoTdevices.BroadbandIoTconnectivityis
alsocapableofenhancingsignalcoverageperbase
stationandextendingdevicebatterylifeifrequire-
mentsondatarateandlatencyarenotstringent.
BroadbandIoTisvitalforthemajorityoftheauto-
motiveusecasesthatrequirehighdataratesandlow
latency,suchasinfotainment,telematics,fleet
management,sensorsharing,basicsafetyandADAS.
CriticalIoT
CriticalIoTconnectivityenablesultra-reliable
and/orultra-lowlatencycommunication.Itaimsto
delivermessageswithstrictlyboundedlowlatencies
eveninheavilyloadedcellularnetworks.CriticalIoT
canenablesomeveryadvancedservices,suchas
remotedrivingofautomatedcommercialvehicleson
specificroutes.
4GnetworksalreadysupportmassiveIoT(based
onLTECategoryM1andNarrowbandIoTaccess)
andbroadbandIoT(basedonLTEaccess).5G
networkswillboostbroadbandIoTperformance
andenablecriticalIoTwiththeintroductionofNR.
WiththeevolutionofcellularIoTinthe5Gera,
cellularnetworkswouldenablethefullrangeof
existingandemergingautomotiveapplications.
Thishorizontalapproachofsupportingallservices
throughthecellularnetworkismuchfasterandmore
cost-efficientthandeployingdedicatedsystemsfor
differentservices,suchasadedicatedshort-range
communicationsystemforregulatedC-ITS[3].
Acceleratingtheadoptionof5Gconnectivity
Whenrollingout5Gnetworks,MNOsaimto
balanceinvestments,newrevenuesand
competitiveness.Decisionsaboutwhereandwhen
todeploy5Gnetworksdependnotonlyon
commercialfactorsbutalsoonspectrumavailability
indifferentregions.Acceleratedadoptionof5G
intheecosystem,includingtheautomotiveand
transportindustry,requires:
❭ The ability of 5G NR deployments to deliver
value from day one.
❭ The ability to efficiently share spectrum
resources between 5G NR and 4G LTE.
❭ Operators’ ability to reuse 4G LTE radio base
station equipment for 5G NR deployments as
much as possible.
Oneofthe5Gfundamentalsistightinterworking
between4GLTEand5GNRradioaccess.
Thisinterworkingallows5G-capabledevicesto
simultaneouslyaccess4GLTEand5GNRcarriers.
A5G-capablemodemcanconnectwithNR(whenin
NRcoverage)toexperienceaboostinperformance
andcapacitywhilemaintainingits4GLTE
connection.Thisapproachensuresthat5GNR
deploymentscandelivervalueforautomotiveand
transportservicesfromdayone.
Bothwide-area5Gcoverageandautomotive
sectorrequirementsdemandthat5GNRand4G
LTEareabletoefficientlysharespectrumresources.
Lowercarrierfrequencieswhere4GLTEis
operationalareidealfromacoverageperspective
(duetobetterradiowavepropagationcharacteristics)
andveryattractivefor5GNRdeployments.
However,4GLTEwillberequiredformanyyearsto
supportlegacydevices(suchasvehicleswith4G
andsoon)duringtheproductionandtransport
cycleoftheobject.
Convenienceandinfotainmentservicesdeliver
contentsuchastrafficnewsandaudioentertainment
fordrivers,andgamingandvideoentertainmentfor
passengers.
Invehicle-as-a-sensorforgeneralthird-partyuse
cases,thesensorsinstalledinthevehicletoprovide
informationtosolutionsaimedatachievingdriving
improvements(suchasADASorautomateddriving)
arereusedtoprovideanonymizeddatatoother
partiestomonitorcityinfrastructureandroad
status,maintainstreetmapsortogiveaccurateand
up-to-dateweatherinformation.
Vehicle-centricOEMsandaftermarketservices
focusonvehicleperformanceandusage.Theymake
itpossiblefortheOEMtocollectvehiclediagnostics
datathatenablesittomonitor/adjustthevehicleand
giveadvicetothedriverforimproveddriving
efficiency.Otherexamplesofservicesinthis
categoryincludevehicletracking andpredictive
maintenance.
Connectedroadinfrastructureservicesare
operatedbycitiesandroadauthoritiestomonitor
thestateofthetrafficandcontrolitsflow,suchas
physicaltrafficguidancesystems,parking
managementanddynamictrafficsigns.
Eachservicegroupcontainsmultipleusecases,
andrequirementscanbediversewithinagroup.
Thekeyconnectivityrequirementspersegment
arenotedinFigure1.
5G-enablednetworkforallservices
Connectedvehiclesandroadinfrastructurearepart
ofabroaderIoTecosystemthatiscontinuously
evolving.Toensurecostefficiencyandfuture-proof
support,mobilenetworkoperators(MNOs)aimto
meettheconnectivitydemandsofmultipleindustry
verticals,includingtheautomotiveandtransport
industry,usingcommonphysicalnetworkinfra-
structure,networkfeaturesandspectrumresources.
EricssondividescellularconnectivityfortheIoT
intofourdistinctsegments:massiveIoT,broadband
IoT,criticalIoTandindustrialautomationIoT[2].
Examples of connected services trials
In addition to all the connected services already in commercial operation, there are many noteworthy
advanced trials on 4G/5G cellular networks, including:
❭ C-ITS in Australia: https://exchange.telstra.com.au/making-our-roads-safer-with-connected-vehicles/
❭ C-ITS in Europe: https://5gcar.eu
❭ Multi-party information exchange for C-ITS: https://www.nordicway.net/
❭ Connected traffic light information and driver advice for C-ITS: https://www.talking-traffic.com/en
❭ ADAS: https://www.ericsson.com/veoneer
❭ AD-aware traffic control: https://www.drivesweden.net/en/events/demo-ad-aware-traffic-control-0
❭ Tele-operated driving and HD mapping: https://5gcroco.eu/
❭ Self-driving, remote-assisted trucks: https://www.ericsson.com/en/press-releases/2018/11/ericsson-
einride-and-telia-power-sustainable-self-driving-trucks-with-5g
❭ Service continuity at border crossings: https://www.ericsson.com/en/blog/2019/5/connected-vehicle-cross-
border-service-coverage
❭ Connected logistics: https://clc.ericsson.net/#/use-cases

Insomecases,thefleetoperatorprovides
connectivitytothetransportedobjects(passengers
inthiscase),asillustratedinFigure2.Alternatively,
thevehicle’sOEMsubscriptioncanbeusedto
providepassengerWi-Fi.
Insteadofusingthevehicle-mountedconnectivity
support,infotainmentandnavigationareoften
providedbyasmartphonewithitsownsubscription
thatiscarriedintothevehicle.AsfutureITSand
ADASservicesevolve,theytoowillbeavailable
throughsmartphones,whichwillincreaseservice
penetrationtooldervehicles.
Achievingglobalconsistency
inautomotiveandtransportconnectivity
Vehiclesallaroundtheworldneedconnectivityto
communicate,and,likeanyotherdevice,avehicle
needsanMNOsubscriptiontoaccessacellular
network.Thestarkcontrastbetweentheglobal
natureofvehicles’connectivityrequirementsand
thelocalnatureofMNOspresentssignificant
challengestomeettheautomotiveandtransport
ecosystem’sconnectivityneeds,mostnotablyinthe
areasofsubscriptionprovisioning,roaming,local
breakout/distributedcomputingandcost
separation/trafficprioritization.
Subscriptionprovisioning
Oneofthechallengesparticulartotheautomotive
andtransportecosystemisthatthelonglifecycleof
vehiclesandtheirvaryingroamingneedsovertime
maymakeitnecessaryforavehicleownerand/or
OEMtochangethesubscriptionmultipletimes.
SincethephysicalSIMcardsthatcontainthe
subscriptioncredentialsarenoteasilyaccessible
invehicles,itisproblematictohavetochangethem.
EmbeddedSIM(eSIM)technologyovercomes
thischallengebyenablingremoteprovisioningof
MNOsubscriptions.AneSIMunitcanbesoldered
intothecellulardevicewhichstorestheMNO-
specificnetworkaccesscredentials(thesubscription)
asaSIMcardprofile.Thesubscriptionscanthenbe
changedremotelyover-the-airwithoutphysically
touchingthevehicle.Tosimplifytheusageofthis
technology,theGSMAhasdevelopedaneSIM
profilespecification[6].
Roaming
Itiscommontodayforavehicletobeproducedinone
country,soldinanother,ownedinathird,anddriven
acrossborderstonumerousadditionalcountriesor
regions,withhighrequirementsondatathroughput
andlatencyindependentoflocation.Inlightofthis,
roamingisfrequentlythedefaultoperatingmodelfor
aconnectedvehicle.Today’sroamingsolution,how-
ever,issingle-human-user-centric–designedto
supportuserstravelingoutsidethecoverageoftheir
homemobilenetworks.Itisnotdesignedforconnected
vehiclesonaglobalscale.Asaresult,ithasanumber
oflimitationsinautomotiveandtransportapplications.
modems).Toaddressthis,Ericssonhasdeveloped
fullydynamicspectrumsharingbetweenNRand
LTEonamillisecondlevelforoptimizedutilization
ofspectrum[4].
Withrespecttooperators’abilitytoreuse4GLTE
radiobasestationequipmentfor5GNRdeployments,
theEricssonRadioSystemcanbefullyreusedon
existingsitesfollowingaremotesoftwareupgrade,
includingbasebandunits,radiosandantennas
(whenNRandLTEshareaspectrumband)[4].This
important5Gfunctionalitywillfacilitatemarket-
drivendeploymentsalongmoststreetsandroads.
However,insomecases,publicincentivescantrigger
fasterroadcoveragedeployment,forexampleby
lettingMNOsdeploynetworksusingroad
authorities’siteassets,orregulatingroadcoverage
requirementsinspectrumlicenseauctions[5].
Therelationbetweenin-vehicle
andwide-areaconnectivity
Figure2illustrateshowcellularconnectivityworks
forvehiclesandroadsideequipment.Itvisualizes
vehiclesasmultipurposedevicesinwhichseveral
connectivity-dependentusecasesareexecuted
simultaneously.Atthesametime,eachvehiclealso
containsaninternalnetworkthatinterconnects
in-vehiclesensors,actuatorsandotherdevices,
includingdriverandpassengersmartphones.
Agatewayfunction(traditionallyimplemented
intheTelematicsControlUnit)connectsthe
vehicle-internalnetwork(s)totheexternalnetwork.
Amongotherthings,thisgatewayfunctionprotects
thevehicle-internaldevicesagainstexternalmisuse.
Additionalsecurityandtrafficseparationsolutions
restrictaccesstosensitivein-vehicledevicesfrom
insidethevehicleaswell.
Connectivitytotheexternalnetworkisrealized
byoneormoremodems,containingoneormore
subscriptions(representedbySIMcards)when
usingcellularaccess.Thenumberofmodems
andsupportedsubscriptions(providedbythe
OEM,forexample)hasgenerallybeenatrade-off
betweencostconstraintsandsimpleserviceusage.
Morerecently,capacityandredundancygains
havealsobeentakenintoconsideration.
Figure 2 Cellular connectivity for vehicles and roadside equipment
Fleet
GW
Fleet
mgmt
services
Passenger
Wi-Fi
Telematics, ADAS, C-ITS
Infotainment
Private vehicle
Roadside equipment
Wide-area cellular network
Commercial vehicle for people transport
Wi-Fi
Telematics
OEM
GW
OEM
GW
Owner
GW
Terms and abbreviations
3GPP – 3rd
Generation Partnership Project | ADAS – Advanced Driver Assistance Systems |
AMQP – Advanced Message Queuing Protocol | C-ITS – Cooperative Intelligent Transportation Systems |
DSDA – Dual Sim Dual Active | eSIM – Embedded SIM | GW – Gateway | HTTP – Hypertext Transfer
Protocol | IEEE – Institute of Electrical and Electronics Engineers | IOT – Internet of Things | MAC – Media
Access Control | MNO – Mobile Network Operator | MQTT – Message Queuing Telemetry Transport |
NR – New Radio | OEM – Original Equipment Manufacturer | PC5 – LTE-V2X short-range access interface |
PGW – Packet Data Network Gateway | PDCP – Packet Data Convergence Protocol | PHY – Physical
Layer | RLC – Radio Link Control | SCEF – Service Capability Exposure Function | SLA – Service Level
Agreement | TCP – Transmission Control Protocol | TLS – Transport Layer Security | Uu – Utran-UE
(interface in 3GPP)

Firstly,sinceroamingfeesareonlypartially
regulated,theydependtoalargeextentonbilateral
agreementsbetweentwoMNOs.Asaresult,thefees
canvary,whichcanmakeitdifficulttopredictthe
costfortheusedconnectivityincertaincases.
Secondly,ithastraditionallybeenthecasethat
onlybasicconnectivityandcommunicationisenabled
whileroaming,whichmeansthatsomemore
advancedserviceandcapacityrequirementsmay
notbemetwhenavehicleconnectsoutsideitshome
network.RoamingagreementsbetweenMNOs
typicallyputlimitationsonhowtheconnectivitycan
beused,andthevisitedMNOcandisconnectthe
deviceifitisnotinlinewiththeagreement.
Thirdly,thecurrentlydeployedroamingarchi-
tectureisdesignedtoroutetraffictothehomenetwork
first,whichincreaseslatency.Thisisproblematicin
automotiveusecasesthatarelatency-criticalor
producehighdatathroughput.Inthesecases,fast
accesstonational/localdatacentersisrequired.
Fourthly,thefactthatamobiledeviceloses
connectivityforsometime(uptoabout120seconds)
whenbeinghandedoverfromoneMNOtoanother
isaseriousissueformanyusecases.Thereason
forthedelayisthatthemobiledeviceneedsto
firstscanforasuitablenetworkproviderand
thenregisteritselfinthenewmobilenetwork.
Thisappliesatbothinternationalcountryborders
andnationalcoverageborders.
InEricsson’sview,therearetwocomplementary
pathstoovercomingroamingchallengesinthe
automotiveandtransportindustry:
1. Enhancing the existing roaming solution
through the creation of an alliance of MNOs.
2. Avoiding roaming altogether by using local
subscriptions and eSIM technology for
provisioning in each local network.
Theenhancementoftheexistingroamingsolution
wouldensurethatoperatorstreatroamingusersthe
samewaytheytreatlocalusers–thatis,therewould
benoadditionalcostsandroaminguserswouldhave
consistentcapabilityandsupportforlow-latencyand
high-volumeservices.Thiscouldbeachieved
throughthecreationofanallianceofMNOsthat
enablesthe3GPProamingarchitecture“Local
breakoutinthevisitednetwork,”[7]whichwould
providedirect,fastaccesstolocaldatacenters.
Alternatively,itispossibletoavoidtheroaming
modelaltogetherbyusinglocalsubscriptionsand
eSIMtechnologyforprovisioningineachlocal
network.Thisapproachensuresaccesstoallthe
functionalityandcapacityprovidedbythelocal
network,includingdirectaccesstolocaldatacenters.
Someformofcoordinationofservice,subscription
andcostmodelsbetweentheinvolvedoperators
wouldberequiredtoachieveconsistency.
Bothofthesealternativesinvolvetheuseof
differentcorenetworks,whichmeansthattherecan
bevariancesinserviceexperienceandSLAsupport
betweenoperators.Thisisduetothefactthatthecore
networkistheentitythatcontrolsmostoftheservice-
specificparametersandmanagesthetechnicalSLAs.
FullharmonizationofservicesandSLAcontrol
requiresanalignmentofcorenetworkfunctions.
Regardlessofwhichoptionischosen,afastinter-
MNOmobilitysolutionisalsorequiredtoreduce
thetimefornetworkswap.Acombinationofnetwork
featuresinarecenttrialhasbeenshowntoprovide
fastinter-networkservicecontinuity[8].
Localbreakoutanddistributedcomputing
Severalemergingautomotiveservicesrequire
vehiclestobeconnectedtothecloudandnetworks
tofacilitatethetransferofalargeamountofdata
betweenvehiclesandthecloud.Someoftheservices
maybemoretime-critical,whileotherservicesallow
timephasingtoadifferenttimeslotoranotheraccess
network.TheAECC(AutomotiveEdgeComputing
Consortium)addressesthetechnicalrealization
ofsuchusecasesbydesigningatopology-aware
distributedcloudsolutiononaglobalscale,
tobetteraccommodatetheneedsoftheautomotive
industry[9,10].
Costseparationandtrafficprioritization
Intheautomotiveandtransportecosystemthereisa
needtoseparatethecostsforcellularconnectivity
fordifferentservicesinthevehicletargetedat
differentstakeholders–suchastheownerofthe
vehicleorvehiclefleet,thedriver/userofthevehicle,
thevehicleOEMandtraffic/roadauthorities.For
example,onemaywantentertainment-relatedcosts
tobechargedtothepassengers,whiletheOEM
coversthecostforvehicle-centricsensordata
uploads.Supportfordatatrafficprioritizationisalso
essential,particularlyattimesofhighnetworkusage,
suchaswhenvehiclesarestuckinatrafficjam.
Therearetwomainalternativesforcost
separation:multiplesubscriptionsormultiple
connectionsusingasinglesubscription(alsoknown
asdedicatedbearers).Avehiclecanhavemultiple
subscriptionstoconnectwithoneormultiplemobile
networksformultipleservices.Multiple
subscriptionscanbeactivesimultaneouslywhen
multipleservicesareneededconcurrently.The
vehiclecanbeeithernativelyequippedtosupport
multiplesimultaneousactivesubscriptionsthrough
theuseofaDual-SimDualActive(DSDA)device,
forexample,oradditionalcommunicationdevices
canbeaddedtothevehiclelater(eachwithitsown
subscription).Thesedevicescouldbepermanently
mountedortheycouldbetemporarydevicessuchas
thedriver’ssmartphone.
Adedicatedbearerframeworkallowsseparation
oftrafficflowsfordifferentiatedQoShandlingand
chargingusingasinglesubscriptionandsingle
modem.3GPPsystemssupporttrafficdifferentiation
basedonPolicyandChargingControlrules.
Theterm‘policy’referstovarioustraffic-handling
policies,suchasdifferentQoSfordifferenttrafficflows.
In4Gnetworks,theseparateddatastreamsare
handledasdifferentbearers,whichareknownas
dedicatedbearers.Thecellularnetworkidentifies
thetrafficflowsbasedontrafficflowtemplates–
typicallya5-tupleintheformofIPaddresses,
protocolandtransportlayerports.Theconsumed
datavolumescanbeaccountedseparatelyforeach
bearer.Within5Gnetworks,theseparateddata
streamsarehandledasdifferentQoSflows.
Figure3depictsanend-to-endarchitecture
usingdedicatedbearersfortrafficseparation,
consideringdistributedcomputingwithedgeclouds.
Figure 3 Usage of dedicated bearers for traffic separation within one vehicle OEM cellular subscription
Cellular network
Default bearer
Dedicated bearers
with different priorities
Request network
feature
OEM edge cloud
IoT protocol stack
Other servers
OEM central cloud
PGW
SCEF
GW
MQTT, AMQP,
HTTP, etc.
TLS
TCP
3GPP Uu
IP
PDCP
RLC
MAC
PHY

Theedgecloudserversareshieldingthecentral
cloudserversbyexecutingtheheavylifting
workloads.Thecentralserverscoordinatetheheavy
workloadfunctionsanddistributetheloadacross
differentedgecloudserversandsites.
Thecentralcloudserverssteerthevehicle’s
connectiontoanappropriateedge,whichsupports
theserviceandhassufficientcomputational
capacity.Thepolicyrulesfortrafficseparationcan
beprovidedeitherstaticallywithinthepolicysystem
ofthenetworkordynamicallyusingtheService
CapabilityExposureFunction(SCEF),whichis
providedbythemobilenetworktowardtheOEM.
TheSCEFisevolvingintotheNetworkExposure
Functionin5G.
Figure3alsoillustratesanexampleprotocolstack
fordifferentIoTconnectivityprotocols.Popular
publish/subscribeIoTprotocolslikeMQTT(S)or
AMQP(S)canbeusedforeventnotificationtoone
ormorereceivers.Vehiclescansubscribeto
channels(calledtopics)thatprovideinformation
relevanttoacertaingeographicalarea.
HTTP(S)istypicallyusedtofetchinformationor
providefeedback.Forusecasessuchasremote
driving,additionalprotocolsareusedforsending
uplinkvideoanddownloadvehiclecontrol
commands.Whenusedwithdedicatedbearers,all
themessagesusingthesametransportconnection
(TCP,forexample)willbetreatedaccordingtothe
samepolicyrule(prioritization,forexample).
Inupcoming5Gnetworks,thenetworkslicing
concept[11]maybeusedforserviceandcost
separation.
Conclusion
Theconnectivityneedsoftheautomotiveand
transportecosystemarediverseandcomplex,
requiringacommonnetworksolutionratherthan
asingle-segmentsiloapproach.Theongoingrollout
of5Gprovidesacost-efficientandfeature-rich
foundationforahorizontalmultiservicenetwork.
5Gnetworks(including2G-4Gaccesses)offer
excellentcapabilitiesthatmakethemtheideal
choicetomeetthewidevarietyofneedsinthe
automotiveandtransportecosystem.Thetime-to-
marketfor5Gnetworksandservicesisfasterthan
earliergenerations,andtheconnectivitycapabilities
canbetailoredtodifferentservicesusingmechanisms
thatenablebothseparatedQoStreatmentand
separatedcharging.Thisfunctionalitycontributes
tomaking5Ginstrumentalinhelpingtomaximize
thesafety,efficiencyandsustainabilityofroad
transportation.
References
1. Ericsson Mobility Report, June 2019, available at: https://www.ericsson.com/49d1d9/a ssets/local/mobility-
report/documents/2019/ericsson-mobility-report-june-2019.pdf
2. Ericsson white paper, Cellular IoT Evolution for Industry Digitalization, January 2019, available at:
https://www.ericsson.com/en/white-papers/cellular-iot-evolution-for-industry-digitalization
3. 5GAA white paper, C-ITS Vehicle to Infrastructure Services: how C-V2X technology completely changes
the cost equation for road operators, available at: https://5gaa.org/wp-content/uploads/2019/01/5GAA-
BMAC-White-Paper_final2.pdf
4. Ericsson, 5G deployment considerations, available at: https://www.ericsson.com/en/networks/trending/
insights-and-reports/5g-deployment-considerations
5. BundesnetzagenturfürElektrizität,Gas,Telekommunikation,PostundEisenbahnen,2018,availableat:
https://www.bundesnetzagentur.de/SharedDocs/Downloads/EN/Areas/Telecommunications/
Companies/TelecomRegulation/FrequencyManagement/ElectronicCommunicationsServices/
FrequencyAward2018/20181214_Decision_III_IV.pdf;jsessionid=0A5E0D5D76E944D2218CF71B6D9EC500?__
blob=publicationFile&v=3
6. GSMA, The SIM for the next Generation of Connected Consumer Devices, available at:
https://www.gsma.com/esim/
7. 3GPP TS 23.501, System architecture for the 5G System (5GS), available at:
https://www.3gpp.org/DynaReport/23501.htm
8. Ericsson blog, Keeping vehicles connected when they cross borders, May 21, 2019, available at:
https://www.ericsson.com/en/blog/2019/5/connected-vehicle-cross-border-service-coverage
9. Ericsson Technology Review, Distributed cloud – a key enabler of automotive and industry 4.0 use cases,
November 20, 2018, available at: https://www.ericsson.com/en/ericsson-technology-review/archive/2018/
distributed-cloud
10. AECC white paper, General Principle and Vision, version 2.1.0, December 25, 2018, available at:
https://aecc.org/wp-content/uploads/2019/04/AECC_White_Paper_v2.1_003.pdf
11. Ericsson, Network Slicing, available at: https://www.ericsson.com/en/digital-services/trending/network-
slicing?gclid=CjwKCAjw-ITqBRB7EiwAZ1c5U-MQSqTjzDQJRiH43LlO4CPSFvBZC7sBbDRt-iSMX7yXrDd_
hzn1LxoCFCwQAvD_BwE
Further reading
❭ Learn more about evolving cellular IOT for industry digitalization at: https://www.ericsson.com/en/networks/
offerings/cellular-iot
5GPROVIDESACOST-
EFFICIENTANDFEATURE-RICH
FOUNDATIONFORAHORIZONTAL
MULTISERVICENETWORK

18 ERICSSON TECHNOLOGY REVIEW ✱ 2019
✱ XXXXXXXXXXX✱ TRANSFORMING TRANSPORTATION WITH 5G
12 ERICSSON TECHNOLOGY REVIEW ✱ SEPTEMBER 13, 2019
Thorsten Lohmar
◆ joined Ericsson in
Germany in 1998 and has
worked primarily within
Ericsson Research. He
specializesinmobilenetwork
architectures, focusing on
end-to-end procedures and
protocols. He is currently
working as an expert for
media delivery and acts
as the Ericsson delegate
in different standards
groups and industry forums.
Recently, he has focused on
industry verticals such as
automotive and transport.
Lohmar holds a Ph.D. in
electrical engineering from
RWTH Aachen University,
Germany.
Ali Zaidi
◆ is a strategic product
manager for cellular IoT
at Ericsson. He received
an M.Sc. and a Ph.D. in
telecommunications from
KTH Royal Institute of
Technology, Stockholm,
Sweden, in 2008 and 2013,
respectively. Since 2014,
he has been working with
technology and business
development of 4G and 5G
radio access at Ericsson. He
has co-authored more than
50 peer-reviewed research
publications and two books,
filed over 20 patents and
made several 3GPP and
5G-PPP contributions. He
is currently responsible
for LTE for machines, NR
ultra-reliable low-latency
communication, NR
Industrial IoT, vehicle-to-
everything communication
and local industrial networks.
Håkan Olofsson
◆ has 25 years’ experience
of the mobile industry, and
its RAN aspects in particular.
He joined Ericsson in 1994
and has served the company
and the industry in a variety
of capacities, mostly dealing
with strategic technology
development and evolution
of 2G to 5G. He is currently
head of the System Concept
program in Development
Unit Networks. He is also
codirector of the Integrated
Transport Research Lab
in Stockholm, founded
together with the KTH Royal
Institute of Technology
and the Swedish vehicle
manufacturer Scania.
Olofsson holds an M.Sc. in
physics engineering from
Uppsala University, Sweden.
Christer Boberg
◆ serves as a director
at Ericsson’s CTO office,
responsible for IoT
technology strategies
aimed at solving networking
challenges for the industry
on a global scale. He initially
joined Ericsson in 1983
and during his career he
has focused on software
and system design as a
developer, architect and
technical expert, both
within and outside Ericsson.
In recent years, Boberg’s
work has centered on the
IoT and cloud technologies
with a special focus on the
automotive industry. As part
of this work, he founded and
drives the Automotive Edge
Computing Consortium
(AECC) together with
industry leading companies.
theauthOrs
Theauthorswould
liketothank
TomasNylander,
MaciejMuehleisen,
Stefano
Sorrentino,
MichaelMeyer,
MarieHogan,
MikaelKlein,
AndersFagerholt,
TimWouda,
FredrikAlriksson,
RobertSkogand
HenrikSahlinfor
theircontributions
tothisarticle.

✱ 5G-TSN INTEGRATION FOR INDUSTRIAL AUTOMATION 5G-TSN INTEGRATION FOR INDUSTRIAL AUTOMATION ✱
2 AUGUST 27, 2019 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ AUGUST 27, 2019 3
The move toward smart manufacturing creates extra demands on
networking technologies – namely ubiquitous and seamless connectivity
while meeting the real-time requirements. Today, 5G is good for factories;
nevertheless, its integration with Time-Sensitive Networking (TSN) would
make smart factories fully connected and empower them to meet all key
requirements on industrial communication technology.
JÁNOS FARKAS,
BALÁZS VARGA,
GYÖRGY MIKLÓS,
JOACHIM SACHS
Industrial automation is one of the industry
verticals that can benefit substantially
from 5G, including, for example, increased
flexibility, the reduction of cables and
support of new use cases [1]. At the same
time, factory automation is going through
a transformation due to the fourth industrial
revolution (also known as Industry 4.0),
and this requires converged networks that
support various types of traffic in a single
network infrastructure.
■Asitstands,IEEE(InstituteofElectrical
andElectronicsEngineers)802.1Time-Sensitive
Networking(TSN)isbecomingthestandard
Ethernet-basedtechnologyforconvergednetworks
ofIndustry4.0.Itispossiblefor5GandTSNto
coexistinafactorydeploymentandaddresstheir
primaryrequirements,suchas5Gforflexibility
andTSNforextremelylowlatency.Beyondthat,
5GandTSNcanbeintegratedtoprovidesolutions
totheaforementioneddemandsofubiquitousand
seamlessconnectivitywiththedeterministicQoS
requiredbycontrolapplicationsendtoend.
Ultimately,integratingthesekeytechnologies
provideswhatisneededforsmartfactories.
5G:addingultra-reliablelow-latency
communication
5Ghasbeendesignedtoaddressenhancedmobile
broadbandservicesforconsumerdevicessuchas
smartphonesortablets,butithasalsobeentailored
forInternetofThings(IoT)communicationand
connectedcyber-physicalsystems.Tothisend,two
requirementcategorieshavebeendefined:massive
machine-typecommunicationforalargenumberof
connecteddevices/sensors,andultra-reliablelow-
latencycommunication(URLLC)forconnected
controlsystemsandcriticalcommunication[1][2].It
isthecapabilitiesofURLLCthatmake5Gasuitable
candidateforwirelessdeterministicandtime-
sensitivecommunication.Thisisessentialfor
industrialautomation,asitcanenablethecreation
ofreal-timeinteractivesystems,andalsoforthe
integrationwithTSN.
Severalfeatureshavebeenintroducedto5G
inphase1(3GPPRelease15)andphase2(3GPP
Release16,tobefinalizedbyMarch2020)that
reducetheone-waylatencyandenablethe
transmissionofmessagesovertheradiointerface
withreliabilityofupto99.999percent,achievable
inacontrolledenvironmentsuchasafactory.
5GRANfeatures
5GRAN[3]withitsNewRadio(NR)interface
includesseveralfunctionalitiestoachievelow
latencyforselecteddataflows.NRenablesshorter
slotsinaradiosubframe,whichbenefitslow-latency
applications.NRalsointroducesmini-slots,where
prioritizedtransmissionscanbestartedwithout
waitingforslotboundaries,furtherreducinglatency.
Aspartofgivingpriorityandfasterradioaccessto
URLLCtraffic,NRintroducespreemption–where
URLLCdatatransmissioncanpreemptongoingnon-
URLLCtransmissions.Additionally,NRapplies
veryfastprocessing,enablingretransmissionseven
withinshortlatencybounds.
FOR INDUSTRIAL AUTOMATION
5G-TSNintegration
meetsnetworking
requirements
Definition of key terms
Smart factories are being developed as part of the fourth industrial revolution. They require ubiquitous
connectivity among and from the devices to the cloud through a fully converged network, supporting
various types of traffic in a single network infrastructure, which also includes mobile network segments
integrated into the network.
ULTIMATELY,INTEGRATING
THESEKEYTECHNOLOGIES
PROVIDESWHATISNEEDED
FORSMARTFACTORIES

forIEEEStd802.3Ethernet,whichmeans
theyutilizeallthebenefitsofstandardEthernet,
suchasflexibility,ubiquityandcostsavings.
TSNstandardscanbeseenasatoolbox
thatincludesseveralvaluabletools,whichcan
becategorizedintofourgroups:trafficshaping,
resourcemanagement,timesynchronization
andreliability,asshowninFigure2.Here,wefocus
onlyontheTSNtoolsthatarestrongcandidatesfor
earlyTSNdeploymentsinindustrialautomation.
TSNguaranteestheworst-caselatencyforcritical
databyvariousqueuingandshapingtechniques
andbyreservingresourcesforcriticaltraffic.
TheScheduledTrafficstandard(802.1Qbv)
providestime-basedtrafficshaping.Ethernetframe
preemption(802.3brand802.1Qbu),whichcan
suspendthetransmissionofanon-criticalEthernet
frame,isalsobeneficialtodecreaselatencyand
latencyvariationofcriticaltraffic.
Resourcemanagementbasicsaredefinedbythe
TSNconfigurationmodels(802.1Qcc).Centralized
NetworkConfiguration(CNC)canbeappliedtothe
networkdevices(bridges),whereas,Centralized
UserConfiguration(CUC)canbeappliedtouser
devices(endstations).Thefullycentralized
configurationmodelfollowsasoftware-defined
networking(SDN)approach;inotherwords,the
CNCandCUCprovidethecontrolplaneinstead
ofdistributedprotocols.Incontrast,distributed
controlprotocolsareappliedinthefullydistributed
model,wherethereisnoCNCorCUC.
Highavailability,asaresultofultra-reliability,
isprovidedbyFrameReplicationandElimination
forReliability(FRER)(802.1CB)fordataflows
throughaper-packet-levelreliabilitymechanism.
Thisprovidesreliabilitybytransmittingmultiple
copiesofthesamedatapacketsoverdisjointpaths
inthenetwork.Per-StreamFilteringandPolicing
(802.1Qci)improvesreliabilitybyprotectingagainst
bandwidthviolation,malfunctioningandmalicious
behavior.
TheTSNtoolfortimesynchronizationisthe
5Gdefinesextra-robusttransmissionmodesfor
increasedreliabilityforbothdataandcontrolradio
channels.Reliabilityisfurtherimprovedbyvarious
techniques,suchasmulti-antennatransmission,
theuseofmultiplecarriersandpacketduplication
overindependentradiolinks.
Timesynchronizationisembeddedintothe
5Gcellularradiosystemsasanessentialpartoftheir
operation,whichhasalreadybeencommonpractice
forearliercellularnetworkgenerations.Theradio
networkcomponentsthemselvesarealsotime
synchronized,forinstance,throughtheprecisiontime
protocoltelecomprofile[4].Thisisagoodbasisto
providesynchronizationfortime-criticalapplications.
Figure1illustratesURLLCfeatures.Itshowsthat
5Gusestimesynchronizationforitsownoperations,
aswellasthemultipleantennasandradiochannels
thatprovidereliability.5Gbringsinredefined
schemesforlowlatencyandresourcemanagement,
whichcanbecombinedtoprovideultra-reliability
andlowlatency.
Besidesthe5GRANfeatures,the5Gsystem
(5GS)alsoprovidessolutionsinthecorenetwork
(CN)forEthernetnetworkingandURLLC.The5G
CNsupportsnativeEthernetprotocoldataunit
(PDU)sessions.5Gassiststheestablishment
ofredundantuserplanepathsthroughthe5GS,
includingRAN,theCNandthetransportnetwork.
The5GSalsoallowsforaredundantuserplane
separatelybetweentheRANandCNnodes,
aswellasbetweentheUEandtheRANnodes.
Time-SensitiveNetworking
forconvergednetworks
TSNprovidesguaranteeddatadeliveryina
guaranteedtimewindow;thatis,boundedlow
latency,low-delayvariationandextremelylowdata
loss,asillustratedinFigure2.TSNsupportsvarious
kindsofapplicationshavingdifferentQoS
requirements:fromtime-and/ormission-critical
datatraffic,forexample,closed-loopcontrol,
tobest-efforttrafficoverasinglestandardEthernet
networkinfrastructure;inotherwords,througha
convergednetwork.Asaresult,TSNisanenabler
of Industry4.0byprovidingflexibledataaccess
andfullconnectivityforasmartfactory.
Time-SensitiveNetworkingstandards
TSNisasetofopenstandardsspecifiedby
IEEE802.1[5].TSNstandardsareprimarily Figure 2 Valuable tools within the TSN toolbox that enable deployments in industrial automation
Traffic shaping
TSN
Time
synchronization
Reliability
Resource management
CNC
Guaranteed delivery in a
guaranteed time window
Latency
Figure 1 5G URLLC overview
Enhanced
mobile broadband
Ultra-reliable
low-latency
communication
Massive
machine-type
communication
Low latency
NR slot = 14 OFDM symbols
5G
URLLC
5G
Time
synchronization
Reliability
Resource management
5G system
5G ultra-reliable low-
latency communication
Latency
Mini-slot
gNB
UL
transmission
UL
grantUL scheduling
request (SR)
Skip SR-to-grant delay
UE

Figure3illustratesthe5G-TSNintegration,
includingeachTSNcomponentshowninFigure2.
Itshowsthefullycentralizedconfigurationmodel,
whichistheonlyconfigurationmodelsupportedin
5Gphase2(3GPPRelease16).
The5GSappearsfromtherestofthenetworkasa
setofTSNbridges–onevirtualbridgeperUserPlane
Function(UPF)asshowninthefigure.The5GS
includesTSNTranslator(TT)functionalityforthe
adaptationofthe5GStotheTSNdomain,bothfor
theuserplaneandthecontrolplane,hidingthe5GS
internalproceduresfromtheTSNbridgednetwork.
The5GSprovidesTSNbridgeingressand
egressportoperationsthroughtheTTfunctionality.
Forinstance,theTTssupportholdandforward
functionalityforde-jittering.Thefigureillustrates
functionalitiesusinganexampleoftwouser
equipments(UEs) withtwoPDUsessions
supportingtwocorrelatedTSNstreamsfor
redundancy.Butadeploymentmayonlyinclude
onephysicalUEwithtwoPDUsessionsusing
dual-connectivityinRAN.Thefigureillustrates
thecasewhenthe5GSconnectsanendstation
toabridgednetwork;however, the5GSmayalso
interconnectbridges.
Thesupportforbasebridgingfeaturesdescribed
hereisapplicablewhetherthe5Gvirtualbridges
areClassAorClassBcapable.The5GShasto
supporttheLLDPfeaturesneededforthecontrol
andmanagementofanindustrialnetwork,suchas
forthediscoveryofthetopologyandthefeaturesof
the5Gvirtualbridges.The5GSalsoneedstoadapt
tothelooppreventionmethodappliedinthebridged
network,whichmaybefullySDNcontrolledwithout
anydistributedprotocolotherthanLLDP.
5GsupportingTime-SensitiveNetworking
Ultra-reliabilitycanbeprovidedendtoendbythe
applicationofFRERoverboththeTSNand5G
domains.Thisrequiresdisjointpathsbetweenthe
FRERendpointsoverbothdomains,asillustrated
inFigure3.
generalizedPrecisionTimeProtocol(gPTP)
(802.1AS),whichisaprofileofthePrecisionTime
Protocolstandard(IEEE1588).ThegPTPprovides
reliabletimesynchronization,whichcanbeusedby
otherTSNtools,suchasScheduledTraffic(802.1Qbv).
ItisimportanttonotethatTSNstandardsare
builtuponthebaseIEEE802.1bridgingstandards,
someofwhichhavetobesupportedinTSN
deploymentsaswell–includingindustrialautomation.
AspecialsetofTSNstandardsarethe
TSNprofilesbecauseaprofileselectsTSNtools
anddescribestheiruseforaparticularusecase
orvertical.
Time-SensitiveNetworking
forindustrialautomation
TheIEC/IEEE60802profile[6]specifiesthe
applicationofTSNforindustrialautomation,and
alsogivesguidelinestowhat5Gneedstosupport.
IEC/IEEE60802providesbasisforotherstandards
targetinginteroperabilityinindustrialautomation.
Forinstance,OpenPlatformCommunications
(OPC)Foundation’sFieldLevelCommunications[7]
initiativeaimsforonecommonmulti-vendor
convergedTSNnetworkinfrastructure.
TheIEC/IEEE60802profilewillspecifymultiple
classesofdevices.Therewillbeatleasttwoclasses
ofdevicesforbothdevicetypes–bridgesandend
stations.Oneclassisfeaturerich(currentlycalled
ClassA),andtheotherclassisconstrained(currently
calledClassB),meaningthatitsupportsasmallerset
offeatures.Bridgesandendstationsbelongingtothe
sameclasshavethesamemandatoryandoptional
TSNcapabilities.
TheLinkLayerDiscoveryProtocol(LLDP)
(802.1AB)ismandatoryforalldevicetypesand
classesforthediscoveryofthenetworktopology
andneighborinformation.
Timesynchronizationisalsomandatoryforall
devicetypesandclasses.Thecurrenttargetisto
supportaminimumofthreetimedomainsforClass
AandaminimumoftwotimedomainsforClassB.
ClassAdevicesmustsupportawiderangeof
TSNfunctions(suchasScheduledTraffic,Frame
Preemption,Per-StreamFilteringandPolicing,
FRERandTSNconfiguration),whichareoptional
forClassBdevices.
Integrated5GandTime-SensitiveNetworking
5GURLLCcapabilitiesprovideagoodmatchto
TSNfeatures(asillustratedinFigures1and2).
Thetwokeytechnologiescanbecombinedand
integratedtoprovidedeterministicconnectivityend
toend,suchasbetweeninput/output(I/O)devices
andtheircontrollerpotentiallyresidinginanedge
cloudforindustrialautomation.Theintegration
includessupportforboththenecessarybase-
bridgingfeaturesandtheTSNadd-ons.
Figure 3 5GS integrated with TSN providing end-to-end deterministic connectivity
5G system
SDN controller
End-to-end Ethernet
TSN FRER
PDU session
AF as
TT
PCF
5G control plane
CUC control
NETCONF/
RESTCONF
I/O device
(sensor/
activator)
5G user plane
CUC
End
station
End
station
Controller
CNC
TT
TT
UE
UE
gNB
gNB
UPF
UPF
TT
TSN
bridge
TT
TSN
bridge
TSN
bridge
TSN
bridge
CUC control
PDU session 1
Virtual TSN bridge
Virtual TSN bridge
PDU session 2
5GS – 5G System | 5QI – 5G QoS Indicator | AF – Application Function | CN – Core Network | CNC –
Centralized Network Configuration | CUC – Centralized User Configuration | FRER – Frame Replication and
Elimination for Reliability | gNB – Next generation Node B (5G base station) | gPTP – Generalized Precision
Time Protocol | I/O – Input/Output | IEC – International Electrotechnical Commission | IEEE – Institute of
Electrical and Electronics Engineers | IOT – Internet of Things | LLDP – Link Layer Discovery Protocol |
NR – New Radio | OFDM – Orthogonal Frequency Division Multiplexing | OPC – Open Platform
Communications | PCF – Policy Control Function | PDU – Protocol Data Unit | SDN – Software-Defined
Networking | TSN – Time-Sensitive Networking | TT – TSN Translator | UE – User Equipment | UL – Uplink |
UPF – User Plane Function | URLLC – Ultra-Reliable Low-Latency Communication

A5GUEcanbeconfiguredtoestablishtwoPDU
sessionsthatareredundantintheuserplaneover
the5Gnetwork[2].The3GPPmechanisminvolves
theappropriateselectionofCNandRANnodes
(UPFsand5Gbasestations(gNBs)),sothattheuser
planepathsofthetwoPDUsessionsaredisjoint.
TheRANcanprovidethedisjointuserplanepaths
basedontheuseofthedual-connectivityfeature,
whereasingleUEcansendandreceivedataoverthe
airinterfacethroughtwoRANnodes.
Theadditionalredundancy–includingUE
redundancy–ispossiblefordevicesthatare
equippedwithmultipleUEs.TheFRERendpoints
areoutsideofthe5GS,whichmeansthat5Gdoes
notneedtospecifyFRERfunctionalityitself.
Also,thelogicalarchitecturedoesnotlimitthe
implementationoptions,whichincludethesame
physicaldeviceimplementingendstationandUE.
RequirementsofaTSNstreamcanbefulfilledonly
whenresourcemanagementallocatesthenetwork
resourcesforeachhopalongthewholepath.Inline
withTSNconfiguration(802.1Qcc),thisisachieved
throughinteractionsbetweenthe5GSandCNC
(seeFigure3).Theinterfacebetweenthe5GSand
theCNCallowsfortheCNCtolearnthe
characteristicsofthe5Gvirtualbridge,andforthe
5GStoestablishconnectionswithspecificparameters
basedontheinformationreceivedfromtheCNC.
Boundedlatencyrequiresdeterministicdelay
from5GaswellasQoSalignmentbetweenthe
TSNand5Gdomains.Notethat5Gcanprovidea
directwirelesshopbetweencomponentsthatwould
otherwisebeconnectedviaseveralhopsina
traditionalindustrialwirelinenetwork.Ultimately,
themostimportantfactoristhat5Gcanprovide
deterministiclatency,whichtheCNCcandiscover
togetherwithTSNfeaturessupportedbythe5GS.
Forinstance,ifa5GvirtualbridgeactsasaClass
ATSNbridge,thenthe5GSemulatestime-
controlledpackettransmissioninlinewith
ScheduledTraffic(802.1Qbv).Forthe5Gcontrol
plane,theTTintheapplicationfunction(AF)ofthe
5GSreceivesthetransmissiontimeinformationof
theTSNtrafficclassesfromtheCNC.Inthe5Guser
plane,theTTattheUEandtheTTattheUPFcan
regulatethetime-basedpackettransmission
accordingly.TTinternaldetailsarenotspecifiedby
3GPPandareleftforimplementation.Forexample,
aplay-out(de-jitter)bufferpertrafficclassisa
possiblesolution.ThedifferentTSNtrafficclasses
aremappedtodifferent5GQoSIndicators(5QIs)
intheAFandthePolicyControlFunction(PCF)
aspartoftheQoSalignmentbetweenthetwo
domains,andthedifferent5QIsaretreated
accordingtotheirQoSrequirements.
Timesynchronization
Timesynchronizationisakeycomponentinall
cellularnetworks(illustratedbytheblack5GSclock
inFigure3).Providingtimesynchronizationina
5G-TSNcombinedindustrialdeploymentbringsin
newaspects.Inmostcases,enddevicesneedtime
referenceregardlessofwhetheritisusedbyTSN
bridgesfortheirinternaloperations.Bridgesalso
requiretimereferenceiftheyuseaTSNfeature
thatisbasedontime,suchasScheduledTraffic
(802.1Qbv).ThegreenclocksinFigure3illustrate
acasewhenbothbridgesandendstationsaretime
synchronized.
AsgPTPisthedefaulttimesynchronization
solutionforTSN-basedindustrialautomation,
the5GSneedstointerworkwiththegPTPofthe
connectedTSNnetwork.The5GSmayactasa
virtualgPTPtime-awaresystemandsupportthe
forwardingofgPTPtimesynchronization
informationbetweenendstationsandbridges
throughthe5GuserplaneTTs.Theseaccount
fortheresidencetimeofthe5GSinthetime
synchronizationprocedure.Onespecialoptionis
whenthe5GSclockactsasagrandmasterand
providesthetimereferencenotonlywithinthe5GS,
butalsototherestofthedevicesinthedeployment,
includingconnectedTSNbridgesandendstations.
Overall,5Gstandardizationhasaddressedthe
keyaspectsneededfor5G-TSNintegration.
Conclusion
Together,5GandTime-SensitiveNetworking(TSN)
canmeetthedemandingnetworkingrequirements
ofIndustry4.0.The5G-TSNintegrationisakey
topicofimportanceatEricsson,andweseethatthe
combinationof5GandTSNisperfectforsmart
factories,giventhefeaturesprovidedforultra-
reliabilityandlowlatency.Thatsaid,acertainlevel
ofintegrationofthetwotechnologiesisneeded
toprovideanend-to-endEthernetconnectivityto
meettheindustrialrequirements.
Integratedtimesynchronizationviawireless5G
andwiredTSNdomainsprovidesacommon
referencetimeforindustrialendpoints.5G
isalsointegratedwiththegivenTSNtoolused
inaparticulardeploymenttoprovidebounded
lowlatency.Thedisjointforwardingpathsofthe
5GandTSNsegmentsarealignedtoprovide
end-to-endultra-reliabilityandhighavailability.
Thefirststepofcontrolplaneintegrationisbeing
carriedoutforasoftware-definednetworking-based
approach(thefullycentralizedmodelofTSN).
Fundamentally,5GandTSNincludethekey
technologycomponentsrequiredforcombined
deploymentinindustrialautomationandhigh
availability.
THE5G-TSNINTEGRATION
ISAKEYTOPICOFIMPORTANCE
ATERICSSON
Further reading
❭ IEEE, Adaptive 5G Low-Latency Communication for Tactile Internet Services, in Proceedings of the IEEE,
vol. 107, no. 2, pp. 325-349, February 2019, Sachs, J; Andersson, L. A. A.; Araújo, J; Curescu, C; Lundsjö, J;
Rune, G; Steinbach, E; and Wikström, G, available at: http://ieeexplore.ieee.org/stamp/stamp.
jsp?tp=&arnumber=8454733&isnumber=8626773
❭ IEEE, Time-Sensitive Networking Standards, feature topic of IEEE Communications Standards Magazine,
June 2018, Farkas, J; Lo Bello L; and Gunther, C, available at: https://ieeexplore.ieee.org/document/8412457
Papers available at: https://ieeexplore.ieee.org/xpl/tocresult.jsp?isnumber=8412445
❭ Learn more about Ericsson Mission Critical and Broadband Networks at: https://www.ericsson.com/en/
networks/offerings/mission-critical-private-networks
References
1. Ericsson Technology Review, Boosting smart manufacturing with 5G wireless connectivity, January
2019, Sachs, J.; Wallstedt, K.; Alriksson, F.; Eneroth, G., available at: https://www.ericsson.com/en/ericsson-
technology-review/archive/2019/boosting-smart-manufacturing-with-5g-wireless-connectivity
2. 3GPP TS 23.501, System Architecture for the 5G System; Stage 2, available at: https://www.3gpp.org/
DynaReport/23501.htm
3. 3GPP TS 38.300, NR; NR and NG-RAN Overall Description; Stage 2, available at: https://www.3gpp.org/
DynaReport/38300.htm
4. ITU-T G.8275.1 Precision time protocol telecom profile for phase/time synchronization with full timing
support from the network, available at: https://www.itu.int/rec/T-REC-G.8275.1/en
5. IEEE 802.1, Time-Sensitive Networking (TSN) Task Group, available at: http://www.ieee802.org/1/tsn
6. IEC/IEEE 60802 TSN Profile for Industrial Automation, available at: http://www.ieee802.org/1/tsn/iec-
ieee-60802/
7. OPC Foundation, Initiative: Field Level Communications (FLC) OPC Foundation extends OPC UA
including TSN down to field level, April 2019, available at: https://opcfoundation.org/flc-pdf

28 ERICSSON TECHNOLOGY REVIEW ✱ 2019
✱ 5G-TSN INTEGRATION FOR INDUSTRIAL AUTOMATION
10 ERICSSON TECHNOLOGY REVIEW ✱ AUGUST 27, 2019
János Farkas
◆ is a principal researcher
in the area of deterministic
networking at Ericsson
Research. He is the chair
of the IEEE 802.1 Time-
Sensitive Networking Task
Group,editorandcontributor
of multiple IEEE 802.1
standards. He is cochair
of the IETF Deterministic
Networking Working Group
and coauthor of multiple
drafts. He joined Ericsson
Research in 1997. He
holds a Ph.D. and M.Sc. in
electrical engineering from
the Budapest University of
Technology and Economics
in Hungary.
Balázs Varga
◆ is an expert in multiservice
networking at Ericsson
Research. He is currently
working on 5G-related
technologies to integrate
mobile, IP/multi-protocol
label switching, Ethernet
and industrial networks.
He is active in related
standardizations: 3GPP
(RAN2, SA2), MEF Forum (IP
Services), IETF (DetNet) and
IEEE (TSN). Before joining
Ericsson in 2010, he directed
and coordinated activities of
an R&D group responsible
for the enhancement of a
broadband service portfolio
and related technologies
at Telekom. He holds a
Ph.D. and M.Sc. in electrical
engineering from the
Budapest University of
Technology and Economics.
György Miklós
◆ is a master researcher at
Ericsson Research. Since
joining Ericsson in 1998,
he has worked on research
topics including wireless
LAN, ad hoc networking
and mobile core network
evolution. He has served
as an Ericsson delegate in
3GPP for many years for 4G
standardization. His current
research interests include
5G industrial applications
and redundancy support
in mobile networks. He
holds a Ph.D. and M.Sc.
in informatics from the
Budapest University of
Technology and Economics.
Joachim Sachs
◆ is a principal researcher
at Ericsson Corporate
Research in Stockholm,
Sweden, where he
coordinates research
activities on 5G for industrial
Internet of Things solutions
and cross-industry research
collaborations. He joined
Ericsson in 1997 and
has contributed to the
standardization of 3G, 4G
and 5G networks. He holds
an Engineering Doctorate
from the Technical University
of Berlin, Germany, and was
a visiting scholar at Stanford
University in the US in 2009.
theauthOrs
Theauthorswould
liketothank
thefollowing
peoplefortheir
contributions
tothisarticle:
ShabnamSultana,
AnnaLarmo,
KunWang,
TorstenDudda,
Juan-Antonio
Ibanez,MariletDe
AndradeJardim,
StefanoRuffini.

✱ IoT SECURITY MANAGEMENT IoT SECURITY MANAGEMENT ✱
2 ERICSSON TECHNOLOGY REVIEW ✱ NOVEMBER 22, 2017 3NOVEMBER 22, 2017 ✱ ERICSSON TECHNOLOGY REVIEW
theIoTserviceprovider,andthedevicesthat
enabletheprovisionoftheIoTservice.The
supportingactorsaretheIoTplatformservice
provider,whoseroleistoprovidetheIoTplatform
fortheIoTserviceprovider,andtheconnectivity
serviceprovider,whoseroleistoprovide
connectivityfortheIoTdevicesandservice.
Thetrustworthinessofservicesandservice
usedependsonhowtheactorsgovernidentities
anddata,securityandprivacy,andthedegreeto
whichtheycomplywiththeagreedpoliciesand
regulations.Thecombinationofthesecurityand
identityfunctionsisimportantfordefiningthe
trustlevel.Forexample,hardware-basedtrust
doesnothelpiftheapplicationdoesnotmakeuse
ofit.Afullytrustedapplicationdoesnothelpif
thecommunicationcannotbetrusted.AnE2E
approachisthereforeessentialtoensuretrust
amongallactorsacrossthesystem.
E2EIoTsecurityarchitecture
ThepurposeofanE2EIoTsecurityarchitecture
istoensurethesecurityandprivacyofIoTservices,
protecttheIoTsystemitselfandpreventIoT
devicesfrombecomingasourceofattacks–a
DistributedDenialofService(DDoS)attack,for
example–againstothersystems.
Figure3illustratesEricsson’sviewofhow
securitycanbemanagedanddeployedinan
E2EmannerthroughoutIoTdomainstomonitor
Figure 1 E2E approach to security and identity
Threat
intelligence
Legend:
Security and identity
management
functions Trust anchoring
E2E security and identity
management
M
M
Domain security and
identity management
for devices and GWs
Domain security and
identity management
for access and network
Access
and network
Apps
and cloud
Domain security and
identity management
for apps and cloud
Domain security and
identity management
for users
M M M M
SW SW SW
As the diversity of IoT services and the number
of connected devices continue to increase,
the threats to IoT systems are changing and
growing even faster.
■ Tocopewiththesethreats,theICTindustry
needsacomprehensiveIoTsecurityandidentity
managementsolutionthatisabletomanageand
orchestratetheIoTcomponentshorizontally(from
devicetoserviceandserviceuser)andvertically
(fromhardwaretoapplication).Inadditiontothis,
theabilitytoaddressbothsecurityandidentity
fromtheIoTdeviceallthewayacrossthecomplete
servicelifecyclewillalsobeessential.
Figure1illustratesanE2Eapproachtosecurity
andidentitythathighlightsthreekeyaspects:
securityandidentitymanagement,securityand
identityfunctions,andtrustanchoring.
IoTactorsandtrust
IoTsystemssupportnewbusinessmodels
thatinvolvenewactorsinconjunctionwith
traditionaltelecommunicationservices.Aside
fromconsumersandmobilenetworkoperators,
enterprises,verticals,partnerships,infrastructure,
andservicesplayincreasinglyvitalroles.Allof
theseactorsaffecttrust.
Figure2presentsthemainandsupportingIoT
actorsandtheirtrustrelationships.Thethreemain
actorsinanIoTsolutionaretheIoTserviceuser,
KEIJO MONONEN,
PATRIK TEPPO,
TIMO SUIHKO
Industries everywhere are digitizing, which is creating a multitude of new
security requirements for the Internet of Things (IoT). End-to-end (E2E)
security management will be essential to ensuring security and privacy
in the IoT, while simultaneously building strong identities and maintaining trust.
FOR THE IoT
Security
Management
END-TO-END

andapplicationsecuritypolicies.Applicationlevel
securitycanbeindependentofordependenton
(federatedwith)theconnectivitylevelsecurity.
Verticalsecurityfromhardwaretoapplicationcan
beusedineverydomaintoprovidehardware-based
rootoftrust,ensuringtheintegrityofthedomain.
Thedomainsarebuiltontrustedhardwareand
software.Whenrequiredbytheindustryandtheuse
case,trustisanchoredtohardware.
Thedomainsincludesecurityandprivacyfunctions
tohandleidentityandaccessmanagement,data
protectionandrighttoprivacy,networksecurity,
logging,keyandcertificatemanagement,and
platform/infrastructuresecurity(includingvirtuali-
zationsecurityandhardware-basedrootoftrust).
ForcriticalIoTservices,thelevelofsecurity
functionsmustbesethighinaccordancewiththe
riskmanagementresultsandserviceprovider
securitypolicies.ForlesscriticalIoTservices,
alowerlevelmaybesufficient.
Securitypolicyandcompliancemanagement
Business-optimalandtrust-centricIoTsecurityis
dependentoncontinuousriskmanagementthat
balancescriticality,cost,usabilityandeffectiveness
tofulfilldifferenttypesofsecurityServiceLevel
Agreementsinmulti-tenantIoTsystems.Since
thecurrentmanagementofIoTsecurityisspotty
atbest,itmustbetransformedintounified
securitymanagementwithadaptiveprotection,
detection,responseandcompliancedrivenby
securitypolicies.Onlyinthisenvironmentcan
serviceprovidersandtheircustomersleverage
E2Enetworkandapplicationknowledgetosecure
assetsacrossallcontexts.
Ourvisionofsecuritypolicyandcompliance
managementdefinessecuritypoliciesusingindustry
standards,regulationandorganizationalpolicies.
Thisapproachhelpstoautomatesecurityand
privacycontrols,maintainthematadesiredlevel
eveninachangingthreatlandscape,andshorten
thereactiontimeinresponsetopotentialbreaches.
Real-timevisibilityregardinggeneralandindustry-
specificsecuritystandardsandregulationsmakesit
possibleforIoTserviceproviderstoremediatepolicy
violationsquicklyanddemonstratecomplianceto
securityframeworks,includingISO,NIST,CSA,
GDPRandCISbenchmarks,aswellasanenterprise’s
ownsecurityandprivacypolicies.Havingthesecurity
baselineconfigurationandcompliancefunctionat
domainlevelensurestheautomatedhardeningofthe
protectedassetsandsupportscontinuouscompliance
monitoringinthedefinedsecuritybaseline.
Domainlevelsecuritymanagementrequiresan
accurateassetinventoryincludingalltheassetsthat
mustbeprotectedinthemanageddomain,suchas
authorizedIoTdevicesandsoftware.Automation
ofassetdiscoveryandcontinuousmonitoringis
essentialtokeeptheassetinventoryupdated.The
vulnerabilityinformationisalsocorrelatedwith
theassetinventorytomonitorandremediatethe
vulnerabilitiesofprotectedassets.
Rapiddetectionofattacksiscrucial.Security
monitoringandanalyticsfunctionalitiesmusthave
theabilitytoanalyzelogs,eventsanddatafrom
IoTdomaincomponentscombinedwithexternal
dataaboutthreatsandvulnerabilities.Machine
learningtechnologymakesitpossibletolearnfrom
andmakepredictionsbasedondata.Couplinga
machinelearninganalyticsenginewithcentralthreat
intelligenceimprovesthedetectionofzerodayattacks
andreducestheresponsetimeforknownthreats.
Ontopofamonitoringandanalyticsengine,
solutionsrelatingtovulnerability,threat,fraudand
riskmanagement,alongwithsecuritypolicyand
orchestrationcomponents,arealsorequiredto
automatesecuritycontrolsandmaintainthemat
desiredlevelsinachangingthreatlandscape.
Combiningtheinformationfeedsforvulnerability,
threatandfraudmanagementresultsintimely
AHIGHDEGREEOF
AUTOMATIONISNECESSARY
TOENSUREASWIFTRESPONSE
TOANYIDENTIFIEDTHREATS
ANDANOMALIES
Figure 2 The main and
supporting IoT actors and
their trust relationships
IoT service
provider
IoT service
user
Main trust
relationship
Supporting trust
relationship
IoT platform
service
provider
Connectivity
service
provider
Device
and protect system resources and assets. The
architecture consists of an E2E security and
identity management layer, domain (device,
gateway, access, platform and application) specific
management layers, and security and identity
functions in each domain component.
AnIoTsystemspansfromthedeviceviadifferent
networkinterfacestothecloudthathoststhe
platformandapplicationsthatprovideservicesthat
areconsumedbyIoTserviceusers.Eachelement
ofthechainmustbeconsideredwhendesigningan
E2EapproachtosecurityandidentityintheIoT.
Thisapproachleveragesadvancedsecurity
analyticsandmachinelearningtoprovidethreat,
riskandfraudmanagementatbothE2Eanddomain
managementlayers.Tomeetindustrysecurityand
privacystandards,anE2Esecuritymanagement
solutionmustalsobeinchargeofoverallsecurity
andprivacypoliciesandcomplianceandbe
abletocoordinateacrossamultitudeofdomain
managementsystemsthroughtheestablishment
ofcross-domainidentitiesandrelevantpolicies.
Domainmanagementofsecurityandidentity
functionswithindomainsensuresthatsecurityand
identitiesareproperlymanaged,configuredand
monitoredwithinthedomainaccordingtopolicies,
regulations,andagreements.Vulnerabilityandsecurity
baselinemanagementalsooccursatthedomain
managementlayerbasedonE2Elevelpolicies.
Accordingtothisapproach,theIoTservice
providerisresponsibleformanagingIoTservice
securityandidentitiesE2E,whereasdomain-level
managementcanbedelegatedtotheIoTplatform
serviceproviderandconnectivityserviceprovider.
Figure3showshowtheIoTdomainsare
managedbothhorizontallyandvertically.
Horizontal(cross-domain)securityisrequiredat
twolevels:connectivityandapplication.Depending
onconnectivitytype,securitycontrolssuchas
mutualauthenticationandencryptionofdatain
transitareprovidedattheconnectivitylevel.On
topofconnectivity,securityisprovidedatthe
applicationlevelfromdevicetocloud,basedon
identificationandaccessmanagementfunctions

Theleveloftrustinthedeviceidentitydependsonthe
strengthofauthenticationbothattheconnectivity
(forexample,3GPP,Wi-Fiandfixed)andapplication
layers.Fordeviceidentitytobetrusted,strong
authenticationandfollow-upofthedeviceintegrity
–withthehelpofhardware-basedrootoftrustinthe
device,forexample–wouldbeneeded.
Adevicewillhavedifferentidentifiersdepending
onwhereitisinitslifecycle.Lifecyclemanagement
ofdeviceidentitiesispartofthesecuritymanage-
mentlayer.Morethanonesecuritymanagement
domainisinvolvedwhenprovisioningidentities.
ConnectivityandIoTserviceprovidercouldbe
differentplayerswhereeachplayertakescareofits
ownidentitylifecyclemanagement.
Whenadeviceismanufactured,thevendorwill
giveitanidentifierthatcouldhavedifferenttrust
levels.Vendorcredentialscouldbeprotectedin
hardware(preferred)ortheycouldbenothingmore
thanaserialnumberprintedonthedevice.Thedevice
hastobeauthenticatedbytheIoTsystem,andnewly
givenidentifiersandcredentials(bootstrapprocess)
willbeusedforconnectivityandapplicationaccesses.
Identifiersandcredentialscanbechanged
duringthedevicelifecycledependingondifferent
triggerssuchasexpirationofcredentials,changeof
serviceproviderandsoon.Connectivityidentities
aredependentontheconnectivitytypeandhave
differentlifecyclemanagementprocesses.For
example,3GPPaccessisbasedonSIMidentities
(IMSIandAKAcredentials).SIMsareeither
physicallyremovableonesorSIMs(i.e.eUICC)
thatcanberemotelyprovisioned[1].
The user identities are needed to identify the
users of the services within the applications and
cloud domain. There may be several different
ways to verify (authenticate) the user identities
such as single- or multi-factor authentication,
federated authentication, or authentication
tokens. Each of these provides a certain level
of authentication strength.
Duetolayeredsecuritymanagementarchitecture
andtheinvolvementofseveralactors(including
industries)intheIoT,anyidentityandaccess
managementsolutionmustbeabletocooperate
withandadapttoexternalidentityandaccess
managementsystems.Ontopofidentification
andauthentication,theremustalsobeaccess
controlforuserssothatonlythepermitted
servicesareauthorized.
Threatintelligence
Threatintelligenceisbuiltandsharedin
communities.Therefore,acentralizedthreat
intelligencesolutionmustbeabletointerface
withdifferentthreatintelligencesourcestolearn
aboutexistingandnewthreats.Consolidationand
correlationofsecurityauditfeedsfromdifferent
domainsarenecessarytoprovideaclearviewof
threatinsightsacrossallIoTdomains.
Automation and machine learning can be
used to great advantage in threat intelligence,
to create and share indicators of compromise
that are actionable, timely, accurate and relevant
to support strategic decision-making and to
understand business risks in detail. Targeted
threat intelligence feeds are a great way to
generate customer-specific threat intelligence.
TwoIoTusecases
TwoconcreteexamplesofhowanE2Esecurity
managementsolutioncanhelpaddressIoT
challengesareprovidedbelow.
DDoSdetectionandprevention
InOctober2016,theMiraibotnetexploiteda
vulnerabilityinIoTdevicestolaunchaDDoS
attackagainstacriticalDNSserverthatdisrupteda
numberoftheinternet’sbiggestwebsites,including
PayPal,SpotifyandTwitter.
Miraiwasdesignedtoexploitthesecurity
weaknessesofmanyIoTdevices.Itcontinuously
scansforIoTdevicesthatareaccessibleoverthe
internetandareprotectedbyfactorydefaultor
hardcodedusernamesandpasswords.Whenitfinds
them,Miraiinfectsthedeviceswithmalwarethat
forcesthemtoreporttoacentralcontrolserver,turning
themintobotsthatcanbeusedinDDoSattacks.
Strong detection and prevention mechanisms
are needed against DDoS attacks that attempt
Figure 3 E2E approach to security and identity
Threat
intelligence
Legend:
management
functions Trust anchoring
E2E security and identity management
M
M
IoT deviceM IoT gatewayM
Access and
network
connectivity
M
IoT app,
platform
and cloud
M IoT user
IoT device
IoT gateway Access and
network
IoT app, platform
and cloud
IoT service user
M
Application
Connectivity
Device
platform
Connectivity
Gateway
platform
Connectivity
Network
infrastructure
Application
Connectivity
Cloud
infrastructure
Application
andaccurateinformationforevaluatingpotential
risksandhelpstodirecteffortsinprotectingthe
mostexposedcriticalassets.Ahighdegreeof
automationisnecessarytoensureaswiftresponse
toanyidentifiedthreatsandanomalies.
Since not all security breaches and attacks
can be prevented, it is crucial to have an efficient
security incident management process that
ensures rapid response and recovery. Real-time
insights and audit trails from tools such as security
monitoring, analytics and log management help
to find the root cause of an incident. The same
information can be also used as the evidence in
digital forensic investigations.
Identitymanagement
Themainpurposeofidentitymanagementisto
managethelifecycleofidentitiesandprovide
identification,authenticationandaccesscontrol
servicesforidentities.Therearevariousidentitiesthat
servedifferentpurposesintheIoTapproach,butthe
mainonesarefordeviceanduseridentification.The
othersareusedformanagementofdevices,functions
andservices.Identifiersandkeysarealsousedto
signdata,includingsoftwareandfirmware.These
differentdeviceidentitiesareneededtoidentifythe
devicesforconnectivitywithintheaccessandnetwork
domains,andtoidentifydeviceapplicationsintheIoT
platformandclouddomain.

1. GSMARemoteSIMProvisioningSpecifications,availableat:https://www.gsma.com/rsp/
2. OfficialJournaloftheEuropeanUnion,May2016,Regulation(EU)2016/679,GeneralData
ProtectionRegulation(GDPR),availableat: http://eur-lex.europa.eu/legal-content/EN/TXT/
PDF/?uri=CELEX:32016R0679&qid=1490179745294&from=en
References
Further reading
〉〉 Ericsson white paper, February 2017, IoT Security – Protecting the Networked Society, available at:
https://www.ericsson.com/en/publications/white-papers/iot-security-protecting-the-networked-society
〉〉 Ericsson, Security Management, available at: https://www.ericsson.com/en/in-focus/security
/security-management
〉〉 Ericsson,IdentityManagement,availableat:https://www.ericsson.com/en/in-focus/security/identity-management
〉〉 ETSI GS NFV-SEC 013, V3.1.1, February 2017, Network Functions Virtualisation (NFV) Release 3;
Security; Security Management and Monitoring specification, available at: http://www.etsi.org/deliver
/etsi_gs/NFV-SEC/001_099/013/03.01.01_60/gs_NFV-SEC013v030101p.pdf
Keijo Mononen
◆ is general manager
of Security Solutions at
Ericsson. In this role he is
responsible for end-to-
end security management
solutions including security
automation and analytics.
Mononen joined Ericsson in
1990andforthepast15years
hehasheldleadingpositions
in professional security
services and in security
technology development.
HeholdsanM.Sc.incomputer
science and engineering
from Chalmers University of
Technology in Gothenburg,
Sweden.
Patrik Teppo
◆ joined Ericsson in 1995
and is currently working
as a security architect
with the CTO Office,
Architecture and Portfolio
team. He is responsible
for the security part of the
Ericsson architecture and
leads Ericsson’s IoT security
architecture work. He holds a
B.Sc. in software engineering
from Blekinge Institute of
Technology, Sweden.
Timo Suihko
◆ joinedEricssonin1992
andiscurrentlyworkingasa
seniorsecurityspecialistinthe
EricssonNetworkSecurity,
SecurityTechnologiesteam,
whichbelongstoGroup
FunctionTechnologyand
EmergingBusiness.He
holdsanM.Sc.fromHelsinki
UniversityofTechnology.
theauthors
to saturate the network by exhausting the band-
width capacity of the attacked site, the server
resources or service availability. In our view, an
optimal outbound DDoS (botnet) detection and
mitigation solution includes remote attestation
to verify device trustworthiness and detect
malware, monitoring of outbound traffic, anomaly
detection, infected entities isolation or blocking
and setting of traffic limit policies. Optimal
inbound DDoS detection and mitigation includes
monitoring of inbound traffic, anomaly detection,
setting of traffic limit policies and redirecting
malicious traffic to a botnet sinkhole.
Thesecuritymanagementlayerplaysacritical
roleindetectingandmitigatingDDoSattacks.
Inourframework,DDoSattacksaredetectedby
thesecuritymonitoringandanalyticsfunctions
throughtheobservationofdeviceandnetwork
behaviorandidentificationofanomalies.Oncean
anomalyisdetected,immediatemitigationactions
canbetriggered.
GDPRcompliance
ThereisalegitimateexpectationinsocietythatIoT
solutionswillbedesignedwithprivacyinmind.This
isbecomingespeciallyevidentincertainjurisdictions:
forexample,intheEuropeanUnionwiththenew
GeneralDataProtectionRegulation(GDPR)[2].
Dataintegrity,dataconfidentiality,accountability
andprivacybydesignareallfundamentaltothe
protectionofsensitivepersonaldata.Suchdata
canbeprotectedviaappropriateprivacycontrols.
Thesecontrolsincludepersonaldataidentification
andclassification,personaldatamanagement
andfairdataprocessingpractices.Whenactual
personaldatamightbeexposed,additionalprivacy
protectivemeasureswillbeappliedsuchasdata
encryptionanddataanonymization.
AnotherfocusareaintheIoTsecuritydomain
istheprivacybreachresponse.Dedicatedprivacy
loggingandaudittrailfunctionalitycanbeusedto
improvetheabilitytoprevent,detectandrespond
toprivacybreachesinamorepromptandflexible
way.Suchcapabilitieswillbeessentialtorespond
toprivacybreachesswiftly(within72hours,as
prescribedbytheGDPR).
ImplementingaGDPRcompliancetoolinthe
securitymanagementlayermakesiteasiertomeet
GDPRrequirements.Todoitsjobright,itmust
beabletoprovideidentificationandclassification
ofpersonaldata,enforcementofdataprivacy
policiesaccordingtotheGDPR,demonstrationof
compliancetotheGDPR,anddetection,response
andrecoveryfromprivacyincidents.
Conclusion
TheIoToffersawealthofnewopportunitiesfor
serviceproviders.Thosewhowanttocapitalizeon
themwithouttakingunduerisksneedasecurity
solutionthatprovidescontinuousmonitoringof
threats,vulnerabilities,risksandcompliance,along
withautomatedremediation.Ericsson’sE2EIoT
securityandidentitymanagementarchitecture
isdesignedwiththisinmind,managingand
orchestratingtheIoTdomainsbothhorizontally
andvertically,andaddressingbothsecurityand
identityfromtheIoTdevicethroughouttheservice
lifecycle.
AKA–AuthenticationandKeyAgreement|CIS–CenterforInternetSecurity|CSA–CloudSecurityAlliance|
DDoS–DistributedDenialofService|DNS–DomainNameSystem|E2E–end-to-end|eUICC–embeddedUniversal
IntegratedCircuitCard|GDPR–GeneralDataProtectionRegulation|GW–gateway|IMSI–InternationalMobile
SubscriberIdentity|IoT–InternetofThings|ISO–InternationalOrganizationforStandardization|NIST–National
InstituteofStandardsandTechnology|SIM–SubscriberIdentityModule|SW–software

✱ DISTRIBUTED CLOUD DISTRIBUTED CLOUD ✱
2 NOVEMBER 20, 2018 ✱ ERICSSON TECHNOLOGY REVIEWERICSSON TECHNOLOGY REVIEW ✱ NOVEMBER 20, 2018 3
ofalargeamountofdatabetweenvehiclesandthe
cloud,oftenwithreal-timecharacteristicswithin
alimitedtimeframewhilethevehicleisinactive
operation.
Highdatavolume
Lookingattheautomotiveindustry,weoftenfocus
onthereal-timeusecasesforsafety,asdefinedby
V2X/C-ITS(vehicletoeverything/cooperative
intelligenttransportsystem),wherereal-time
aspectssuchasshortlatencyarethemostsignificant
requirements.However,theautomotiveindustry’s
newmobilityservicesalsoplacehighdemandson
networkcapacityduetotheextremeamountofdata
thatmustbetransportedtoandfromhighlymobile
devices,oftenwithnear-real-timecharacteristics.
Dataneedstobetransportedwithinalimitedtime
window(~30min/day),withavaryinggeographical
concentrationofvehiclesusingamultitudeof
differentnetworktechnologiesandconditions.
Themarketforecaststhataregenerallyreferred
toindicatethattheglobalnumberofconnected
vehicleswillgrowtoapproximately700millionby
2025andthatthedatavolumetransmittedbetween
Emerging use cases in the automotive industry – as well as in manufacturing
industries where the first phases of the fourth industrial revolution are
taking place – have created a variety of new requirements for networks
and clouds. At Ericsson, we believe that distributed cloud is a key technology
to support such use cases.
CHRISTER BOBERG,
MALGORZATA
SVENSSON,
BENEDEK KOVÁCS
vehiclesandthecloudwillbearound100petabytes
permonth.AtEricsson,however,weanticipatethat
theautomotiveservicesofthenearfuturewillbe
muchmoredemanding.Weestimatethatthedata
trafficcouldreach10exabytesormorepermonthby
2025,whichisapproximately10,000timeslargerthan
thepresentvolume.Gartnerrecentlyraisedthe
expectationsfurtherinitslatestreport(June2018),
estimatingthevolumetobeashighasoneterabyte
permonthpervehicle[1].
Suchmassiveamountsofdatawillplacenew
demandsontheradionetwork,asthemainpartis
ULdata.Newbusinessmodelswillberequired,asa
resultofthehighcostofhandlingmassiveamounts
ofdata.AsexplainedintheAECC(AutomotiveEdge
ComputingConsortium)whitepaper[2],thecurrent
mobilecommunicationnetworkarchitecturesand
conventionalcloudcomputingsystemsarenotfully
optimizedtohandleallofthisdataeffectivelyona
globalscale.Thewhitepapersuggestsmanypossible
optimizationstoconsider–basedontheassumption
thatmuchofthedatacouldbeanalyzedandfiltered
atanearlystagetolimittheamountofdata
transferred.
Both 4G and 5G mobile networks are
designed to enable the fourth industrial
revolution by providing high bandwidth and
low-latency communication on the radio
interface for both downlink (DL) and uplink
(UL) data. Distributed cloud exploits these
features, enabling a distributed execution
environment for applications to ensure
performance, short latency, high reliability
and data locality.
■ Distributedcloudmaintainstheflexibilityof
cloudcomputingwhileatthesametimehidingthe
complexityoftheinfrastructure,withapplication
componentsplacedinanoptimallocationthat
utilizesthekeycharacteristicsofdistributedcloud.
Theautomotivesectorandmanymanufacturing
industriesalreadyhaveusecasesthatmakethem
verylikelytobeearlyadoptersofdistributed
cloudtechnology.
Next-generationautomotiveservices
andtheirrequirements
Mobilecommunicationinvehiclesisincreasing
inimportanceastheautomotiveindustryworks
tomakedrivingsafer,smooththeflowoftraffic,
consumeenergymoreefficientlyandlower
emissions.Automatedandintelligentdriving,
thecreationanddistributionofadvancedmaps
withreal-timedata,andadvanceddrivingassistance
usingcloud-basedanalyticsofULvideostreams
areallexamplesofemergingservicesthatrequire
vehiclestobeconnectedtothecloud.Theseservices
alsorequirenetworksthatcanfacilitatethetransfer
A KEY ENABLER OF AUTOMOTIVE
AND INDUSTRY 4.0 USE CASES
Distributed
cloud
Definition of key terms
❭ Distributed cloud is a cloud execution environment for applications that is distributed across multiple sites,
including the required connectivity between them, which is managed as one solution and perceived as such by
the applications.
❭ Edge computing refers to the possibility of providing execution resources (compute and storage)
with the adequate connectivity (networking) at close proximity to the data sources.
❭ The fourth industrial revolution is considered to be the fourth big step in industry modernization,
enabled by cyber-physical systems, digitalization and ubiquitous connectivity provided by 5G
and Internet of Things (IoT) technologies. It is also referred to as Industry 4.0.

datalocally.Thisreducesthetotalamountofdata
exchangedbetweenvehiclesandcloudswhile
enablingtheconnectedvehiclestoobtainfaster
responses.Theconceptischaracterizedbythree
keyaspects:alocalizednetwork,edgecomputing
anddataexposure.
Alocalizednetworkisalocalnetworkthatcovers
alimitednumberofconnectedvehiclesinacertain
area.Thissplitsthehugeamountofdatatrafficinto
reasonablevolumesperareaofdatatrafficbetween
vehiclesandtheclouds.
Edgecomputingreferstothegeographical
distributionofcomputationresourceswithinthe
vicinityoftheterminationofthelocalizednetworks.
Thisreducestheconcentrationofcomputationand
shortenstheprocessingtimeneededtoconclude
atransactionwithaconnectedvehicle.
Dataexposuresecuresintegrationofthedata
producedlocallybyutilizingthecombinationofthe
localizednetworkandthedistributedcomputation.
Bynarrowingrelevantinformationdowntoa
specificarea,datacanberapidlyprocessedto
integrateinformationandnotifyconnectedvehicles
inrealtime.Theamountofdatathatneedstobe
exchangediskepttoaminimum.
Privateandlocalconnectivity
Aspartofthefourthindustrialrevolution,industry
verticalsandcommunicationserviceproviders
(CSPs)aredefiningasetofnewusecasesfor5G[3].
Privatedeploymentsand5Gnetworksprovidedby
CSPstomanufacturingcompanies,smartcitiesand
otherdigitalindustriesareonthehorizonaswell.
However,therearetwomainchallengestomobile
networkoperators’abilitytodeliver.Thefirstisthe
toughlatency,reliabilityandsecurityrequirements
ofthesenewusecases.Thesecondisfiguringout
howtoshieldtheindustriesfromthecomplexity
oftheinfrastructure,toenableeaseofusewhen
programmingandoperatingnetworks.
Secureprivatenetworkswith
centralizedoperations
Securityanddataprivacyarekeyrequirements
forindustrialnetworks.Insomecases,regulations
orcompanypoliciesstipulatethatthedatamust
notleavetheenterprisepremises.Inothercases,
someorallofthedatamustbeavailableatremote
locationsforpurposessuchasproductionanalytics
oremergencyprocedures.Atypicalindustrial
environmenthasmultipleapplicationsdeployedand
operatedbydifferentthirdparties.Whatthismeans
inpracticeisthatthesameon-premises,cloud-edge
instancethatafactoryalreadyusesforbusiness
supportandITsystemswouldalsoneedtosupport
theconnectivityforitsrobotstointeractwitheach
other.Asaresult,thereisarequirementofmulti-
tenancyforboththedevicesandtheinfrastructure.
Tactileinternetandaugmentedreality
Augmentedreality(AR)andmachinelearning(ML)
technologiesarewidelyrecognizedasthemain
pillarsofthedigitalizationofindustries[4],and
researchsuggeststhatwidedeploymentof
interactivemediaapplicationswillhappenon5G
networks.Manyobserversenvisiontheworker
oftomorrowassomeonewhoisequippedwith
eye-trackingsmartglasses[5]andtactilegloves
ratherthanscrewdriversets[6].Human-to-machine
applicationsrequirelowlatencywhiledemanding
highnetworkbandwidthandheavycompute
resources.Runningthemonthedeviceitself
wouldresultinhighbatteryconsumptionandheat
dissipation.Atthesametime,latencyrequirements
donotallowtherunningofthecompleteapplication
inlargecentraldatabasesduetothephysicallimits
oflightspeedinopticalfibers.
Topology-awarecloudcomputingandstorageis
anexampleofonesuchsolutionthatprovideswhat
wecallaglobalautomotivedistributededgecloud.
Thelimitationontheamountofdatathatcanbe
effectivelytransportedoverthecellularnetwork
mustnotbeallowedtoaffecttheserviceexperience
negatively,asthatwouldhindertheevolutionofnew
automotiveservices.Itisthereforenecessaryto
increasecapacity,availabilityandcoverageaswellas
findingappropriatemechanismstolimittheamount
ofdatatransferred.Orchestratingapplicationsand
theirdifferentcomponentsrunninginamultitudeof
differentcloudsfromdifferentvendorsisoneofthe
challenges.Vehiclesconnectingtonetworkswithout
anexistingapplicationedgeinfrastructureis
another.
Theplacementofapplicationcomponentsat
edgesdependsonthebehavioroftheapplication
andtheavailableinfrastructureresources.
Whendealingwithhighlymobiledevicesthat
connecttoamultitudeofnetworks,itmustbe
possibletomoveexecutionoftheedgeapplication
automaticallywhenamoreappropriatelocation
forthevehicleisdiscovered.Someapplications
requiretransferofpreviouslyanalyzeddataand
findingstothenewlocation,whereanewapplication
componentinstancewillseamlesslytakeovertoserve
themovingvehicle.
Distributedcomputingonalocalizednetwork
Wehavedevelopedtheconceptofdistributed
computingonalocalizednetworktosolvethe
problemsofdataprocessingandtrafficinexisting
mobileandcloudsystems.Inthisconcept,several
localizednetworksaccommodatetheconnectivity
ofvehiclesintheirrespectiveareasofcoverage.
AsshowninFigure1,computationpowerisadded
totheselocalizednetworks,sothattheycanprocess
Figure 1 High-volume data automotive services and their characteristics
Local Regional
Regional DCLocal DC
MTSO
MTSO
MTSO
H
National DC
National sitesLocal and regional sites
Service exposure
HD maps HD maps
Data exposure for automotive services
Access sites
Hub sites
Video stream
ECU sensors
HD maps
Video stream
ECU sensors
HD maps
Mobile
telephone
switching office
Intelligent driving Intelligent driving
Advanced driver
assistance
Advanced driver
assistance
Huge
amount
of data
INDUSTRYVERTICALS
ANDCOMMUNICATION
SERVICEPROVIDERSARE
DEFININGASETOFNEW
USECASESFOR5G

models.Oneexampleofapossiblescenarioisfora
CSPtoofferconnectivityandacloudexecution
environmenttoenterprisesasaservice.Inthiscase,
aCSPmanagesthecomputationandconnectivity
resources,butthesearelocatedattheenterprise
premises.Theapplicationcharacteristicsdetermine
theplacementofapplicationsatvariousgeolocations.
InthecaseofAR/VRandimagerecognition
applicationsusedbytechnicianstofixabroken
powerstation,forexample,itwouldbemosteffective
toplacethemclosetothebrokenpowerstation.
Edgecomputing
Ourdistributedcloudsolutionenablesedge
computing,whichmanyapplicationsrequire.
Wedefineedgecomputingastheabilitytoprovide
executionresources(specificallycomputeand
storage)withadequateconnectivityatclose
proximitytothedatasources.
Intheautomotiveusecase,thenetworkis
designedtosplitdatatrafficintoseverallocations
thatcoverreasonablenumbersofconnected
vehicles.Thecomputationresourcesare
hierarchicallydistributedandlayeredinatopology-
awarefashiontoaccommodatelocalizeddataandto
allowlargevolumesofdatatobeprocessedina
timelymanner.Inthisinfrastructureframework,
localizeddatacollectedvialocalandwidearea
networksisstoredinthecentralcloudandintegrated
AsimpleARapplicationanditsmaincomponents
areshowninFigure2.Thecomponentsofthe
applicationcouldbeexecutedeitheronthedevice
itself,theedgeserverorinthecentralcloud.
Deployingapplicationcomponentsatthenetwork
edgemaymakeitpossibletooffloadthedevicewhile
maintainingshortlatency.Edgecomputeisalso
optimizingtheflowwhencoordinationisrequired–
forexample,whenusingmultiplereal-timecamera
feedstodeterminethe3Dpositionofobjects,also
asshowninFigure2.Furthermore,advancedcloud
softwareasaservice–ML,analyticsandDBsasa
service,forexample–mayalsobeprovidedonthe
edgesite.
Ourdistributedcloudsolution
Ericssonhasdevelopedadistributedcloudsolution
thatprovidestherequiredcapabilitiestosupport
theusecasesofthefourthindustrialrevolution,
includingprivateandlocalizednetworks.Our
solutionsatisfiesthespecificsecurityrequirements
neededtodigitalizeindustrialoperations,with
automotivebeingoneofthekeyusecases.Ericsson’s
distributedcloudsolutionprovidesedgecomputing
andmeetsend-to-endnetworkrequirementsaswell
asofferingmanagement,orchestrationandexposure
forthenetworkandcloudresourcestogether.
AsshowninFigure3,wedefinethedistributed
cloudasacloudexecutionenvironmentthatis
geographicallydistributedacrossmultiplesites,
includingtherequiredconnectivityinbetween,
managedasoneentityandperceivedassuchby
applications.Thekeycharacteristicofour
distributedcloudisabstractionofcloud
infrastructureresources,wherethecomplexityof
resourceallocationishiddentoauserorapplication.
Ourdistributedcloudsolutionisbasedonsoftware-
definednetworking,NetworkFunctions
Virtualization(NFV)and3GPPedgecomputing
technologiestoenablemulti-accessandmulti-cloud
capabilitiesandunlocknetworkstoprovideanopen
platformforapplicationinnovations.Inthe
managementdimension,distributedcloudoffers
automateddeploymentinheterogeneousclouds.
ThiscouldbeprovidedbymultipleCSPs,where
workloadplacementispolicydrivenandbased
onvariousexternalizedcriteria.
Toenablemonetizationandapplicationinnovation,
distributedcloudcapabilitiesareexposedon
marketplacesprovidedbyEricsson,thirdparties
andCSPs.Thedistributedcloudcapabilitiescanbe
offeredaccordingtovariousbusinessandoperational Figure 3 Distributed cloud architecture
Service and resource orchestration
Any workload
Access sites
Local and regional DC sites
National sites
Anywhere in the network End-to-end orchestration
Marketplace
Service exposure
Global clouds
Public
safety
Automotive
FWA
Factory
Video
streaming
Metering
APP
APP
VNF
VNF
APP
APP
APP
VNF
VNF
VNF
VNF
VNFVNF
Figure 2 An AR application and its modules optimized for edge computing
Capturing Preprocessing Object detection
feature extraction
Recognition
database match DB
Display Tracking and
annotation
Position
estimation
Template
matching
IoT device/user equipment
-20ms
BW reduction
-20ms/frame
Computation heavy
-20ms Computation heavy
Multiple device
data aggregation
-100ms
Requires access
to central storage
Edge site National site
OURDISTRIBUTED
CLOUDSOLUTIONENABLES
EDGECOMPUTING,WHICH
MANYAPPLICATIONS
REQUIRE

Ericsson Technology Review: Spotlight on the Internet of Things

Ericsson Technology Review: Spotlight on the Internet of Things

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Ericsson Technology Review: Spotlight on the Internet of Things

Similar to Ericsson Technology Review: Spotlight on the Internet of Things (20)

More from Ericsson

More from Ericsson (20)

Recently uploaded

Recently uploaded (20)

Ericsson Technology Review: Spotlight on the Internet of Things