Software-defined edge computing platform and method of use thereof

Abstract

The application provides a software-defined edge computing platform and a use method thereof, comprising: a device layer, a platform layer and an edge computing layer; the edge computing layer is located between the device layer and the platform layer, accesses devices of the device layer, and is connected with the platform layer; the edge computing layer comprises a lightweight edge computing platform and a cloud collaborative edge intelligent computing platform; the lightweight edge computing platform is used for constructing a platform basic running environment with an embedded real-time operating system; and the cloud collaborative edge intelligent computing platform adopts a general operating system to construct a platform basic running environment. The application has wide Internet of Things device connection capability, enhanced security protection function for an industrial embedded real-time system, supports a domestic key software and hardware platform, and breaks the dependence on foreign key software and hardware, thereby reducing security risks.

Description

Technical Field

[0001] This invention relates to the fields of embedded system technology and edge computing technology in communication engineering, specifically to a software-defined edge computing platform and its usage method, and in particular to a novel domestically produced software-defined edge computing platform and device. Background Technology

[0002] Currently, edge computing technology and applications are still in their early stages of development. The global edge computing market is mainly dominated by American and European companies, with cloud computing giants such as Amazon, Google, and Microsoft leading the field. Edge computing research in my country is also in its initial stages. Although some progress has been made, many issues still need to be addressed in practical applications. In particular, for industrial automation applications in the field of intelligent manufacturing, a crucial aspect is balancing real-time performance and versatility. Edge computing needs to be integrated with industrial control systems, connecting field devices to an industrial data platform in a flat, interconnected manner. Within the data platform, based on the production line's process and workflow models, dynamic management and combination of field devices are achieved through service composition. This enables flexible equipment replacement, flexible production plan adjustments, and rapid deployment of new processes / products in manufacturing.

[0003] Furthermore, the increasing use of edge computing by various devices presents challenges in both physical and virtual security. Physical environments may not be as rigorously protected as cloud-based managed services, and their unreliable security characteristics make IoT devices attractive targets for hackers. Existing industrial field edge computing devices lack high-security platform solutions with fully domestically produced processors and operating systems. Their deployment lacks the physical security of data centers and cannot employ the access, network, and data security measures applied by the software or hardware residing within them. Moreover, they are heavily reliant on foreign critical software and hardware, posing significant security risks.

[0004] Patent document CN112650585A discloses a novel edge The cloud-collaborative edge computing platform, method, and storage medium, from bottom to top, include several underlying edge computing nodes, several task scheduling and monitoring nodes, and a cloud data center. The underlying edge computing nodes collect and process data and execute lightweight edge tasks. The task scheduling and monitoring nodes monitor the status of each underlying edge computing node and, if they find that a task received by an underlying edge computing node is difficult to process, they upload the command to the cloud data center. The cloud data center is used to process and compute the uploaded heavyweight tasks.

[0005] Patent document CN108667725B discloses an industrial soft gateway and its implementation method based on multiple access methods and edge computing. The industrial soft gateway includes: a configuration interaction module, a data collection module, a data edge computing module, and a data transmission control module. The configuration interaction module includes a connection configuration module and a data standardization module. The data collection module is used to collect data from multiple access methods. The data edge computing module is used to perform real-time computation processing on the data collected by the data collection module. The data transmission control module is used to cache all data to be transmitted and to schedule and allocate tasks for forwarding data to the outside world.

[0006] Patent document CN109885566A discloses a data acquisition and edge computing system, including an industrial-grade server, a data collector, a data processing module, an edge computing module, an IoT transmission layer, and an IoT sensing layer. The data collector, data processing module, edge access unit, edge computing module, IoT transmission layer, and IoT sensing layer are all connected to the industrial-grade server.

[0007] Patent document CN109819446A discloses a spatial access authentication method and a software-defined edge computing system for mobile Internet of Things. The method distributes location public keys to access points based on location groups, and the mobile terminal receives the location public keys broadcast by each access point. The mobile terminal encrypts its own ID based on the received location public key and sends it to the controller. The controller re-encrypts the mobile terminal's ID based on the location private key corresponding to the location public key and compares the encrypted ID with the encrypted ID of the mobile terminal. If the comparison results match, the mobile terminal is allowed to access. Summary of the Invention

[0008] To address the shortcomings of existing technologies, the purpose of this invention is to provide a software-defined edge computing platform and its usage method.

[0009] A software-defined edge computing platform provided by the present invention includes: a device layer, a platform layer, and an edge computing layer;

[0010] The edge computing layer is located between the device layer and the platform layer. The edge computing layer connects to the devices in the device layer and interfaces with the platform layer.

[0011] The edge computing layer includes a lightweight edge computing platform and a cloud-collaborative edge intelligent computing platform; the lightweight edge computing platform is used to build the platform's basic operating environment with an embedded real-time operating system, and the cloud-collaborative edge intelligent computing platform uses a general-purpose operating system to build the platform's basic operating environment.

[0012] Preferably, the lightweight edge computing platform directly encapsulates computing, network, and storage resources based on the operating system, integrates multiple industrial fieldbuses, real-time Ethernet, and message telemetry transmission support, and provides functions for edge-side data acquisition, local data storage, and cloud-side data upload. Locally, by loading and executing data models, the platform performs edge-side processing on the acquired data, providing real-time business functions such as real-time monitoring, early warning and prediction, and rapid location of potential faults.

[0013] Preferably, the lightweight edge computing platform is equipped with security protection functions such as user hierarchical management, virtual encrypted partition storage, source port and destination port mapping, and system audit traceability based on an embedded real-time operating system.

[0014] Preferably, the embedded real-time operating system is the Ruihua Embedded Real-Time Operating System;

[0015] The Ruihua Embedded Real-Time Operating System is adapted to the Loongson 2K1000 processor to form an edge computing gateway controller.

[0016] Preferably, the Ruihua embedded real-time operating system provides support for the following peripheral interfaces, file systems, and network protocol stacks: RS232 / RS485 serial port, CAN, Ethernet, USB, and SATA.

[0017] Preferably, the industrial fieldbus protocols provided by the Ruihua embedded real-time operating system include support for Modbus, MQTT, EtherCAT, CANopen, OPC UA, and POWERLINK industrial network communication modules.

[0018] Preferably, the cloud-collaborative edge intelligent computing platform is configured with a container runtime environment and a business flow engine on top of the operating system, supports the encapsulation of resources into functional modules according to business requirements, and combines and calls functional modules through model-driven business orchestration to realize the development and deployment of edge computing services.

[0019] Preferably, the cloud-collaborative edge intelligent computing platform is based on the Galaxy Kylin operating system and adapted to the Phytium multi-core processor to form edge computing nodes.

[0020] Preferably, the Phytium 64-core processor platform is used for adaptation, and the MLU270-S4 smart acceleration card is configured.

[0021] This invention also provides a method for using a software-defined edge computing platform, which, based on the aforementioned software-defined edge computing platform, includes the following steps:

[0022] Step 1: Configure the business rules and RBSE data flow rules for field devices through the cloud management platform;

[0023] Step 2: Enable the cloud to send configuration information to the edge computing nodes via the REST API interface;

[0024] Step 3: Enable the edge computing node to read the business rules and RBSE data flow rules configured on the cloud management platform through the Agent;

[0025] Step 4: Transmit field device data to the edge computing gateway controller via Modbus RTU / TCP, EtherCAT, POWERLINK, CANopen, OPCUA, or MQTT protocols;

[0026] Step 5: Enable the edge computing gateway controller to collect, clean, and transform data from field devices, and then publish the processed data via the MQTT protocol;

[0027] Step 6: Enable edge computing nodes to subscribe to messages from the edge computing gateway controller via the MQTT protocol;

[0028] Step 7: Enable the edge computing nodes to perform Node-RED business processing according to business rules and RBSE data flow rules, and then publish the processed messages via the MQTT protocol; at the same time, the edge computing nodes use the Agent to periodically display the processed messages subscribed to by the cloud via the MQTT protocol for graphical display, so that users can monitor and analyze them on the cloud data monitoring platform;

[0029] Step 8: Enable the edge computing gateway controller to subscribe to messages processed by the service via the MQTT protocol and publish them to the field devices to enable configuration and management of the field devices.

[0030] Compared with the prior art, the present invention has the following beneficial effects:

[0031] 1. This invention provides an open software-defined edge computing platform architecture, which realizes intelligent business data-driven operation based on a streaming engine, has extensive IoT device connectivity capabilities, and enhanced security protection functions for industrial embedded real-time systems. It also supports domestically produced key software and hardware platforms, eliminating dependence on foreign key software and hardware and reducing security risks.

[0032] 2. This invention adopts an open software-defined architecture, featuring hardware resource virtualization, system software platformization, and application software diversification;

[0033] 3. This invention is based on the domestic Ruihua embedded real-time operating system adapted to the domestic Loongson 2K1000 processor, and based on the Kylin server operating system adapted to the domestic Phytium multi-core processor, thus eliminating dependence on foreign key software and hardware; on this basis, it provides support for typical industrial fieldbus protocols such as Modbus RTU, Modbus TCP, MQTT, EtherCAT, CANopen, OPC UA and POWERLINK.

[0034] 4. This invention is designed to enhance the security of industrial embedded real-time systems. Based on the Ruihua Embedded Real-Time Operating System, it develops multiple security components such as user hierarchical management, virtual partition encrypted storage, source port and destination port mapping, and system audit traceability, thereby establishing security guarantees for edge systems. Attached Figure Description

[0035] Other features, objects, and advantages of the present invention will become more apparent from the following detailed description of non-limiting embodiments with reference to the accompanying drawings:

[0036] Figure 1 Overall architecture diagram of the software-defined edge computing platform;

[0037] Figure 2 Architecture diagram for a software-defined edge computing platform;

[0038] Figure 3 User-tiered management architecture diagram;

[0039] Figure 4 This is a diagram illustrating the audit log file format.

[0040] Figure 5 This is a diagram of a containerized deployment architecture based on Docker.

[0041] Figure 6 This is a diagram of the architecture of an edge computing platform based on a workflow engine.

[0042] Figure 7 This is a scene diagram of a grain warehouse monitoring system.

[0043] Figure 8 This is a graph showing the status of the grain warehouse. Detailed Implementation

[0044] The present invention will now be described in detail with reference to specific embodiments. These embodiments will help those skilled in the art to further understand the present invention, but do not limit the invention in any way. It should be noted that those skilled in the art can make several changes and improvements without departing from the concept of the present invention. These all fall within the protection scope of the present invention.

[0045] Example 1:

[0046] like Figures 1-8 As shown, this embodiment provides a software-defined edge computing platform, including: a device layer, a platform layer, and an edge computing layer. The edge computing layer is located between the device layer and the platform layer. The edge computing layer connects to the devices in the device layer and interfaces with the platform layer. The edge computing layer includes a lightweight edge computing platform and a cloud-collaborative edge intelligent computing platform. The lightweight edge computing platform is used to build the platform's basic operating environment with an embedded real-time operating system, while the cloud-collaborative edge intelligent computing platform uses a general-purpose operating system to build the platform's basic operating environment.

[0047] The cloud-collaborative edge intelligent computing platform is configured with a container runtime environment and business flow engine on top of the operating system. It supports the encapsulation of resources into functional modules according to business requirements. Through model-driven business orchestration, functional modules can be combined and called to realize the development and deployment of edge computing services.

[0048] The cloud-collaborative edge intelligent computing platform is based on the Galaxy Kylin operating system and adapted to Phytium multi-core processors to form edge computing nodes. It utilizes a Phytium 64-core processor platform and is configured with a Siyuan MLU270-S4 intelligent acceleration card.

[0049] The lightweight edge computing platform directly encapsulates computing, network, and storage resources based on the operating system, integrates multiple industrial fieldbuses, real-time Ethernet, and message telemetry transmission support, and provides functions for edge-side data acquisition, local data storage, and cloud-side data upload. Locally, by loading and executing data models, the platform performs edge-side processing on the acquired data, providing real-time business functions such as real-time monitoring, early warning and prediction, and rapid location of potential faults.

[0050] This invention addresses the security features of a lightweight edge computing platform, which are enhanced by an embedded real-time operating system. These features include user-level hierarchical management, virtual encrypted partition storage, source and destination port mapping, and system audit traceability. The embedded real-time operating system used is the Ruihua Embedded Real-Time Operating System, which is adapted to the Loongson 2K1000 processor to form an edge computing gateway controller.

[0051] The Ruihua Embedded Real-Time Operating System provides support for the following peripheral interfaces, file systems, and network protocol stacks: RS232 / RS485 serial ports, CAN, Ethernet, USB, and SATA. The Ruihua Embedded Real-Time Operating System also supports industrial fieldbus protocols including Modbus, MQTT, EtherCAT, CANopen, OPC UA, and POWERLINK industrial network communication modules.

[0052] Figure 1 The server operating system in the text is a domestically produced server operating system. Figure 1 The embedded real-time operating system in the text is a domestically developed embedded real-time operating system.

[0053] This embodiment also provides a method for using a software-defined edge computing platform, which includes the following steps based on the aforementioned software-defined edge computing platform:

[0054] Step 1: Configure the business rules and RBSE data flow rules for field devices through the cloud management platform;

[0055] Step 2: Enable the cloud to send configuration information to the edge computing nodes via the REST API interface;

[0056] Step 3: Enable the edge computing node to read the business rules and RBSE data flow rules configured on the cloud management platform through the Agent;

[0057] Step 4: Transmit field device data to the edge computing gateway controller via Modbus RTU / TCP, EtherCAT, POWERLINK, CANopen, OPCUA, or MQTT protocols;

[0058] Step 5: Enable the edge computing gateway controller to collect, clean, and transform data from field devices, and then publish the processed data via the MQTT protocol;

[0059] Step 6: Enable edge computing nodes to subscribe to messages from the edge computing gateway controller via the MQTT protocol;

[0060] Step 7: Enable the edge computing nodes to perform Node-RED business processing according to business rules and RBSE data flow rules, and then publish the processed messages via the MQTT protocol; at the same time, the edge computing nodes use the Agent to periodically display the processed messages subscribed to by the cloud via the MQTT protocol for graphical display, so that users can monitor and analyze them on the cloud data monitoring platform;

[0061] Step 8: Enable the edge computing gateway controller to subscribe to messages processed by the service via the MQTT protocol and publish them to the field devices to enable configuration and management of the field devices.

[0062] To meet the key needs of industry digitalization in areas such as agile connectivity, real-time business operations, data optimization, application intelligence, and security and privacy protection, this embodiment provides edge intelligence services at the network edge, close to the source of objects or data. The main technical problems it addresses are as follows:

[0063] a. Open Software-Defined Architecture: For hardware resource virtualization, container technology is adopted to achieve effective configuration and allocation of underlying resources, thereby enabling resource and application reconfiguration; for system software platformization, on a lightweight edge computing platform, applications and devices, and devices and industrial sites are decoupled. The operating system supports the componentization of service modules and protocol modules, which can be flexibly configured according to different application scenarios and device connection relationships; on the edge-cloud collaborative intelligent edge computing platform, a data flow engine and a business flow engine are designed to support model definition and configuration for filtering, cleaning and processing of business data, as well as the combination and configuration of business logic processes, providing flexible business orchestration capabilities; for the diversification of application software, based on the dynamic loading capability of Ruihua's proprietary embedded real-time operating system, flexible application loading is configured to support diverse applications; based on the Kylin Galaxy operating system, a container flexible configuration, microservice loosely coupled access, and flow engine working environment are built to realize the expansion and re-orchestration of applications and services.

[0064] b. Achieve broad interconnection of field networks based on Ruihua embedded real-time operating system: For intelligent manufacturing and industrial control application scenarios, the edge computing platform should support access to various existing industrial buses and industrial network protocols as well as on-demand loading to enable access to different types of field devices.

[0065] c. Enhanced security protection for industrial embedded real-time systems: Based on the Ruihua embedded real-time operating system, enhanced security protection design is provided in the edge computing gateway controller based on the underlying operating system to improve the information security protection capability of the edge gateway. The edge gateway is the first station for centralized collection of industrial terminal data, and it also has the ability to control or influence the control devices and even I / O execution components of the next layer. Therefore, it is necessary to implement security measures on the edge gateway. At the same time, from the perspective of the entire edge system structure, implementing security protection through gateway devices is also a common practice in industrial control systems.

[0066] d. Localization of key software and hardware: The edge computing gateway controller adopts the domestic Loongson 2K1000 processor and is equipped with the Ruihua embedded real-time operating system. The edge computing node adopts the domestic Phytium multi-core processor and is equipped with the Galaxy Kylin operating system. It also provides the intelligent computing capabilities of the Cambricon MLU270 accelerator card, realizing the design goal of independent controllability of the edge computing platform.

[0067] Example 2:

[0068] Those skilled in the art can understand this embodiment as a more specific description of Embodiment 1.

[0069] The overall architecture of the software-defined edge computing platform provided in this embodiment is divided into three layers, such as... Figure 1As shown, the system considers both the field device layer, primarily for industrial applications, and the cloud platform layer. The edge computing layer is located between these two layers, supporting the access of various field devices downwards and connecting to the cloud platform upwards. Depending on the application scenario, device functionality, and supporting hardware resources, the edge computing layer is divided into a lightweight edge computing platform and a cloud-collaborative edge intelligent computing platform. The left side of the dashed line in the diagram represents the cloud-collaborative edge intelligent computing platform, and the right side represents the lightweight edge computing platform.

[0070] The lightweight edge computing platform uses an embedded real-time operating system to build its basic operating environment, providing good real-time performance. It directly encapsulates computing, network, and storage resources based on the operating system, while integrating support for various industrial fieldbus, real-time Ethernet, and telemetry protocols. It provides basic functions such as edge-side data acquisition, local data storage, and cloud-side data uploading. Locally, by loading and executing data models, it can process the acquired data at the edge, providing real-time business functions such as real-time monitoring, early warning and prediction, and rapid fault location. Furthermore, the platform leverages the embedded real-time operating system to extend security features such as user hierarchical management, virtual encrypted partition storage, source and destination port mapping, and system audit traceability, providing support for device-level security protection.

[0071] Ruihua Embedded Real-Time Operating System is a highly secure and high-performance domestically developed embedded real-time operating system. Besides its widespread use in weaponry, it is also applied in various fields such as rail transportation, industrial control, nuclear power, medical, aerospace, and shipbuilding. As the only domestic operating system to have passed international third-party security certification, it has been deployed in the unmanned fully automated driving control system of Shanghai Metro Lines 15 and 18.

[0072] The cloud-collaborative edge intelligent computing platform uses a general-purpose operating system to build the platform's basic operating environment. On top of the operating system, it configures a container operating environment and a business flow engine, which supports the encapsulation of resources into functional modules according to business requirements. Through model-driven business orchestration, functional modules can be combined and called to achieve integrated development and agile deployment of edge computing services.

[0073] The novel domestically developed software-defined edge computing platform provided in this embodiment includes a lightweight edge computing platform and a cloud-collaborative intelligent edge computing platform, such as... Figure 2 As shown, the lightweight edge computing platform is based on the Ruihua embedded real-time operating system and adapted to the domestic Loongson 2K1000 processor to form an edge computing gateway controller, while the cloud collaborative edge intelligent computing platform is based on the Galaxy Kylin operating system and adapted to the domestic Phytium multi-core processor to form edge computing nodes.

[0074] The Ruihua Embedded Real-Time Operating System is customized and adapted to the Loongson 2K1000 processor platform. It provides support for peripheral interfaces such as serial ports (RS232 / RS485), CAN, Ethernet, USB, and SATA, as well as file systems and network protocol stacks. It also supports industrial fieldbus protocols, including Modbus, MQTT, EtherCAT, CANopen, OPC UA, and POWERLINK industrial network communication modules. The integrated development environment (IDE) for IoT integrates embedded software design, development, debugging, and operation, supporting program compilation and system configuration on the Loongson MIPS platform. It supports the compilation and engineering of various target program formats, including operating system images, static libraries, and dynamically loaded libraries. Furthermore, it supports task scheduling and management for user applications, and the monitoring, tracking, and enforcement of user variables.

[0075] The system is customized with the Kylin operating system and adapted to the domestic Phytium 64-core processor platform. It is equipped with the Cambricon MLU270-S4 intelligent accelerator card, which boasts a theoretical peak computing power of 128 OPS (INT8), providing professional acceleration capabilities for deep computing and AI workloads. A cloud-collaborative edge intelligent computing platform is deployed on top of this card, providing a containerized runtime environment for applications. This environment supports flexible configuration and isolated operation, and includes a workflow engine for local data and business stream processing, as well as the distribution of cloud data or business models. It supports MQTT protocol interaction with IoT and cloud services, and also supports microservice access via REST interfaces.

[0076] The industrial bus protocol component is based on the Ruihua embedded real-time operating system and adapts and integrates Modbus master / slave, EtherCAT master, POWERLINK master, CANopen master / slave, OPC UA protocol stack and MQTT protocol stack. It provides support for Modbus, EtherCAT, POWERLINK, CANopen, OPC UA and MQTT industrial fieldbus protocols for high-end safety equipment, achieving the goals of dynamic deployment, reconfigurability and manageability.

[0077] Based on the Ruihua Embedded Real-Time Operating System, several security components have been developed, including user hierarchical management, virtual encrypted partition storage, source and destination port mapping, and system audit tracing.

[0078] User-level hierarchical management provides the operating system with the ability to restrict user access to certain information items based on user identity and the defined group they belong to. In its design and implementation, it primarily extends the security objects of subjects and objects based on a multi-tasking embedded real-time operating system architecture, implementing functions such as autonomous mandatory access control, mandatory access control, and tagging. Figure 3As shown. The user login layer is primarily responsible for intercepting user input in the shell, prioritizing login event processing, and employing a "username + password" authentication method. Password management is strengthened to meet security requirements such as complexity and regular password changes. The security policy layer mainly adds access control points to the IO module and file system through hook functions. This intercepts existing access requests and delegates them to the security policy framework for decision-making. Access control determines whether the existing access is allowed to continue based on the decision result. The object access layer executes discretionary and mandatory access control policies on object access requests distributed by the security policy layer, while providing necessary policy management functions. The discretionary access control model is implemented by adding a UID attribute completion identifier to the task and adding a permission identifier. The mandatory access control model implements a security context identifier, adds a mandatory access control flag to the task, and implements security control policies for the BLP confidentiality model and the BIBA integrity model.

[0079] Virtual encrypted partition storage is implemented by creating specific secure virtual block devices based on files and configuring a customized file system. Users can only read and write to the encrypted disk normally after correctly mounting the secure virtual block device and configuring the configuration system in the operating system, without affecting the original functional interface prototype. The essence of secure storage is the implementation of a custom virtual encrypted block device, whose data is stored in a disk file created on the physical disk. Logically, this file implements the functions of a physical device; in practice, it is a regular file in the file system. Access to the virtual disk is performed encrypted through the standard interface of the I / OSystem, thus ensuring that the data is encrypted and protected while being persistently written to the actual physical storage medium.

[0080] The source port and destination port mapping is established using a blacklist and whitelist method to map source ports (including addresses) and destination ports (including addresses) in network communication. That is, data packets are intercepted at the IP layer of the protocol stack and matched with IP addresses and ports in the blacklist and whitelist. Data packets that are not in the allowed range or are in the prohibited range are prohibited from communicating with the local system.

[0081] The system audit and traceability function is primarily supported by the security audit service, which is designed in two layers: the lower layer is the basic log functionality layer, responsible for providing basic log read and write functions; the upper layer is the audit management layer, mainly responsible for generating and writing audit logs, registering audit hook functions to relevant audit points in the security module and login module, and defining the underlying storage format of the audit logs to support local log viewing. To flexibly store information of different lengths and facilitate retrieval, the audit log format is designed as follows: Figure 4 As shown.

[0082] This involves deploying Docker containers and various edge-side services based on the domestically developed Kylin server operating system, such as edge MQTT message queues, data flow engines, business flow engines, and edge-side proxy services. Figure 5 As shown. Furthermore, multiple instances of the above services can be configured to run, providing effective support for future application expansion to different application scenarios. Dynamic deployment of services from the cloud-collaborative edge intelligent computing platform within a lightweight application container runtime environment is supported, including service startup and shutdown. Additionally, application isolation of services from the cloud-collaborative edge intelligent computing platform within the lightweight application container runtime environment is supported. This allows two identical services to run within the lightweight application container runtime environment, with external communication between services bound to different physical network interface IPs, and communication between services bound to the container's virtual IP, ensuring that the same application does not interfere with each other.

[0083] The architecture diagram of the edge computing platform based on the workflow engine is as follows: Figure 6 As shown, the configuration includes multiple components such as an edge message queue (MQTT), a rule-based data stream engine (RBSE), a business flow engine (Node-RED) with visual orchestration capabilities, an edge agent, and microservices (REST API). Data transmission in the working engine follows the Mosquitto MQTT protocol. The edge message queue, based on the MQTT publish / subscribe model, enables the engine to receive uploaded IoT data or for processed data streams to be acquired by other components. The rule-based data stream engine (RBSE) is deployed on edge computing nodes, automatically deploying rules by setting operating rules for IoT devices. The business flow engine (Node-RED) provides business orchestration capabilities. The edge agent is primarily responsible for providing encapsulated microservices to facilitate interaction between the edge and cloud platforms, including forwarding edge-specific messages to the cloud platform's MQTT channel, periodically querying the cloud platform status, and updating the flow and rule configurations on the RBSE via POST. The cloud-based REST API interface is mainly used to distribute information configured in the cloud, including version information, site information, IoT information, and rule information, to the edge nodes.

[0084] The working method and steps of the novel domestically produced software-defined edge computing platform and device provided in this embodiment are as follows:

[0085] Step 1: Users configure the business rules and RBSE data flow rules for field devices through the cloud management platform;

[0086] Step 2: The cloud sends the configuration information to the edge computing nodes via a REST API interface;

[0087] Step 3: The edge computing node reads the business rules and RBSE data flow rules configured on the cloud management platform through the Agent;

[0088] Step 4: Field device data is transmitted to the edge computing gateway controller via Modbus RTU / TCP, EtherCAT, POWERLINK, CANopen, OPC UA, and MQTT protocols;

[0089] Step 5: The edge computing gateway controller collects, cleans, and transforms data from field devices, and then publishes the processed data via the MQTT protocol.

[0090] Step 6: Edge computing nodes subscribe to messages from the edge computing gateway controller via the MQTT protocol;

[0091] Step 7: The edge computing node performs Node-RED business processing according to business rules and RBSE data flow rules, and then publishes the processed message via MQTT protocol; at the same time, the edge computing node uses Agent to periodically display the processed message subscribed to by the cloud via MQTT protocol for graphical display, so that users can monitor and analyze it on the cloud data monitoring platform;

[0092] Step 8: The edge computing gateway controller subscribes to messages processed by the service via the MQTT protocol and publishes them to the field devices to enable configuration and management of the field devices.

[0093] Example 3:

[0094] Those skilled in the art can understand this embodiment as a more specific description of Embodiment 1 and Embodiment 2.

[0095] The present application will be further described in detail with reference to an embodiment of the grain warehouse monitoring system. This embodiment is only used to explain the present application and does not constitute a limitation on the scope of protection of the present application.

[0096] The grain silo monitoring system consists of IoT edge devices, edge computing gateway controllers, edge computing nodes, and a cloud computing center. Its main function is to monitor the temperature and humidity of the grain silo and provide timely alarm information to management personnel. When the grain silo temperature exceeds 40°C, a high-temperature alarm is triggered; when the grain silo humidity exceeds 50%, a high-humidity alarm is triggered; when abnormal water immersion is detected, a water immersion voice alarm is triggered; and when abnormal smoke is detected, a smoke voice alarm is triggered. These measures enhance the monitoring and management of the grain silo environment. System scenarios include... Figure 7 As shown.

[0097] Grain warehouse managers set temperature and humidity alarm thresholds for the grain warehouse through the management platform of the cloud computing center. Then, the cloud computing center sends the configuration information to the edge computing nodes through the REST API interface.

[0098] The equipment in the grain warehouse, such as weather louvers, smoke sensors, and water immersion sensors, monitors the on-site environment. The on-site control equipment sends the environmental data collected by each sensor to the edge computing gateway controller via the OPC UA protocol.

[0099] The edge computing gateway controller cleans the received field data, such as removing illogical temperature and humidity data, and then publishes the information via the MQTT protocol with message topics "louver / 0001", "smokesensor / 0001", and "watersensor / 0001".

[0100] Edge computing nodes subscribe to messages with the aforementioned specific topics and identifiers from the edge computing gateway controller via the MQTT protocol. Simultaneously, the edge computing nodes read the configuration information of the cloud computing center through an agent and process the received data according to the configuration information, determining whether there are abnormal temperatures or humidity levels, fires, or water damage on-site. The results are then published via the MQTT protocol with the topic "warn / 0001". If the temperature exceeds the management platform's set value, the alarm value is "0x01"; if the smoke sensor detects smoke in the grain silo, the alarm value is "0x02"; if the humidity exceeds the management platform's set value, the alarm value is "0x04"; and if the water damage sensor is triggered, the alarm value is "0x08".

[0101] The edge gateway controller subscribes to messages with the topic "warn / 0001" on the edge computing node via MQTT and publishes them to the field control equipment. The field control equipment parses the received message. If the alarm value is "0x01", the voice control module announces "Temperature too high"; if the alarm value is "0x02", it announces "Fire alarm"; if the alarm value is "0x04", it announces "Humidity too high"; and if the alarm value is "0x08", it announces "Water level too high". This achieves real-time monitoring of the grain silo environment and alerts staff to perform on-site maintenance.

[0102] Furthermore, the agents on the edge computing nodes send subscribed MQTT messages to the cloud computing center via scheduled tasks and store them in the real-time database InfluxDB for graphical display by the Grafana data monitoring platform, facilitating real-time monitoring and analysis of the on-site situation by staff. Figure 8 The image shows the temperature and humidity curves of the grain warehouse displayed on the monitoring platform of the cloud computing center.

[0103] This invention provides an open software-defined edge computing platform architecture that enables intelligent business data-driven operation based on a streaming engine. It has extensive IoT device connectivity capabilities and enhanced security protection for industrial embedded real-time systems. Furthermore, it supports domestically produced key software and hardware platforms, eliminating dependence on foreign key software and hardware and reducing security risks.

[0104] Specific embodiments of the present invention have been described above. It should be understood that the present invention is not limited to the specific embodiments described above, and those skilled in the art can make various changes or modifications within the scope of the claims, which do not affect the essence of the present invention. Unless otherwise specified, the embodiments and features described in this application can be arbitrarily combined with each other.

Claims

1. A software-defined edge computing platform, characterized in that, include: Device layer, platform layer, and edge computing layer; The edge computing layer is located between the device layer and the platform layer. The edge computing layer connects to the devices in the device layer and interfaces with the platform layer. The edge computing layer includes a lightweight edge computing platform and a cloud-collaborative edge intelligent computing platform; the lightweight edge computing platform is used to build the platform's basic operating environment with an embedded real-time operating system, and the cloud-collaborative edge intelligent computing platform uses a general-purpose operating system to build the platform's basic operating environment. The lightweight edge computing platform directly encapsulates computing, network, and storage resources based on the operating system, integrates multiple industrial fieldbuses, real-time Ethernet, and message telemetry transmission support, and provides functions for edge-side data acquisition, local data storage, and cloud-side data upload. Locally, by loading and executing data models, the platform performs edge-side processing on the acquired data, providing real-time business functions such as real-time monitoring, early warning and prediction, and rapid location of potential faults. The lightweight edge computing platform is designed to extend security protection functions based on an embedded real-time operating system, including user hierarchical management, virtual encrypted partition storage, source and destination port mapping, and system audit traceability. The embedded real-time operating system used is the Ruihua Embedded Real-Time Operating System. The Ruihua Embedded Real-Time Operating System is adapted to the Loongson 2K1000 processor to form an edge computing gateway controller. The cloud-collaborative edge intelligent computing platform is based on the Galaxy Kylin operating system and adapted to the Phytium multi-core processor to form edge computing nodes.

2. The software-defined edge computing platform according to claim 1, characterized in that, The Ruihua Embedded Real-Time Operating System provides support for the following peripheral interfaces, file systems, and network protocol stacks: RS232 / RS485 serial port, CAN, Ethernet, USB, and SATA.

3. The software-defined edge computing platform according to claim 1, characterized in that, The Ruihua Embedded Real-Time Operating System provides support for industrial fieldbus protocols including Modbus, MQTT, EtherCAT, CANopen, OPC UA, and POWERLINK industrial network communication modules.

4. The software-defined edge computing platform according to claim 1, characterized in that, The cloud-collaborative edge intelligent computing platform is configured with a container runtime environment and a business flow engine on top of the operating system. It supports the encapsulation of resources into functional modules according to business requirements, and the combination and invocation of functional modules through model-driven business orchestration, thereby realizing the development and deployment of edge computing services.

5. The software-defined edge computing platform according to claim 1, characterized in that, It is adapted using the Phytium 64-core processor platform and configured with the Siyuan MLU270-S4 smart acceleration card.

6. A method for using a software-defined edge computing platform, characterized in that, The software-defined edge computing platform based on claim 5 includes the following steps: Step 1: Configure the business rules and RBSE data flow rules for field devices through the cloud management platform; Step 2: Enable the cloud to send configuration information to the edge computing nodes via the REST API interface; Step 3: Enable the edge computing node to read the business rules and RBSE data flow rules configured on the cloud management platform through the Agent; Step 4: Transmit field device data to the edge computing gateway controller via the MQTT protocol; Step 5: Enable the edge computing gateway controller to collect, clean, and transform data from field devices, and then publish the processed data via the MQTT protocol; Step 6: Enable edge computing nodes to subscribe to messages from the edge computing gateway controller via the MQTT protocol; Step 7: Enable edge computing nodes to perform Node-RED business processing on messages according to business rules and RBSE data flow rules, and then publish the processed messages via the MQTT protocol; at the same time, the edge computing nodes use Agent to periodically display the processed messages subscribed to by the cloud via the MQTT protocol for graphical display, so that users can monitor and analyze them on the cloud data monitoring platform; Step 8: Enable the edge computing gateway controller to subscribe to messages processed by the service via the MQTT protocol and publish them to the field devices to enable configuration and management of the field devices.

Images