Patent application title: CLOUD GATEWAY FOR INDUSTRIAL AUTOMATION INFORMATION AND CONTROL SYSTEMS
Douglas C. Lawson (Silverado, CA, US)
Douglas C. Lawson (Silverado, CA, US)
Douglas J. Reichard (Fairview Park, OH, US)
Douglas J. Reichard (Fairview Park, OH, US)
Joseph A. Harkulich (Willoughby, OH, US)
Rainer Hessmer (Rancho Santa Margarita, CA, US)
Sujeet Chand (Brookfield, WI, US)
Sujeet Chand (Brookfield, WI, US)
David W. Farchmin (Grafton, WI, US)
David W. Farchmin (Grafton, WI, US)
Michael John Pantaleano (Willoughby, OH, US)
Michael John Pantaleano (Willoughby, OH, US)
ROCKWELL AUTOMATION TECHNOLOGIES, INC.
IPC8 Class: AG06F1516FI
Class name: Electrical computers and digital processing systems: multicomputer data transferring remote data accessing
Publication date: 2013-08-15
Patent application number: 20130212214
A cloud gateway for coupling an industrial system to a cloud platform is
provided. The cloud gateway collects data from one or more industrial
controllers, meters, sensors, or other devices comprising an industrial
automation system. The cloud gateway optionally performs additional
transformations on the data to add context, summarize, filter, reformat,
and/or encrypt the data. The cloud gateway then sends data to a cloud
platform for use by one or more cloud-based applications or services. The
cloud gateway can facilitate cloud-based data collection from both
fixed-location and mobile industrial systems. The cloud gateway can also
support store-and-forward logic, allowing industrial data to be
temporarily stored in local storage in the event that communication
between the cloud gateway and the cloud platform is disrupted.
1. A cloud gateway device, comprising: a device interface component that
receives data from an industrial automation system; and a cloud interface
component that couples the cloud gateway device to a cloud platform and
sends the data to the cloud platform.
2. The cloud gateway device of claim 1, further comprising an encryption component that encrypts the data prior to sending the data to the cloud platform.
3. The cloud gateway device of claim 1, wherein the device interface component retrieves the data from one or more controller tags of an industrial controller associated with the industrial automation system.
4. The cloud gateway device of claim 3, wherein the one or more controller tags and a uniform resource locator (URL) of the cloud platform are defined in a configuration file associated with the cloud gateway device.
5. The cloud gateway device of claim 1, further comprising a transformation component that at least one of compresses, aggregates, filters, re-formats, or contextualizes the data to yield a set of refined data.
6. The cloud gateway device of claim 5, wherein the transformation component adds contextual metadata to the data prior to sending the data to the cloud platform, the contextual metadata including at least one of a date, a time, a shift, a production area, a product, a machine state, an employee identifier, a lot number, an active alarm, or a hierarchical organizational tag.
7. The cloud gateway device of claim 1, wherein the cloud interface component sends the data to the cloud platform at an upload frequency controlled by a cloud-based application from the cloud platform.
8. The cloud gateway device of claim 1, wherein the cloud interface component sends the data to the cloud platform via a wireless radio.
9. The cloud gateway device of claim 1, wherein the cloud gateway device comprises a firewall device that controls routing of data packets between different networks.
10. The cloud gateway device of claim 1, wherein the cloud gateway device comprises at least one of an industrial controller, a telemetry device, or a sensor.
11. The cloud gateway device of claim 1, further comprising: a communication diagnostic component that determines a status of a communication link between the cloud interface component and the cloud platform; and a storage control component that stores the data in local storage in response to a determination by the communication diagnostic component that the communication link is not operational.
12. The cloud gateway device of claim 4, wherein the configuration file further includes one or more communication parameters for the cloud gateway device.
13. The cloud gateway device of claim 12, wherein the cloud interface component downloads an updated version of the configuration file in response to a determination that the configuration file stored locally at the cloud gateway device is out of date.
14. A method for sending industrial data to a cloud platform, comprising: obtaining industrial data from one or more devices comprising an industrial system; and sending the industrial data to at least one of a cloud-based service or cloud-based application residing on a cloud platform.
15. The method of claim 14, further comprising encrypting the industrial data prior to the sending.
16. The method of claim 14, wherein the obtaining comprises retrieving the data from one or more controller tags of one or more industrial controllers.
17. The method of claim 14, further comprising at least one of compressing, aggregating, filtering, re-formatting, or contextualizing the industrial data prior to the sending.
18. The method of claim 14, further comprising appending contextual metadata to the industrial data prior to the sending, wherein the contextual metadata includes at least one of a date, a time, a shift, a production area, a product, a machine state, an employee identifier, a lot number, an active alarm, or a hierarchical organizational tag.
19. The method of claim 14, wherein the sending comprises sending the industrial data to at least one of the cloud-based service or the cloud-based application using a wireless radio link.
20. The method of claim 14, further comprising: detecting a loss of communication to the cloud platform; storing at least a subset of the industrial data in local storage in response to the detecting; and sending at least the subset of the industrial data to the cloud platform in response to detecting that communication to the cloud platform has been restored.
21. A computer-readable medium having stored thereon computer-executable instructions that, in response to execution, cause a computing system to perform operations, the operations including: collecting data from one or more industrial devices of an automation system; and sending the data to a designated cloud-based application residing on a cloud platform.
22. The computer-readable medium of claim 21, the operations further comprising: determining that a communication link to the cloud platform has been disrupted; in response to the determining, storing at least a subset of the data in local storage; and sending at least the subset of the data to the designated cloud-based application in response to determining that the communication link to the cloud platform has become operational.
 This application claims the benefit of U.S. Provisional Patent Application Ser. No. 61/587,531, filed on Feb. 9, 2012, and entitled "INDUSTRIAL AUTOMATION CLOUD COMPUTING SYSTEMS AND METHODS," and U.S. Provisional Patent Application Ser. No. 61/642,964, filed May 4, 2012, and entitled "CLOUD GATEWAY FOR INDUSTRIAL AUTOMATION INFORMATION." This application is also related to U.S. patent application Ser. No. 10/162,315, filed on Jun. 4, 2002 (which issued as U.S. Pat. No. 7,151,966 on Dec. 19, 2006), and entitled "SYSTEM AND METHODOLGY PROVIDING OPEN INTERFACE AND DISTRIBUTED PROCESSING IN AN INDUSTRIAL CONTROLLER ENVIRONMENT." The entireties of these applications are incorporated herein by reference.
 The subject application relates generally to industrial automation, and, more particularly, to systems and methods for gathering and sending industrial data to a cloud platform.
 Industrial controllers and their associated I/O devices are central to the operation of modern automation systems. These controllers interact with field devices on the plant floor to control automated processes relating to such objectives as product manufacture, material handling, batch processing, supervisory control, and other such applications. Industrial controllers store and execute user-defined control programs to effect decision-making in connection with the controlled process. Such programs can include, but are not limited to, ladder logic, sequential function charts, function block diagrams, structured text, or other such programming structures.
 Because of the large number of system variables that must be monitored and controlled in near real-time, industrial automation systems often generate vast amounts of near real-time data. In addition to production statistics, data relating to machine health, alarm statuses, operator feedback (e.g., manually entered reason codes associated with a downtime condition), electrical or mechanical load over time, and the like are often monitored, and in some cases recorded, on a continuous basis. This data is generated by the many industrial devices that can make up a given automation system, including the industrial controller and its associated I/O, telemetry devices for near real-time metering, motion control devices (e.g., drives for controlling the motors that make up a motion system), visualization applications, lot traceability systems (e.g., barcode tracking), etc. Moreover, since many industrial facilities operate on a 24-hour basis, their associated automation systems can generate a vast amount of potentially useful data at high rates. For an enterprise with multiple plant facilities, the amount of generated automation data further increases.
 The large quantity of data generated by modern automation systems makes it possible to apply a broad range of plant analytics to the automation systems and processes that make up an industrial enterprise or business. However, access to the industrial data is typically limited to applications and devices that share a common network with the industrial controllers that collect and generate the data. As such, plant personnel wishing to leverage the industrial data generated by their systems in another application (e.g., a reporting or analysis tool, notification system, visualization application, backup data storage, etc.) are required to maintain such applications on-site using local resources. Moreover, although a given industrial enterprise may comprise multiple plant facilities at geographically diverse locations (or multiple mobile systems having variable locations), the scope of such applications is limited only to data available on controllers residing on the same local network as the application.
 The above-described deficiencies of today's industrial control and business systems are merely intended to provide an overview of some of the problems of conventional systems, and are not intended to be exhaustive. Other problems with conventional systems and corresponding benefits of the various non-limiting embodiments described herein may become further apparent upon review of the following description.
 The following presents a simplified summary in order to provide a basic understanding of some aspects described herein. This summary is not an extensive overview nor is intended to identify key/critical elements or to delineate the scope of the various aspects described herein. Its sole purpose is to present some concepts in a simplified form as a prelude to the more detailed description that is presented later.
 One or more embodiments of the present disclosure relate to cloud gateway devices and services that can interface industrial systems with a cloud platform. To this end, a cloud gateway can collect industrial data generated by an industrial system, perform optional processing on the industrial data, and push the industrial data to a cloud platform for use by one or more cloud-based services or applications. The cloud gateway can include a device interface configured to receive data from one or more industrial devices (e.g., industrial controllers, telemetry devices, sensors, etc.) through a wired or wireless network connection or direct hardwired connection. The cloud gateway can also include a cloud interface that couples the gateway to a web-based cloud platform, allowing the gateway to exchange data with cloud-based applications and services, such as data processing tools, storage services, remote visualization applications, or other cloud-based services.
 In some embodiments, the cloud gateway can transform data collected from the industrial devices into a refined set of data prior to pushing the data to the cloud for storage, analysis, etc. For example, the cloud gateway can filter, prune, re-format, combine, summarize, or compress its data prior to moving the data to the cloud. One or more embodiments of the cloud gateway can also contextualize the industrial data prior to pushing the data to the cloud. This can include tagging the data with contextual metadata, such as a time, a quality indicator, a production area, a machine or process state, personnel identifiers, or other information that provides additional context for the data. The cloud gateway can push this appended contextual data to the cloud together with its associated industrial data, so that the contextualixed data can be leveraged by cloud-based analysis tools to facilitate meaningful analysis of the data.
 To the accomplishment of the foregoing and related ends, certain illustrative aspects are described herein in connection with the following description and the annexed drawings. These aspects are indicative of various ways which can be practiced, all of which are intended to be covered herein. Other advantages and novel features may become apparent from the following detailed description when considered in conjunction with the drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
 FIG. 1 is a high-level overview of an industrial enterprise that leverages cloud-based services.
 FIG. 2 is a block diagram of an exemplary cloud gateway for collecting industrial data and sending the industrial data to a cloud platform.
 FIG. 3 is a block diagram of an exemplary cloud gateway for receiving industrial data and pushing the data to a cloud platform for use by a cloud-based application.
 FIG. 4 illustrates an exemplary configuration file for configuring a cloud gateway.
 FIG. 5 is a high-level overview of a cloud gateway application used to periodically upload data from a controller to one or more cloud applications.
 FIG. 6 is a block diagram of an exemplary cloud gateway configuration for sending data from a mobile control and/or monitoring system to a cloud platform.
 FIG. 7 is an exemplary high-level architecture in which a mobilized cloud gateway service renders system data from a mobile control and/or monitoring system available to client devices via a cloud platform.
 FIG. 8 illustrates a system configuration in which a firewall box serves as a cloud gateway for a set of industrial devices.
 FIG. 9 illustrates an exemplary network architecture that includes a firewall box having cloud gateway functionality.
 FIG. 10 illustrates a configuration in which an industrial device acts as a cloud gateway for other industrial devices comprising an automation system.
 FIG. 11 illustrates an exemplary cloud gateway configured to transform industrial data prior to delivery to a cloud platform.
 FIG. 12 illustrates an exemplary context component for transforming raw industrial data into contextualized data.
 FIG. 13 is a block diagram of an exemplary cloud gateway that supports store-and-forward capability.
 FIG. 14 is a flowchart of an example methodology for sending industrial data to a cloud platform.
 FIG. 15 is a flowchart of an example methodology for dynamically controlling an upload frequency of a cloud gateway.
 FIG. 16 is a flowchart of an example methodology for implementing store-and-forward functionality in a cloud gateway.
 FIG. 17 is an example computing environment.
 FIG. 18 is an example networking environment.
 The subject disclosure is now described with reference to the drawings, wherein like reference numerals are used to refer to like elements throughout. In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding thereof. It may be evident, however, that the subject disclosure can be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form in order to facilitate a description thereof.
 As used in this application, the terms "component," "system," "platform," "layer," "controller," "terminal," "station," "node," "interface" are intended to refer to a computer-related entity or an entity related to, or that is part of, an operational apparatus with one or more specific functionalities, wherein such entities can be either hardware, a combination of hardware and software, software, or software in execution. For example, a component can be, but is not limited to being, a process running on a processor, a hard disk drive, multiple storage drives (of optical or magnetic storage medium) including affixed (e.g., screwed or bolted) or removably affixed solid-state storage drives; an object; an executable; a thread of execution; a computer-executable program, and/or a computer. By way of illustration, both an application running on a server and the server can be a component. One or more components can reside within a process and/or thread of execution, and a component can be localized on one computer and/or distributed between two or more computers. Also, components as described herein can execute from various computer readable storage media having various data structures stored thereon. The components may communicate via local and/or remote processes such as in accordance with a signal having one or more data packets (e.g., data from one component interacting with another component in a local system, distributed system, and/or across a network such as the Internet with other systems via the signal). As another example, a component can be an apparatus with specific functionality provided by mechanical parts operated by electric or electronic circuitry which is operated by a software or a firmware application executed by a processor, wherein the processor can be internal or external to the apparatus and executes at least a part of the software or firmware application. As yet another example, a component can be an apparatus that provides specific functionality through electronic components without mechanical parts, the electronic components can include a processor therein to execute software or firmware that provides at least in part the functionality of the electronic components. As further yet another example, interface(s) can include input/output (I/O) components as well as associated processor, application, or Application Programming Interface (API) components. While the foregoing examples are directed to aspects of a component, the exemplified aspects or features also apply to a system, platform, interface, layer, controller, terminal, and the like.
 As used herein, the terms "to infer" and "inference" refer generally to the process of reasoning about or inferring states of the system, environment, and/or user from a set of observations as captured via events and/or data. Inference can be employed to identify a specific context or action, or can generate a probability distribution over states, for example. The inference can be probabilistic--that is, the computation of a probability distribution over states of interest based on a consideration of data and events. Inference can also refer to techniques employed for composing higher-level events from a set of events and/or data. Such inference results in the construction of new events or actions from a set of observed events and/or stored event data, whether or not the events are correlated in close temporal proximity, and whether the events and data come from one or several event and data sources.
 In addition, the term "or" is intended to mean an inclusive "or" rather than an exclusive "or." That is, unless specified otherwise, or clear from the context, the phrase "X employs A or B" is intended to mean any of the natural inclusive permutations. That is, the phrase "X employs A or B" is satisfied by any of the following instances: X employs A; X employs B; or X employs both A and B. In addition, the articles "a" and "an" as used in this application and the appended claims should generally be construed to mean "one or more" unless specified otherwise or clear from the context to be directed to a singular form.
 Furthermore, the term "set" as employed herein excludes the empty set; e.g., the set with no elements therein. Thus, a "set" in the subject disclosure includes one or more elements or entities. As an illustration, a set of controllers includes one or more controllers; a set of data resources includes one or more data resources; etc. Likewise, the term "group" as utilized herein refers to a collection of one or more entities; e.g., a group of nodes refers to one or more nodes.
 Various aspects or features will be presented in terms of systems that may include a number of devices, components, modules, and the like. It is to be understood and appreciated that the various systems may include additional devices, components, modules, etc. and/or may not include all of the devices, components, modules etc. discussed in connection with the figures. A combination of these approaches also can be used.
 To provide a general context for the cloud gateway devices and services described herein, FIG. 1 illustrates a high-level overview of an industrial enterprise that leverages cloud-based services. The enterprise comprises one or more industrial facilities 104, each having a number of industrial devices 108 and 110 in use. The industrial devices 108 and 110 can make up one or more automation systems operating within the respective facilities 104. Exemplary automation systems can include, but are not limited to, batch control systems (e.g., mixing systems), continuous control systems (e.g., PID control systems), or discrete control systems. Industrial devices 108 and 110 can include such devices as industrial controllers (e.g., programmable logic controllers or other types of programmable automation controllers); field devices such as sensors and meters; motor drives; human-machine interfaces (HMIs); industrial robots, barcode markers and readers; vision system devices (e.g., vision cameras); smart welders; or other such industrial devices.
 Exemplary automation systems can include one or more industrial controllers that facilitate monitoring and control of their respective processes. The controllers exchange data with the field devices using native hardwired I/O or via a plant network such as Ethernet/IP, Data Highway Plus, ControlNet, Devicenet, or the like. A given controller typically receives any combination of digital or analog signals from the field devices indicating a current state of the devices and their associated processes (e.g., temperature, position, part presence or absence, fluid level, etc.), and executes a user-defined control program that performs automated decision-making for the controlled processes based on the received signals. The controller then outputs appropriate digital and/or analog control signaling to the field devices in accordance with the decisions made by the control program. These outputs can include device actuation signals, temperature or position control signals, operational commands to a machining or material handling robot, mixer control signals, motion control signals, and the like. The control program can comprise any suitable type of code used to process input signals read into the controller and to control output signals generated by the controller, including but not limited to ladder logic, sequential function charts, function block diagrams, structured text, or other such platforms.
 Although the exemplary overview illustrated in FIG. 1 depicts the industrial devices 108 and 110 as residing in fixed-location industrial facilities 104, the industrial devices may also be part of a mobile control and/or monitoring application, such as a system contained in a truck or other service vehicle.
 According to one or more embodiments of this disclosure, industrial devices 108 and 110 can be coupled to a cloud platform 102 to leverage cloud-based applications. That is, the industrial device 108 and 110 can be configured to discover and interact with cloud-based computing services 112 hosted by cloud platform 102. Cloud platform 102 can be any infrastructure that allows shared computing services 112 to be accessed and utilized by cloud-capable devices. Cloud platform 102 can be a public cloud accessible via the Internet by devices having Internet connectivity and appropriate authorizations to utilize the services 112. In some scenarios, cloud platform 102 can be provided by a cloud provider as a platform-as-a-service (PaaS), and the services 112 can reside and execute on the cloud platform 102 as a cloud-based service. In some such configurations, access to the cloud platform 102 and associated services 112 can be provided to customers as a subscription service by an owner of the services 112. Alternatively, cloud platform 102 can be a private cloud operated internally by the enterprise. An exemplary private cloud platform can comprise a set of servers hosting the cloud services 112 and residing on a corporate network protected by a firewall.
 Cloud services 112 can include, but are not limited to, data storage, data analysis, control applications (e.g., applications that can generate and deliver control instructions to industrial devices 108 and 110 based on analysis of near real-time system data or other factors), visualization applications such as cloud-based HMIs, reporting applications, Enterprise Resource Planning (ERP) applications, notification services, or other such applications. If cloud platform 102 is a web-based cloud, industrial devices 108 and 110 at the respective industrial facilities 104 may interact with cloud services 112 via the Internet. In an exemplary configuration, industrial devices 108 and 110 may access the cloud services 112 through separate cloud gateways 106 at the respective industrial facilities 104, where the industrial devices 108 and 110 connect to the cloud gateways 106 through a physical or wireless local area network or radio link. In another exemplary configuration, the industrial devices 108 and 110 may access the cloud platform directly using an integrated cloud gateway service, as will be described in more detail herein.
 Providing industrial devices with cloud capability via cloud gateways 106 can offer a number of advantages particular to industrial automation. For one, cloud-based storage offered by the cloud platform 102 can be easily scaled to accommodate the large quantities of data generated daily by an industrial enterprise. Moreover, multiple industrial facilities at different geographical locations can migrate their respective automation data to the cloud platform 102 for aggregation, collation, collective analysis, and enterprise-level reporting without the need to establish a private network between the facilities. Industrial devices 108 and 110 and/or cloud gateways 106 having smart configuration capability can be configured to automatically detect and communicate with the cloud platform 102 upon installation at any facility, simplifying integration with existing cloud-based data storage, analysis, or reporting applications used by the enterprise. In another exemplary application, cloud-based diagnostic applications can access the industrial devices 108 and 110 via cloud gateways 106 to monitor the health of respective automation systems or their associated industrial devices across an entire plant, or across multiple industrial facilities that make up an enterprise. In another example, cloud-based lot control applications can be used to track a unit of product through its stages of production and collect production data for each unit as it passes through each stage (e.g., barcode identifier, production statistics for each stage of production, quality test data, abnormal flags, etc.). These industrial cloud-computing applications are only intended to be exemplary, and the systems and methods described herein are not limited to these particular applications. As these examples demonstrate, the cloud platform 102, working with cloud gateways 106, can allow builders of industrial applications to provide scalable solutions as a service, removing the burden of maintenance, upgrading, and backup of the underlying infrastructure and framework.
 FIG. 2 is a block diagram of an exemplary cloud gateway that can be used to collect industrial data and send the industrial data to a cloud platform. Aspects of the systems, apparatuses, or processes explained in this disclosure can constitute machine-executable components embodied within machine(s), e.g., embodied in one or more computer-readable mediums (or media) associated with one or more machines. Such components, when executed by one or more machines, e.g., computer(s), computing device(s), automation device(s), virtual machine(s), etc., can cause the machine(s) to perform the operations described.
 Cloud gateway 202 can include a cloud interface component 204, a device interface component 206, a transformation component 208, an encryption component 210, one or more processors 212, and memory 214. In various embodiments, one or more of the cloud interface component 204, device interface component 206, transformation component 208, encryption component 210, the one or more processors 212, and memory 214 can be electrically and/or communicatively coupled to one another to perform one or more of the functions of the cloud gateway 202. In some embodiments, components 204, 206, 208, and 210 can comprise software instructions stored on memory 214 and executed by processor(s) 212. The cloud gateway 202 may also interact with other hardware and/or software components not depicted in FIG. 2. For example, processor(s) 212 may interact with one or more external user interface devices, such as a keyboard, a mouse, a display monitor, a touchscreen, or other such interface devices.
 Cloud interface component 204 can be configured to couple the cloud gateway 102 to a web-based or private cloud platform and exchange data with the cloud platform. Device interface component 206 can be configured to couple the cloud gateway 102 to one or more devices comprising a user's control system (e.g., an industrial controller, meter, sensor, etc.) and exchange data therewith. The data collected by the device interface component 206, and the destination cloud platform to which the data is sent by the cloud interface component 204, can be configured using a local configuration file associated with the cloud gateway 202, as will be described in more detail below.
 Transformation component 208 can be configured to transform received industrial data prior to uploading the data to the cloud platform. In some embodiments, the transformation component 208 can contextualize, filter, re-format, combine, summarize, or compress the industrial data to better suit the requirements of the cloud application or to make more efficient use of cloud resources (e.g., bandwidth, storage, etc.). Encryption component 210 can be configured to encrypt the industrial data prior to sending the data to the cloud platform. The one or more processors 212 can perform one or more of the functions described herein with reference to the systems and/or methods disclosed. Memory 214 can be a computer-readable storage medium storing computer-executable instructions and/or information for performing the functions described herein with reference to the systems and/or methods disclosed.
 FIG. 3 illustrates an exemplary cloud gateway capable of receiving industrial data from one or more industrial control systems and pushing the data to a cloud platform for use by a cloud-based application. Device interface component 306 can receive industrial data 304 from one or more industrial devices comprising an industrial automation system. In one or more embodiments, the cloud gateway 302 can reside on the same local area or wireless network as the industrial devices, and retrieve the industrial data 304 over the network. In other embodiments, the cloud gateway 302 can be integrated with an industrial device and run as a service on the device, such that the device interface component 306 retrieves the industrial data 304 from the device locally (e.g., from a data tag or register at the industrial device).
 The device interface component 306 can determine which subset of available data is to be retrieved by reading a configuration file associated with the cloud gateway 302. An exemplary configuration file for a cloud gateway is now described with reference to FIG. 4. The gateway configuration file 402 resides locally on its associated cloud gateway, and instructs the cloud gateway as to which data should be collected and sent to the cloud platform, a destination cloud platform for the data, and other such configuration information. Gateway configuration file 402 comprises a number of configurable data fields 404 that allow a user to easily configure the parameters of the cloud gateway. The exemplary gateway configuration file 402 illustrated in FIG. 4 includes fields for the System ID, the Controller ID, one or more controller tags, a cloud URL (uniform resource locator), and a maximum local storage, where the values of the respective fields can be set by the user. It is to be appreciated that the fields illustrated in FIG. 4 are only intended to be exemplary, and that the gateway configuration file 402 may include any suitable set of configuration fields without departing from the scope of this disclosure.
 The System ID field can be an identifier of the control system for which the data is to be collected. For example, the System ID can identify a production area, a machine, an assembly line, or other system designation. In another example, the cloud gateway may be used to collect data from a mobile control and/or monitoring system residing on a truck (e.g., a system health monitoring system on a cargo or service vehicle), and the System ID can be a truck identifier. In this way, data from multiple trucks comprising a fleet can be collected using respective cloud gateways on board each truck, and the source of the data can be identified by the cloud application by each cloud gateway's System ID. The System ID field (or a separate field) can also be used to define a communication plug-in that the gateway will use (e.g., Common Industrial Protocol, Modbus, OPC DA/HAD, database, etc.)
 The Controller ID field can identify an industrial controller from which the data is to be collected (e.g., a controller associated with the control system identified by the System ID field), and the Controller Tag fields can identify the particular controller tags holding the data. These can include both discrete controller tags containing digital data values as well as analog tags containing integer or real data values. The Cloud URL field can identify the address of the cloud platform to which the data will be sent. The maximum local storage field can be used to configure a maximum amount of local gateway storage space that is to be used for local data storage when communication to the cloud platform has been lost, as will be described in more detail below.
 Configuration file 402 can also include communication parameters defining collection and transmission intervals, store-and-forward preferences, and other such configuration information. For, example, configuration file 402 may define an upload interval, a data collection interval, a number of messages per packet, an inactivity timeout duration, a maximum number of uploads per minute, etc.
 In some embodiments, the gateway configuration file 402 can be updated remotely from the cloud platform. In such embodiments, the cloud platform can maintain a most recent version of a configuration file that can be distributed to appropriate gateway devices that do not have local versions of the configuration file. For example, when a cloud gateway initially connects to the cloud platform, a version comparison is made between the gateway's local configuration data and the most recent configuration data maintained on the cloud platform to determine whether the configuration data at the cloud gateway is out of data (e.g., based on a comparison of time/date stamps associated with the respective configuration files, a comparison of version numbers, etc.) This comparison can be made at either the cloud platform or locally at the gateway. If this comparison determines that the gateway holds an older version of the configuration data, the most recent configuration data can be downloaded from the cloud platform to the cloud gateway.
 Returning now to FIG. 3, device interface component 306 collects the industrial data 304 from the controller tags identified in the cloud gateway's configuration file (e.g., configuration file 402 of FIG. 4). For example, the device interface component can periodically poll the identified controller tags over the network and retrieve the data stored therein. In some embodiments, the device interface component 306 may also monitor the specified controller tags on a continuous basis. If the industrial data is to be sent to the cloud platform without performing additional transformation or encryption on the data, the device interface component 306 can pass the data to the cloud interface component 318, which pushes the data to the cloud platform (e.g., the cloud platform identified by the configuration file) as cloud data 320.
 In one or more embodiments, the cloud interface component 318 can send the data to the cloud platform according to communication parameters defined in the gateway's configuration file. Alternatively, the gateway's upload frequency can be set by the cloud application to which the cloud data 320 is being sent. For example, an administrator of the cloud-based application can define an upload frequency, an upload interval, a number of messages per packet, an inactivity timeout, a maximum number of uploads per minute, etc., and the cloud application can provide a corresponding instruction to the cloud gateway 302 (via cloud interface component 318) configuring the communication parameters accordingly. Alternatively or in addition, the cloud-based application may dynamically select a suitable upload frequency for the cloud gateway 302 during operation. For example, in order to control costs associated with cloud resource usage, an administrator of the cloud-based application may configure a maximum total bandwidth usage for the cloud-based application, such that the total instantaneous bandwidth usage for data traffic between the cloud gateway 302 and the cloud platform is not to exceed the configured maximum bandwidth. In such embodiments, the cloud-based application can monitor the total bandwidth utilization substantially in real-time, and dynamically reduce the upload frequency of the cloud gateway 302 in response to a determination that the total bandwidth usage is approaching the defined maximum bandwidth. In another example, an administrator can configure a limit on the total amount of cloud storage to be used for historical data collection. Accordingly, if the cloud-based application determines that this storage limit is being approached, the cloud-based application can send an instruction to the cloud gateway 302 to reduce its upload frequency, thereby slowing the consumption of cloud storage resources. For systems comprising multiple cloud gateways, the cloud-based application can select which cloud gateways are to be adjusted based on respective criticalities of the control systems associated with the cloud gateways. For example, the cloud-based application can maintain individual cloud gateway profiles defining relative priorities of the industrial systems associated with each cloud gateway 302, and can leverage this information in connection with determining which cloud gateways are to be selected for reduced upload frequency in the event that one or more cloud resources are being used at an excessive rate.
 In addition to periodic data upload, cloud gateway 302 may be configured to send some or all of its data to the cloud in response to detection of a defined event. To this end, a trigger condition can be defined for one or more data tags collected by the cloud gateway 302, such that the data contained in those tags will only be uploaded to the cloud platform in response to occurrence of the trigger condition. For example, it may be beneficial to collect data relating to a particular machine or process during an alarm event, so that a root cause of the alarm event can be determined based on analysis of the data. Accordingly, the alarm event of interest can be configured as the trigger event, and a selected subset of data tags accessible by the gateway can be associated with this trigger event. When the cloud gateway 302 detects occurrence of the alarm event (e.g., by detecting that a digital alarm tag has transitioned to an ON state), cloud gateway 302 can begin uploading data values for the selected subset of data tags to the cloud platform at a predefined frequency. When the alarm event (or other trigger event) is no longer true, cloud platform 302 may end transmission of the data tags to the cloud platform, or may continue to upload values of the data tags for a defined period of time after the alarm event has ended before ceasing transmission of the data.
 In one or more embodiments, cloud gateway 302 can optionally include one or both of a transformation component 310 and an encryption component 314. The cloud gateway 302 can leverage these components to perform additional transformations on the industrial data prior to uploading to the cloud platform. For example, rather than sending the data directly to the cloud interface component 318 for delivery to the cloud platform, the device interface component 306 can first pass the industrial data as raw data 308 to transformation component 310. The transformation component 310 can be configured to transform the raw data 308 into transformed data 312 in accordance with one or more of a determined requirement of the cloud platform or the cloud application, a user-defined transform profile instructing how the data is to be transformed prior to being pushed to the cloud, or other transformation criteria. For example, the transformation component 310 can transform the raw data 308 to a format that consumes fewer cloud resources, thereby reducing costs and latency associated with such cloud-based applications. This can entail one or more of filtering, pruning, re-formatting, aggregating, summarizing, or compressing the raw data 308 to yield refined data 312. Additionally or alternatively, transformation component 310 can append contextual metadata to the raw data 308, thereby providing the cloud-based services with useful context information for the industrial data. Context metadata can include, but is not limited to, a time/date stamp, a quality value, a location associated with the data (e.g., a geographical location, a production area, etc.), machine statuses at the time the data was generated, or other such contextual information. In one or more embodiments, the transformation component 310 can modify the raw data 308 based on an explicit or inferred requirement of the cloud application, user-defined transform profiles instructing how various categories of raw data are to be transformed prior to being pushed to the cloud, and/or contextual metadata that provides context for the industrial data.
 Cloud gateway 302 may also include an encryption component 314 configured to apply an encryption algorithm to either the raw data 308 or the transformed data 312 prior to uploading the data to the cloud platform as cloud data 320, thereby protecting the industrial data against viewing by unauthorized third-parties. Thus, the cloud data 320 may comprise the industrial data 304 in raw form, or data that has been transformed and/or encrypted by the transformation component 310 and/or encryption component 314, respectively.
 FIG. 5 illustrates a high level architecture of a cloud gateway application that can be used to upload data from a controller to a cloud application. The major layers are the generic Internet 502, the cloud platform 506, and the industrial equipment 508 comprising an industrial system. Industrial equipment 508 can be, for example, an industrial system comprising a number of industrial devices 5121-512N being monitored and/or controlled by an industrial controller 510. Industrial equipment 508 can also comprise higher level systems, such as on-premise data historians (including site-level historians or machine-level historians), supervisory control systems, batch systems, business intelligence systems, or other business-level or enterprise-level systems. Industrial equipment 508 can have a fixed location (e.g., an industrial facility), or can be a mobile system (e.g., a control and/or monitoring system loaded on a service or cargo vehicle). A cloud gateway 504 (similar to cloud gateway 302 of FIG. 3) can be used to periodically or continuously upload data from the controller 510 to one or more cloud applications on cloud platform 506, such as a cloud-based operator interface system, cloud-side storage, cloud-side processing services, or other cloud-based services.
 In an exemplary scenario, cloud platform 506 can comprise a set of cloud resources provisioned to a provider of cloud services 514 as a platform-as-a-service (Paas), and the cloud services 514 can reside and execute on the cloud platform 506 as cloud-based services. Cloud applications can be built on the cloud platform 506 and made available to end users (e.g., as a subscription service). In one or more embodiments, the cloud platform 506 can be compatible with data models that are developed for enhanced manufacturing intelligence (EMI) software. Such applications can collect data from a customer's industrial system and correlate the data for the purpose of generating reports, creating custom visualizations, archiving the data, performing system analyses, or other functions. The cloud services 514 can support federated security, which provides secured access to the cloud services 514 from smart devices, such as phones and tablet computers.
 The cloud gateway 504 can gather data from controller 510 or other industrial equipment, and push the data to the cloud applications on cloud platform 506. The cloud gateway 504 can be a stand-alone device, such as a computer running cloud gateway services and sharing a network with the controller 510. Alternatively, the cloud gateway 504 can be embedded in the controller 510 or other piece of industrial equipment as a gateway service. In some embodiments, the cloud gateway 504 may also be integrated within a network interface device, such as a hub, switch, router, or firewall box, residing on a common network with controller 510. The cloud gateway 504 can include a service responsible for pushing controller data from the controller 510 into cloud-based storage on cloud platform 506 via web services exposed by one or more cloud applications. One or more embodiments of the cloud gateway 504 can also support store-and-forward logic that causes controller data to be temporarily stored locally on the cloud gateway 504 in the event that communication between the gateway 504 and the cloud platform 506 is disrupted, as will be described in more detail below. Any suitable communication technology can be used to facilitate communication between the cloud gateway 504 and the cloud platform 506, including but not limited to wireless radio (e.g., 3G, 4G, etc.).
 In addition to sending controller data to cloud-based applications on cloud platform 506, the cloud gateway 504 can also receive configuration instructions from the cloud-based applications. For example, a cloud-based application can send an instruction informing the cloud gateway 504 how frequently data should be uploaded to the cloud-based application (e.g., every minute, every 15 minutes, etc.). The cloud gateway 504 can also be configured locally using a stored configuration file (e.g., configuration file 402 of FIG. 4) that holds such information as a system identifier (e.g., identification of the industrial system monitored by the cloud gateway 504), a controller identifier of controller 510, a list of controller tags whose values are to be read by the gateway 504 and uploaded to the cloud-based application, a uniform resource locator (URL) of the cloud platform 506, a maximum amount of data to store locally at the cloud gateway 504 in the event of communication loss between the cloud gateway 504 and the cloud platform 506, or other such configuration information.
 As noted above, in addition to being used to collect data from fixed-location industrial systems, the cloud gateway described herein can be used to collect industrial data from mobile industrial systems, such as control and/or monitoring systems embedded in a truck or other service vehicle. FIG. 6 illustrates an exemplary cloud gateway configuration that can be used to send data from such mobile systems to a cloud platform. In the present example, it will be assumed that data is to be collected from a machine health monitoring system running on board a truck. However, it is to be understood that the systems and methods described are applicable for collecting data from any mobile control and/or monitoring system and sending the data to a cloud-platform.
 Customer Equipment (e.g., industrial equipment 508 of FIG. 5) loaded on a truck can have associated therewith a local computer 602 running a cloud gateway service 610. Local computer 602 may be a ruggedized computer having a reinforced casing designed to withstand the vibration and turbulence that can be experienced during travel on-board the truck. Cloud gateway service 610 can perform similar functions to those of the cloud gateway 202, 302, and 504 of FIGS. 2, 3, and 5. Communication services 612, also running on local computer 602, can facilitate communication with controller 614, which is used to monitor and/or control the on-hoard machine health system. The local computer 602 can also optionally include a local human-machine interface (HMI) 608 for local visualization of controller data at the truck.
 In one or more embodiments, the cloud gateway service 610 can be a service (e.g., a Windows service) that runs on local computer 602 on-board the truck. The cloud gateway service 610 is responsible for pushing local controller data from controller 614 to cloud platform 606 via the web services exposed by a cloud application. The cloud gateway service 610 can also support store-and-forward logic used when the connection between the truck and the cloud platform 606 is temporarily interrupted. In some embodiments, the data collected by the cloud gateway service 610 can be pushed to the cloud via a wireless radio 604 on-board the truck (e.g., 3G wireless radio).
 In one or more embodiments, the cloud gateway service 610 can periodically read data from the controller 614 and a global positioning system (GPS) location provider (not shown) on-board the truck and send both the controller data and the GPS data to the cloud application residing on cloud platform 806. The cloud gateway service 610 can also receive information from a cloud application residing on cloud platform 606 to dynamically adjust the communication parameters, such as data collection and upload frequency, store-and-forward parameters, etc.
 The upload frequency (e.g., slow poll mode versus fast poll mode) can be controlled by the cloud application executing on the cloud platform 606 on a per truck basis. For example, an object representing a given truck in the cloud application may have a property indicating the communication parameters for the given truck's cloud gateway. The cloud gateway service 610 can ping the cloud platform 606 at a pre-defined frequency (e.g., once per minute) to upload the controller data and/or to check for a change in the upload mode (fast poll mode versus slow poll mode). Similar to examples described above in connection with FIGS. 3 and 4, the cloud gateway service 610 can be configured locally using a configuration file having fields for the Truck ID, Controller ID, the controller tags whose values are to be read from the controller 614 and uploaded to the cloud platform 606, the URL of the cloud platform or cloud application to which the data is to be sent, and a maximum amount of data to store locally in case of a faulty network connection (in connection with store-and-forward logic).
 FIG. 7 illustrates an exemplary high-level architecture in which the mobilized cloud gateway service described above in connection with FIG. 6 is used to make system data from a mobile control and/or monitoring system available to client devices via a cloud platform. Similar to the cloud gateway computer of FIG. 6, local computer 712 (e.g., a ruggedized computer) executes communication services 718 to exchange data with controller 720 associated with a control and/or monitoring system on-board a truck or other service vehicle. Local computer 712 can also execute cloud gateway service 716 which pushes local controller data from controller 720 to cloud platform 706 via web services exposed by a cloud application 708 running on the cloud platform 706. Although not shown, some embodiments of the cloud gateway service 716 may push the controller data to the cloud platform via a wireless radio (e.g., 3G, 4G, etc.) on-board the truck (e.g., radio 604 of FIG. 6). Local computer 712 may optionally include a local HMI 714 for local monitoring of the controller data.
 Cloud-based application 708 running on the cloud platform 706 can receive the controller data 720 sent by the cloud gateway service 716, and utilize the data according to the functionality of the particular application. For example, cloud-based application 708 may be a cloud-based operator interface application (e.g., a cloud-based HMI system) that serves operator interface screens to authorized client devices 704 over a generic internet layer 702, and renders selected subsets of the controller data on the operator interface screens. Thus, the cloud gateway service 716 facilitates remote monitoring of the mobile control/monitoring system on-board the truck by publishing the controller data to the cloud-based application 708, where the data can be retrieved by client devices 704 over the Internet. In another exemplary scenario, cloud-based application 708 may be a cloud-based notification system that monitors the controller data provided by cloud gateway service 716, and issues notifications to pre-designated client devices 704 in response to detection of a pre-defined notification trigger condition (e.g., a particular system value exceeding a setpoint, an alarm condition, etc.). Cloud-based application 708 may also store some or all of the controller data provided by the cloud gateway service 716 on cloud storage 710 for archival purposes. It is to be appreciated that cloud-based application 708 is not limited to the exemplary types of applications described herein, but rather can be any suitable application that receives industrial data from a stationary or mobile system and provides information to remote client devices as a function of this industrial data.
 One or more embodiments of cloud gateway services 716 can also support remote auto-updating, wherein updates to the gateway services 716 can be received from the cloud platform and automatically implemented. In such embodiments, updates to the services (e.g., bug fixes) can be broadcast to multiple gateways from the cloud platform and implemented substantially invisibly to the end user.
 While previous examples have described the cloud gateway as a stand-alone device or a service running on a conventional computer (e.g., the mobilized computer of FIGS. 6 and 7), cloud gateway functionality can be embodied in other types of devices according to one or more embodiments of this disclosure. For example, FIG. 8 illustrates an embodiment in which a firewall box 812 serves as a cloud gateway for a set of industrial devices 8061-806N. Firewall box 812 can act as a network infrastructure device that allows plant network 816 to access an outside network such as the Internet, while also providing firewall protection that prevents unauthorized access to the plant network 812 from the Internet. That is, firewall box 812 can manage transfer of data packets between the plant network 816 and the Internet to facilitate secure access to outside networks by devices on the plant network 816. In addition to these firewall functions, the firewall box 812 can include a cloud interface component 808 (similar to cloud interface components 204 and 318 of FIGS. 2 and 3, respectively) that interfaces the firewall box 812 with one or more cloud-based applications on a cloud platform. In this exemplary embodiment, the firewall box 812 can collect industrial data 814 from industrial devices 8061-806N, which monitor and control respective portions of controlled process(es) 802. Firewall box 812 can also optionally include a transformation component 810 (similar to transformation components 208 and 310 of FIGS. 2 and 3, respectively), which applies suitable transformations to the gathered industrial data 814 prior to pushing the data to the cloud platform as refined data 804. As described in previous examples, these transformations can include, but are not limited to, compression, truncation, summarization, filtering, aggregation, addition of contextual metadata, or other such transformations in accordance with user-defined or cloud-defined requirements. Firewall box 812 may also optionally include an encryption component 818 (similar to encryption components 210 and 314 of FIGS. 2 and 3, respectively) configured to encrypt the industrial data 814 using any suitable encryption method. Thus, the firewall box 812 depicted in FIG. 8 can allow industrial devices 8061-806N to interact with the cloud platform without directly exposing the industrial devices to the Internet.
 In one or more embodiments, the cloud interface component 808 can also receive data from the cloud platform, and route this data to one or more of the industrial devices 8061-806N. For example, a cloud-based service may be an enterprise resource management (ERP) system that analyzes production data in view of one or more defined business goals, and generates production schedule information based on the analysis. Accordingly, firewall box 812 can receive the required production data from industrial devices 8061-806N as industrial data 814, optionally transform and/or encrypt the production data using transformation component 810 and/or encryption component 818, and provide the production data to the cloud-based ERP system as refined data 804. In response, the cloud-based ERP system can analyze the production data and generate updated production schedule information designed to ensure that one or more defined business goals are met (e.g., fulfill a given customer order, maintain total plant energy usage below a defined peak demand, etc.). The cloud-based ERP system can provide this scheduling information to the firewall box 812 (via cloud interface component 808), which can then route the scheduling information to the appropriate industrial devices 8061-806N.
 FIG. 9 illustrates an exemplary network architecture that includes a firewall box having cloud gateway functionality. In this example, an industrial enterprise includes both a plant network 920 and business network 922. Plant network 920 communicatively connects one or more industrial systems 906 (e.g., automation systems, batch processing systems, vision systems, lot traceability systems, etc.) on the plant floor. Plant network 920 can facilitate communication between the industrial systems using any suitable network technology or protocol, including, but not limited to, Ethernet, Ethernet/IP, DeviceNet, ControlNet, Data Highway and Data Highway Plus (DH/DH+), Remote I/O, Fieldbus, Modbus, Profibus, wireless networks, or serial protocols. On the business level of the enterprise, business network 922 interconnects one or more office systems 918 using a suitable office network protocol (e.g., TCP/IP over Ethernet). For example, business network 922 can be an office network that interconnects employee desktop or laptop computers to an office server, printing devices, or other office equipment.
 In the present example, both the plant network 920 and the business network 922 can access the Internet through firewall box 910, which manages access to outside networks while protecting both the plant network 920 and business network 922 from unauthorized access from outside entities. The firewall box 910 can also route data packets between the plant network 920 and the business network 922 (e.g., CIP data packets 914 from the plant network 920 and TCP/IP data packets 916 from the business network 922). In addition to these routing and firewall protection capabilities, firewall box 910 can include a cloud gateway service 912 that performs functionality similar to the cloud gateways and gateway services described above (e.g., cloud gateways 202, 302, and 504, and cloud gateway services 610 and 716). For example, the cloud gateway service 912 running on firewall box 910 can retrieve selected industrial data from industrial systems 906 over plant network 920, and send the industrial data as cloud data 908 to cloud platform 902, as described in previous examples, thereby allowing the data to be utilized by one or more cloud services 904 running on the cloud platform 902 (similar to cloud services 112 of FIG. 1, or cloud-based application 708 of FIG. 7). Similar to the embodiments described in connection with FIGS. 3 and 4, the cloud gateway service 912 on firewall box 910 can perform encryption and/or transformation functionality on the industrial data prior to sending the data to the cloud platform 902. The cloud gateway service 912 can be configured using a configuration file stored on the firewall box 910, similar to configuration file 402 of FIG. 4.
 Once the industrial data is provided to the cloud platform 902, the data (or data generated by the cloud services 904 as a function of the industrial data) can be accessed by authorized Internet-capable client devices (e.g., client devices 516 or 704 of FIGS. 5 and 7, respectively). The data on cloud platform 902 can also be accessed by authorized devices on the business network 922 (e.g., desktop, laptop, or tablet computers; mobile phones connected to the business network over a local wireless connection, etc.). Moreover, as with the firewall box 812 of FIG. 8, some embodiments of the cloud gateway service 912 can receive data from the cloud services 904 (e.g., a cloud-based ERP application, a cloud-based HMI application, etc.) and provision the received data to the appropriate industrial systems 906. For example, a cloud-based ERP or HMI service may attempt to write a new setpoint value to a selected controller of one of the industrial systems 906. The cloud gateway service 912 can receive this new setpoint value and write the new value to the appropriate data tag in the selected controller over plant network 920.
 While the cloud gateway functions described in connection with FIGS. 8 and 9 are depicted as running on a firewall box, other types of devices can also be configured to serve as a cloud gateways according to one or more embodiments of this disclosure. FIG. 10 depicts an exemplary configuration in which an industrial device acts as a cloud gateway for other industrial devices comprising an automation system. In this example, an automation system comprises a plurality of industrial devices 10061-1006N which collectively monitor and/or control one or more controlled processes 1002. The industrial devices 10061-1006N respectively generate and/or collect process data relating to control of the controlled process(es) 1002. For industrial controllers such as PLCs or other automation controllers, this can include collecting data from telemetry devices connected to the controllers' I/O, generating data internally based on measured process values, etc.
 In the configuration depicted in FIG. 10, industrial device 10061 acts as a cloud gateway for industrial devices 10062-1006N, such that industrial data 1014 from devices 10062-1006N is sent to the cloud platform via industrial device 10061, which serves as a cloud proxy device for the other industrial devices. Industrial devices 10062-1006N can deliver their industrial data 1014 to proxy industrial device 10061 over plant network or backplane 1012 (e.g., a CIP network or other suitable network protocol). Using this configuration, it is only necessary to interface one industrial device to the cloud platform (via cloud interface component 1008). Proxy industrial device 10061 can optionally include a transformation component 1010 (similar to transformation components 208, 310, and 810 of FIGS. 2, 3, and 8, respectively) for applying suitable transformations to the collective industrial data 1014 collected from industrial devices 10062-1006N, as well as to its own control data. The proxy industrial device can also optionally include an encryption component 1018 (similar to encryption components 210, 314, and 818 of FIGS. 2, 3, and 8, respectively) for encrypting the industrial data 1014 prior to submission to the cloud platform. The transformed and/or encrypted data can then be pushed to the cloud as refined data 1004 via cloud interface component 1008.
 Since data is being gathered from multiple industrial devices according to this configuration, there is a possibility that redundant data may be provided to industrial device 10061 from more than one source. Accordingly, transformation component 1010 may be configured to filter such redundant data prior to delivering the refined data to the cloud-based application. Transformation component 1010 may also be configured to summarize the gathered data according to defined summarization criteria prior to delivery to the cloud platform.
 As noted above, one or more embodiments of the cloud gateway described herein can transform or contextualize received industrial data prior to sending the data to the cloud platform. FIG. 11 illustrates a cloud gateway having such transformation capabilities according to an exemplary application. Cloud gateway 1102 can be any suitable device (such as a stand-alone computer or gateway device, a proxy industrial device similar to device 10061 of FIG. 10, or a firewall box similar to firewall boxes 812 or 910 of FIGS. 8 and 9) that gathers production data from one or more industrial devices 11141-1114N and delivers this data to a cloud-based application or service. Cloud gateway 1102 includes a transformation component 1118 configured to transform the production data according to a user-defined or cloud-defined requirement. In the present example, the cloud gateway 1102 is configured to refine the data received from industrial devices 11141-1114N by appending the data with contextual metadata, apply filtering to remove data not needed by the cloud-based application, and aggregate the remaining data according to defined aggregation criteria. To this end, transformation component 1118 leverages a context component 1112, a filter component 1108, and an aggregation component 1106 to transform the collected raw data to refined data 1116.
 The context component 1112 can append contextual information or metadata to the raw production data. The contextual information provides context for the data, which can be leveraged by subsequent transformation steps or used by the cloud-based application in connection with cloud-side analysis. Turning briefly to FIG. 12, an exemplary context component for transforming raw data into contextualized data is illustrated. Context component 1204 receives raw production data 1202 and enhances the raw data 1202 with one or more pieces of context data to yield contextualized data 1206. For example, context component 1204 can apply a time stamp to the raw data 1202 indicating a time, a date, and/or a production shift when the data was generated. The applied context data may also include a production area that yielded the data, a particular product that was being produced when the data was generated, and/or a state of a machine (e.g., auto, semi-auto, abnormal, etc.) at the time the data was generated. Other examples of context information include an employee on shift at the time the data was generated, a lot number with which the data is associated, or an alarm that was active at the time the data was generated. Context component 1204 can also apply an actionable data tag to the raw data if it is determined that the data requires action to be taken by plant personnel or by the cloud-based application.
 Context component 1204 an also apply contextual information to the raw data 1202 that reflects the data's location within a hierarchical organizational model. Such an organizational model can represent an industrial enterprise in terms of multiple hierarchical levels. In an exemplary organizational model, the hierarchical levels can include--from lowest to highest--a workcell level, a line level, an area level, a site level, and an enterprise level. Devices that are components of a given automation system can be described and identified in terms of these hierarchical levels, allowing a common terminology to be used across the entire enterprise to identify devices, machines, and data within the enterprise. In some embodiments, the organizational model can be known to the context component 1204, which can stamp the raw data 1202 with a hierarchical identification tag that indicates the data's origin within the organizational hierarchy (e.g., Company:Marysville:DieCastArea:#1Headline:LeakTestCell).
 Returning to FIG. 11, after the context component 1112 has added contextual information to the raw data, filter component 1108 can determine which of the contextualized data is to be pushed to the cloud, and discard data that is not required by the cloud-based service. Filter component 1108 can filter the contextualized data according to any specified filtering criterion. In some embodiments, filtering criteria can be defined in a transform profile associated with the transformation component 1118. Exemplary filtering criteria can include instructions to discard certain types of data if the data exceeds (or falls below) a defined setpoint. For example, the filtering criteria can specify that weight data collected from a testing device of a particular workcell is to be discarded if the data exceeds a maximum weight value indicative of a faulty reading. In such scenarios, the data to which this filter criterion is to be applied can be identified based on the contextual information applied to the data by the context component 1112. Filter component 1108 can also be configured to identify redundant data collected from two or more of the industrial devices 11141-1114N, and discard redundant instances of the same data. Again, filter component 1108 can leverage the contextual information applied by the context component 1112 to identify instances of redundant data.
 Transformation component 1118 can also include an aggregation component 1106 configured to combine related data according to one or more predefined aggregation instructions. For example, once the data from industrial devices 11141-1114N has been contextualized and filtered by the context component 1112 and the filter component 1108, aggregation component 1106 can identify related data, which may originate from multiple data sources, and combine the related data into a common upload for delivery to a cloud-based service or application. The resulting refined data 1116 can be pushed to the cloud platform via cloud interface component 1104.
 While the exemplary transformation component 1118 of FIG. 11 is described as including a context component 1112, a filter component 1108, and an aggregation component 1106, it is to be appreciated that the transformation component 1118 integrated with cloud gateway 1102 can include any suitable combination of data refinement functions, according to the needs of the user and the requirements of the particular cloud-based services being used. For example, transformation component 1118 may compress, encrypt, and/or reformat the collected raw data prior to pushing the data to the cloud-based service.
 FIG. 13 illustrates an exemplary cloud gateway that supports store-and-forward capability according to one or more embodiments. Cloud gateway 1302 includes a device interface component 1310 (similar to device interface components 206 and 306 of FIGS. 2 and 3, respectively) configured to communicatively couple the cloud gateway 1302 to one or more devices of a user's industrial system (e.g., an industrial controller, meter, sensor, etc.) and exchange data therewith. For example, the device interface component 1310 can receive industrial data 1312 from one or more industrial devices to be sent to the cloud platform (e.g., in accordance with a configuration file associated with the cloud gateway 1302). Cloud gateway 1302 also includes a cloud interface component 1306 (similar to cloud interface components 204 and 318 of FIGS. 2 and 3, respectively) configured to couple the cloud gateway 1302 to a web-based or private cloud platform and exchange data therewith. Using these components, the cloud gateway can collect industrial data from one or more devices comprising a user's industrial system, and send the data to a cloud platform to be leveraged by one or more cloud-based services.
 In addition, cloud gateway 1302 also includes a storage control component 1308 and a communication diagnostic component 1304 that allow the cloud gateway 1302 to support store-and-forward functionality. Store-and-forward functionality allows the cloud gateway 1302 to temporarily store received industrial data 1312 on local storage 1314 in the event that communication between the cloud interface component 1306 and the cloud platform is lost. When the communication link is reinstated, the data that had been stored in local storage 1314 during the communication outage can be sent to the cloud platform, ensuring that the cloud-based services and applications experience no data gaps despite the communication outage.
 To this end, the communication diagnostic component 1304 can monitor communication health of the cloud interface component 1306 and determine when communication between the cloud gateway 1302 and the cloud platform has been disrupted. The storage control component 1308 controls whether industrial data 1312 received at the device interface component 1310 is sent to the cloud interface component 1306 for transmission to the cloud platform, or alternatively if the industrial data is to be sent to local storage 1314. While the communication link to the cloud platform is operational, the storage control component 1308 routes the data 1312 directly to the cloud interface component 1306. When the communication diagnostic component 1304 detects a communication disruption, it can instruct storage control component 1308 to begin writing the incoming industrial data 1312 to local storage 1314, where the data can be stored temporarily until the communication link is reinstated.
 The maximum amount of local storage 1314 designated for storage of industrial data 1312 can be configured using the "maximum local storage" field of the gateway configuration file (e.g., gateway configuration file 402 of FIG. 4). For example, if the maximum local storage value is set to 500 Mb, the storage control component 1308 will continue to write new incoming industrial data 1312 to local storage 1314 until this maximum amount of storage space is reached. If the communication link has not been reestablished by this time, and industrial data 1312 continues to be received, the storage control component 1308 can begin erasing the oldest data in the local storage 1314 and replacing the erased data with the newly received data, ensuring that the defined maximum amount of local storage is not exceeded. When communication to the cloud platform resumes, the storage control component 1308 can retrieve the data written to local storage 1314 and send this data to the cloud platform. The storage control component 1308 will subsequently revert to sending incoming industrial data 1312 to the cloud interface component 1306 for transmission to the cloud platform. Configuration parameters can control how to perform the forwarding of previously stored data. Options include: Send data in chunks with oldest data first (First In First Out, or FIFO), or newest data first (First In Last Out, or FILO). Furthermore, the regular uploading of current values might occur in parallel to the forwarding activity to make sure that the most recent data is always available.
 FIGS. 14-16 illustrate various methodologies in accordance with one or more embodiments of the subject application. While, for purposes of simplicity of explanation, the one or more methodologies shown herein are shown and described as a series of acts, it is to be understood and appreciated that the subject innovation is not limited by the order of acts, as some acts may, in accordance therewith, occur in a different order and/or concurrently with other acts from that shown and described herein. For example, those skilled in the art will understand and appreciate that a methodology could alternatively be represented as a series of interrelated states or events, such as in a state diagram. Moreover, not all illustrated acts may be required to implement a methodology in accordance with the innovation. Furthermore, interaction diagram(s) may represent methodologies, or methods, in accordance with the subject disclosure when disparate entities enact disparate portions of the methodologies. Further yet, two or more of the disclosed example methods can be implemented in combination with each other, to accomplish one or more features or advantages described herein.
 FIG. 14 illustrates an example methodology 1400 for sending industrial data to a cloud platform. Initially, at 1402, industrial data is obtained (e.g., by a device interface component 206) from one or more industrial devices. The industrial data can be retrieved, for example from one or more controller tags or data registers in an industrial controller. The industrial data may also be retrieved from one or more meters or other telemetry devices (e.g., flow meters, temperature meters, level sensors, etc.). The industrial data can be obtained, for example, by a cloud gateway device in accordance with a configuration file associated with the gateway device, where the configuration file identifies one or more items of industrial data to be retrieved.
 Optionally, at 1404, the industrial data is at least one of contextualized, aggregated, filtered, or summarized (e.g., by a transformation component 208). For example, the industrial data can be appended with contextual metadata that can include, but is not limited to, a time/date stamp, a location associated with the data (e.g., a geographical location, a production area, etc.), machine statuses at the time the data was generated, personnel on duty at the time the data was generated, a hierarchical identifier indicating a source of the data within a hierarchical organizational hierarchy, or other such contextual information. Moreover, subsets of the industrial data having a similar context (e.g., a same location, production area, work shift, etc.) can be aggregated together for subsequent delivery to a cloud platform. In another example, it may be determined that a particular cloud-based application only requires data relating to a particular workcell. Accordingly, portions of the industrial data whose contextual metadata indicates that the data originates from other workcells can be filtered or discarded. Summaries can also be generated using the collected industrial data based on the contextual metadata (e.g., aggregate data from a selected plant facility and summarize the production statistics for the respective work areas in that facility).
 At 1406, the industrial data is optionally encrypted (e.g., by an encryption component 210) using a predefined encryption technique. At 1408, the industrial data is sent to a cloud-based application executing on a cloud platform (e.g., by a cloud interface component 204). The cloud-based application can be, for example, a cloud-side service made available to an owner of the industrial devices as a subscription service. Exemplary cloud-based applications can include, but are not limited to, data storage services, data analysis applications, control applications (e.g., applications that can generate and deliver control instructions to industrial devices based on analysis of near real-time system data or other factors), visualization applications, reporting applications, Enterprise Resource Planning (ERP) applications, notification services, or other such applications.
 FIG. 15 illustrates an example methodology 1500 for dynamically controlling an upload frequency of a cloud gateway. Initially, at 1502, industrial data is collected from one or more automation systems using a cloud gateway device or cloud gateway service (e.g., by a device interface component 206). At 1504, the industrial data is sent to a cloud-based application executing on a cloud platform at a first upload frequency (e.g., by a cloud interface component 204). For example, the cloud gateway may be operating in a fast poll mode whereby the industrial data is uploaded to the cloud platform every minute. At 1506, an instruction is received from the cloud-based application to change the upload frequency of the cloud gateway. For example, the cloud-based application may determine that a maximum total bandwidth or a maximum cloud storage utilization is at risk of being exceeded, and in response, send an instruction to the cloud gateway to alter one or more communication parameters. This can include, for example, reducing the gateway's upload frequency in order to slow the consumption of cloud resources, adjusting a data collection interval, changing the number of messages sent per data packet, changing the defined maximum number of allowed uploads per minute, or other communication parameter changes. At 1508, the cloud gateway changes communication parameters in accordance with the instruction. For example, the cloud gateway may change its upload frequency from the first upload frequency (e.g., fast poll mode) to a second upload frequency. The second upload frequency can be, for example, a slow poll mode that uploads the industrial data every 15 minutes.
 FIG. 16 illustrates an example methodology 1600 for implementing store-and-forward functionality in a cloud gateway. Initially at 1602, industrial data is received (e.g., by a device interface component 1310) from one or more automation systems at a cloud gateway. At 1604, the industrial data is sent (e.g., by a cloud interface component 1306) to a cloud-based application executing on a cloud platform. At 1606, a determination is made (e.g., by a communication diagnostic component 1304) regarding whether communication to the cloud platform has been lost. If it is determined that communication has not been lost, the methodology returns to step 1602. Alternatively, if it is determined that communication has been lost, the methodology moves to step 1608, where incoming industrial data is stored (e.g., by a storage control component 1308) in local storage associated with the cloud gateway. At 1610, a determination is made (e.g., by communication diagnostic component 1304) regarding whether communication to the cloud platform has been restored. If it is determined that communication has not been restored, the methodology returns to step 1608, and the incoming industrial data continues to be stored in the local storage. Alternatively, if it is determined that communication has been restored, the methodology moves to step 1612, where the industrial data stored in the local storage at step 1608 is sent to the cloud-based application. Configuration parameters set for the cloud gateway can control how forwarding of previously stored data is handled (e.g., FIFO, FILO, etc.). Additionally, forwarding of newly received values per normal operation may occur in parallel with the forwarding activity of previously stored data to ensure that the most recent data is always available at the cloud platform. The methodology then returns to step 1602, and the methodology repeats.
 Embodiments, systems, and components described herein, as well as industrial control systems and industrial automation environments in which various aspects set forth in the subject specification can be carried out, can include computer or network components such as servers, clients, programmable logic controllers (PLCs), automation controllers, communications modules, mobile computers, wireless components, control components and so forth which are capable of interacting across a network. Computers and servers include one or more processors--electronic integrated circuits that perform logic operations employing electric signals--configured to execute instructions stored in media such as random access memory (RAM), read only memory (ROM), a hard drives, as well as removable memory devices, which can include memory sticks, memory cards, flash drives, external hard drives, and so on.
 Similarly, the term PLC or automation controller as used herein can include functionality that can be shared across multiple components, systems, and/or networks. As an example, one or more PLCs or automation controllers can communicate and cooperate with various network devices across the network. This can include substantially any type of control, communications module, computer, Input/Output (I/O) device, sensor, actuator, and human machine interface (HMI) that communicate via the network, which includes control, automation, and/or public networks. The PLC or automation controller can also communicate to and control various other devices such as I/O modules including analog, digital, programmed/intelligent I/O modules, other programmable controllers, communications modules, sensors, actuators, output devices, and the like.
 The network can include public networks such as the internet, intranets, and automation networks such as control and information protocol (CIP) networks including DeviceNet, ControlNet, and Ethernet/IP. Other networks include Ethernet, DH/DH+, Remote I/O, Fieldbus, Modbus, Profibus, CAN, wireless networks, serial protocols, and so forth. In addition, the network devices can include various possibilities (hardware and/or software components). These include components such as switches with virtual local area network (VLAN) capability, LANs, WANs, proxies, gateways, routers, firewalls, virtual private network (VPN) devices, servers, clients, computers, configuration tools, monitoring tools, and/or other devices.
 In order to provide a context for the various aspects of the disclosed subject matter, FIGS. 17 and 18 as well as the following discussion are intended to provide a brief, general description of a suitable environment in which the various aspects of the disclosed subject matter may be implemented.
 With reference to FIG. 17, an example environment 1710 for implementing various aspects of the aforementioned subject matter includes a computer 1712. The computer 1712 includes a processing unit 1714, a system memory 1716, and a system bus 1718. The system bus 1718 couples system components including, but not limited to, the system memory 1716 to the processing unit 1714. The processing unit 1714 can be any of various available processors. Multi-core microprocessors and other multiprocessor architectures also can be employed as the processing unit 1714.
 The system bus 1718 can be any of several types of bus structure(s) including the memory bus or memory controller, a peripheral bus or external bus, and/or a local bus using any variety of available bus architectures including, but not limited to, 8-bit bus, Industrial Standard Architecture (ISA), Micro-Channel Architecture (MSA), Extended ISA (EISA), Intelligent Drive Electronics (IDE), VESA Local Bus (VLB), Peripheral Component Interconnect (PCI), Universal Serial Bus (USB), Advanced Graphics Port (AGP), Personal Computer Memory Card International Association bus (PCMCIA), and Small Computer Systems Interface (SCSI).
 The system memory 1716 includes volatile memory 1720 and nonvolatile memory 1722. The basic input/output system (BIOS), containing the basic routines to transfer information between elements within the computer 1712, such as during start-up, is stored in nonvolatile memory 1722. By way of illustration, and not limitation, nonvolatile memory 1722 can include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable PROM (EEPROM), or flash memory. Volatile memory 1720 includes random access memory (RAM), which acts as external cache memory. By way of illustration and not limitation, RAM is available in many forms such as synchronous RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), Synchlink DRAM (SLDRAM), and direct Rambus RAM (DRRAM).
 Computer 1712 also includes removable/non-removable, volatile/non-volatile computer storage media. FIG. 17 illustrates, for example a disk storage 1724. Disk storage 1724 includes, but is not limited to, devices like a magnetic disk drive, floppy disk drive, tape drive, Jaz drive, Zip drive, LS-100 drive, flash memory card, or memory stick. In addition, disk storage 1724 can include storage media separately or in combination with other storage media including, but not limited to, an optical disk drive such as a compact disk ROM device (CD-ROM), CD recordable drive (CD-R Drive), CD rewritable drive (CD-RW Drive) or a digital versatile disk ROM drive (DVD-ROM). To facilitate connection of the disk storage devices 1724 to the system bus 1718, a removable or non-removable interface is typically used such as interface 1726.
 It is to be appreciated that FIG. 17 describes software that acts as an intermediary between users and the basic computer resources described in suitable operating environment 1710. Such software includes an operating system 1728. Operating system 1728, which can be stored on disk storage 1724, acts to control and allocate resources of the computer system 1712. System applications 1730 take advantage of the management of resources by operating system 1728 through program modules 1732 and program data 1734 stored either in system memory 1716 or on disk storage 1724. It is to be appreciated that one or more embodiments of the subject disclosure can be implemented with various operating systems or combinations of operating systems.
 A user enters commands or information into the computer 1712 through input device(s) 1736. Input devices 1736 include, but are not limited to, a pointing device such as a mouse, trackball, stylus, touch pad, keyboard, microphone, joystick, game pad, satellite dish, scanner, TV tuner card, digital camera, digital video camera, web camera, and the like. These and other input devices connect to the processing unit 1714 through the system bus 1718 via interface port(s) 1738. Interface port(s) 1738 include, for example, a serial port, a parallel port, a game port, and a universal serial bus (USB). Output device(s) 1740 use some of the same type of ports as input device(s) 1736. Thus, for example, a USB port may be used to provide input to computer 1712, and to output information from computer 1712 to an output device 1740. Output adapter 1742 is provided to illustrate that there are some output devices 1740 like monitors, speakers, and printers, among other output devices 1740, which require special adapters. The output adapters 1742 include, by way of illustration and not limitation, video and sound cards that provide a means of connection between the output device 1740 and the system bus 1718. It should be noted that other devices and/or systems of devices provide both input and output capabilities such as remote computer(s) 1744.
 Computer 1712 can operate in a networked environment using logical connections to one or more remote computers, such as remote computer(s) 1744. The remote computer(s) 1744 can be a personal computer, a server, a router, a network PC, a workstation, a microprocessor based appliance, a peer device or other common network node and the like, and typically includes many or all of the elements described relative to computer 1712. For purposes of brevity, only a memory storage device 1746 is illustrated with remote computer(s) 1744. Remote computer(s) 1744 is logically connected to computer 1712 through a network interface 1748 and then physically connected via communication connection 1750. Network interface 1748 encompasses communication networks such as local-area networks (LAN) and wide-area networks (WAN). LAN technologies include Fiber Distributed Data Interface (FDDI), Copper Distributed Data Interface (CDDI), Ethernet/IEEE 802.3, Token Ring/IEEE 802.5 and the like. WAN technologies include, but are not limited to, point-to-point links, circuit switching networks like Integrated Services Digital Networks (ISDN) and variations thereon, packet switching networks, and Digital Subscriber Lines (DSL).
 Communication connection(s) 1750 refers to the hardware/software employed to connect the network interface 1748 to the bus 1718. While communication connection 1750 is shown for illustrative clarity inside computer 1712, it can also be external to computer 1712. The hardware/software necessary for connection to the network interface 1748 includes, for exemplary purposes only, internal and external technologies such as, modems including regular telephone grade modems, cable modems and DSL modems, ISDN adapters, and Ethernet cards.
 FIG. 18 is a schematic block diagram of a sample-computing environment 1800 with which the disclosed subject matter can interact. The system 1800 includes one or more client(s) 1810. The client(s) 1810 can be hardware and/or software (e.g., threads, processes, computing devices). The system 1800 also includes one or more server(s) 1830. The server(s) 1830 can also be hardware and/or software (e.g., threads, processes, computing devices). The servers 1830 can house threads to perform transformations by employing one or more embodiments as described herein, for example. One possible communication between a client 1810 and a server 1830 can be in the form of a data packet adapted to be transmitted between two or more computer processes. The system 1800 includes a communication framework 1850 that can be employed to facilitate communications between the client(s) 1810 and the server(s) 1830. The client(s) 1810 are operably connected to one or more client data store(s) 1860 that can be employed to store information local to the client(s) 1810. Similarly, the server(s) 1830 are operably connected to one or more server data store(s) 1840 that can be employed to store information local to the servers 1830.
 What has been described above includes examples of the subject innovation. It is, of course, not possible to describe every conceivable combination of components or methodologies for purposes of describing the disclosed subject matter, but one of ordinary skill in the art may recognize that many further combinations and permutations of the subject innovation are possible. Accordingly, the disclosed subject matter is intended to embrace all such alterations, modifications, and variations that fall within the spirit and scope of the appended claims.
 In particular and in regard to the various functions performed by the above described components, devices, circuits, systems and the like, the terms (including a reference to a "means") used to describe such components are intended to correspond, unless otherwise indicated, to any component which performs the specified function of the described component (e.g., a functional equivalent), even though not structurally equivalent to the disclosed structure, which performs the function in the herein illustrated exemplary aspects of the disclosed subject matter. In this regard, it will also be recognized that the disclosed subject matter includes a system as well as a computer-readable medium having computer-executable instructions for performing the acts and/or events of the various methods of the disclosed subject matter.
 In addition, while a particular feature of the disclosed subject matter may have been disclosed with respect to only one of several implementations, such feature may be combined with one or more other features of the other implementations as may be desired and advantageous for any given or particular application. Furthermore, to the extent that the terms "includes," and "including" and variants thereof are used in either the detailed description or the claims, these terms are intended to be inclusive in a manner similar to the term "comprising."
 In this application, the word "exemplary" is used to mean serving as an example, instance, or illustration. Any aspect or design described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other aspects or designs. Rather, use of the word exemplary is intended to present concepts in a concrete fashion.
 Various aspects or features described herein may be implemented as a method, apparatus, or article of manufacture using standard programming and/or engineering techniques. The term "article of manufacture" as used herein is intended to encompass a computer program accessible from any computer-readable device, carrier, or media. For example, computer readable media can include but are not limited to magnetic storage devices (e.g., hard disk, floppy disk, magnetic strips . . . ), optical disks [e.g., compact disk (CD), digital versatile disk (DVD) . . . ], smart cards, and flash memory devices (e.g., card, stick, key drive . . . ).
Patent applications by David W. Farchmin, Grafton, WI US
Patent applications by Douglas C. Lawson, Silverado, CA US
Patent applications by Douglas J. Reichard, Fairview Park, OH US
Patent applications by Joseph A. Harkulich, Willoughby, OH US
Patent applications by Michael John Pantaleano, Willoughby, OH US
Patent applications by Rainer Hessmer, Rancho Santa Margarita, CA US
Patent applications by Sujeet Chand, Brookfield, WI US
Patent applications by ROCKWELL AUTOMATION TECHNOLOGIES, INC.
Patent applications in class REMOTE DATA ACCESSING
Patent applications in all subclasses REMOTE DATA ACCESSING