This example architecture shows an end-to-end approach for an automotive original equipment manufacturer (OEM) and includes a reference architecture and several published supporting open-source libraries that can be reused. Microsoft rearchitected the fleet control software to be highly available, geo-redundant, and vendor-neutral, and to run in a hybrid cloud context.
Architecture
Geo-redundancy with zero-downtime failover for 99.9% availability and disaster recovery
Download a Visio file of this architecture.
Workflow
- An instance of the back end, consisting of the following components, is deployed to two Azure regions: Azure IoT Hub, Ingestion, RabbitMQ, Mission State, Vehicle State, Job Manager, and Geo DB. IoT Hub connects to the set of applications built using a microservice architecture that can be deployed on Azure App Service using the Web Apps feature of Azure App Service, Web App for Containers, or Kubernetes.
- A leader election system determines which back end controls AGVs on the shop floor at any given point in time. If the back end in charge fails, the leader election immediately transfers the control to the back end in the other region.
- Thanks to this geo-redundant and zero-downtime failover architecture, the AGV control software that runs in Azure achieves 99.9% availability, provided that the internet connection and external subsystems, such as SAP, are not limiting factors.
Kubernetes and RabbitMQ for datacenter-agnostic deployments
Download a Visio file of this architecture.
In scenarios where the internet connection between a production plant and Azure is a limiting factor, our AGV control software can also be deployed to on-premises compute nodes. By using Kubernetes and RabbitMQ as platform-agnostic technologies, the application layer described in the previous section is deployed on an Azure IoT Edge device.
Implementation of the VDA 5050 specification for AGV-vendor-agnostic communication
Download a Visio file of this architecture.
Thanks to compliance with the VDA 5050 vehicle connector specification, our AGV control software can communicate with all types of AGVs from different vendors that also comply with VDA 5050.
Workflow
In this architecture, you can see an overview of the different services and components used to run the back-end AGV fleet control solution in Azure:
- When developers commit new code, GitHub Actions automatically scans the code to quickly find vulnerabilities and coding errors. It can also be used to deploy applications and infrastructure components automatically.
- A container registry stores the container images used for the different services of the AGV fleet control back end.
- Back-end services are deployed to Web App for Containers.
- These back-end services can connect to external systems using the VDA 5050 protocol. They can also connect to a managed streaming platform, such as Kafka, and can store vehicle information in an Azure SQL database.
- Azure Key Vault stores passwords, keys, and certificates.
- Application Insights implements logging and monitoring for the applications that run as back-end services.
- Managed identities connect to the different services and resources in Azure, eliminating the need for developers to manage credentials. They provide an identity for applications to use when connecting to resources that support Microsoft Entra authentication.
Components
Azure App Service is a platform as a service (PaaS) for building and hosting apps in managed virtual machines (VMs). It manages the underlying compute infrastructure on which your apps run. App Service provides monitoring of resource usage quotas and app metrics, logging of diagnostic information, and alerts based on metrics.
Azure Virtual Network is the fundamental building block for your private network in Azure. This service enables many types of Azure resources, such as Azure Virtual Machines, to securely communicate with each other, the internet, and on-premises networks.
IoT Hub is a PaaS managed service, hosted in the cloud, that acts as a central message hub for bidirectional communication between an IoT application and the devices it manages.
Azure Container Apps is a fully managed serverless container service for building and deploying containers at scale.
Azure Container Registry is a managed, private Docker registry service based on the open-source Docker Registry 2.0. You can use Azure container registries with your existing container development and deployment pipelines, or you can use Azure Container Registry Tasks to build container images in Azure. Build on demand, or fully automate builds with triggers, such as source code commits and base image updates.
Microsoft Entra ID is the cloud-based identity and access management service that authenticates users, services, and applications.
Azure Storage offers a durable, highly available, and massively scalable cloud storage solution. It includes object, file, disk, queue, and table storage capabilities.
RabbitMQ is an open-source message-broker software that originally implemented the Advanced Message Queuing Protocol and has since been extended with a plug-in architecture to support Streaming Text Oriented Messaging Protocol, MQ Telemetry Transport, and other protocols.
Azure Virtual Machines provides on-demand, scalable computing resources that give you the flexibility of virtualization, without having to purchase and maintain the physical hardware.
Azure SQL Database is a fully managed PaaS database engine that handles most of the database management functions, such as upgrading, patching, backups, and monitoring, without user involvement.
Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys.
Application Insights, a feature of Azure Monitor, is an extensible application performance management (APM) service for developers and DevOps professionals. You can use it to monitor live applications. It automatically detects performance anomalies, and it includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app.
Alternatives
This architecture uses Kubernetes and the Web Apps feature of Azure App Service for running the applications for this solution. As an alternative, you can run these microservices in Azure Container Instances, which offers the fastest and simplest way to run a container in Azure, without having to adopt a higher-level service, such as Azure Kubernetes Service (AKS).
The on-premises example uses Azure virtual machines, which can also be replaced by container technologies.
Another option to run these services is in Azure Kubernetes Service (AKS). This offers serverless Kubernetes for running microservices, an integrated continuous integration and continuous deployment (CI/CD) experience, and enterprise-grade security and governance.
Also consider using Azure Monitor in combination with Application Insights to analyze and optimize the performance of your applications, containers, databases, and other resources and to monitor and diagnose networking issues.
This architecture uses RabbitMQ as the message broker. Microsoft Azure also has native support for messaging solutions, such as Azure Queue Storage or Azure Service Bus. For a comparison, see Azure Storage queues and Service Bus queues - compared and contrasted.
The applications and services in Azure are deployed using Terraform scripts. Consider using Azure-native Azure Resource Manager templates (ARM templates) or Bicep for creating scripts.
Scenario details
Automotive manufacturing relies on automated guided vehicles (AGVs) to deliver parts to assembly lines. AGVs are a mission-critical part of just-in-time manufacturing and automated shop-floor logistics. Shop floors using AGVs commonly face three challenges:
- Availability. Any service interruption disrupts production.
- Connectivity. Shop floors frequently lack a reliable connection to the public cloud.
- Vendor lock-in. Traditional AGV solutions rely on proprietary communication protocols.
This example architecture is divided into three operational areas:
- An Azure-based fleet control reference architecture with geo-redundancy, zero-downtime failover, 99.9% availability, and efficient disaster recovery.
- A datacenter-agnostic and on-premises deployment built on Kubernetes and RabbitMQ.
- Vendor-neutral AGV communication built on top of the common VDA 5050 specification.
Potential use cases
This solution is ideal for the manufacturing, automotive, and transportation industries. It applies to the following scenarios:
- The customer is currently using AGVs in its manufacturing process.
- The customer experiences low availability with the AGVs, which impacts their return on investment (ROI).
- The shop floor has an inconsistent connection with the public cloud.
- The customer is a member of the Open Manufacturing Platform (OMP).
- The customer is a member of the OMP Autonomous Transport System (OMP ATS) working group.
Key problems
Low-cost production of goods relies on automation of the manufacturing process and just-in-time delivery of parts to assembly lines. By automatically transporting parts to assembly lines, automated guided vehicles contribute both to just-in-time manufacturing and to the automation of shop-floor logistics. In a typical mass production plant of passenger cars, for example, one passenger car is rolled out every minute. Therefore, every minute of interruption of an assembly line in a production plant causes a financial loss—in the order of tens of thousands of US dollars. Automotive OEMs require a high level of reliability and availability for their automated systems, and they face a number of challenges:
- Availability problem. Existing AGV fleet control software does not fulfill the 99.9% availability requirement.
- Connectivity problem. Some production plants do not have a sufficiently stable internet connection with the required bandwidth to enable the communication between the AGV fleet control software hosted in Azure public cloud and the AGVs on the shop floor. Therefore, hosting the AGV fleet control software in a datacenter that is outside the intranet of such a production plant was not an option.
- AGV vendor lock-in problem. It was not possible to swap the existing AGVs with new ones from a different vendor, because the AGV fleet control software depended on the proprietary communication protocol of the existing AGVs.
An architecture supporting geo-redundancy with zero-downtime failover for 99.9% availability and disaster recovery can solve these issues.
Considerations
These considerations implement the pillars of the Azure Well-Architected Framework, which is a set of guiding tenets that can be used to improve the quality of a workload. For more information, see Microsoft Azure Well-Architected Framework.
Availability and scalability
The applications and services that make up the AGV fleet control solution are deployed to two Azure regions using availability zones, which are unique physical locations within Azure regions that help protect VMs, applications, and data from datacenter failures. Azure App Service and AKS can be deployed in availability zones, as well. IoT Hub provides intraregion high availability by implementing redundancies in almost all layers of the service.
Security
Security provides assurances against deliberate attacks and the abuse of your valuable data and systems. For more information, see Overview of the security pillar.
Use Microsoft Entra ID for identity and access control and use Azure Key Vault to manage keys and secrets.
DevOps
For deploying the microservices to Kubernetes or Azure App Service automatically, it's best to use CI/CD processes. Consider using a solution such as Azure DevOps or GitHub Actions.
Cost optimization
Cost optimization is about looking at ways to reduce unnecessary expenses and improve operational efficiencies. For more information, see Overview of the cost optimization pillar.
In general, use the Azure pricing calculator to estimate costs, and use the AKS calculator to estimate the costs for running AKS in Azure. To learn about other considerations, see the "Cost optimization" section in Microsoft Azure Well-Architected Framework.
Contributors
This article is maintained by Microsoft. It was originally written by the following contributors.
Principal author:
- Gürcan Güleşir | Senior Program Manager
Next steps
Product documentation:
- Application Insights
- Microsoft Entra ID
- Azure App Service
- Azure Container Instances
- Azure Container Registry
- Azure IoT Hub
- Azure Kubernetes Service
- Azure Key Vault
- Azure Monitor
- Azure SQL Database
- Azure Virtual Machines
- Azure Virtual Network
- GitHub
Microsoft learning paths:
- Introduction to Azure IoT
- Introduction to Kubernetes on Azure
- Administer containers in Azure
- Create microservices with .NET and ASP.NET Core
- Manage identities and governance for Azure administrators
Related resources
Azure Architecture Center overview articles:
- Microservices architecture style
- Choosing an Azure compute option for microservices
- Baseline zone-redundant web application
- Highly available multi-region web application
- Advanced Azure Kubernetes Service (AKS) microservices architecture
- CI/CD for AKS apps with Azure Pipelines
Related architectures: