Digital Twin-Based Zero-Touch Management for IoT

Abstract

The rapid development of the Internet of Things (IoT) requires network automation, to improve management efficiency and reduce manual operations. Zero-touch network is a promising technology for empowering network management automation by creating virtualized networks for software-based solutions. However, the traditional software-defined network (SDN) technology is not suitable for IoT devices, due to its massive, heterogeneous, and distributed characteristics. In this paper, we introduce digital twin technology (DT) into the IoT, and propose a DT modeling method through ontology and knowledge graph technologies, which maps IoT elements in the digital space and provides the advantages of centralized control, device abstraction, and flexible control of management. Then, referring to the conceptual architecture of a zero-touch network, a DT-based zero-touch management framework suitable for IoT is established. Finally, aiming at specific device management and network optimization problems in the IoT, a zero-touch management scheme with digital twin technology as the core and intention as the driver is proposed, and the effectiveness of the proposed method is demonstrated using an example.

1. Introduction

The development of Internet of Things (IoT) technology has helped to expand the boundaries of traditional networks and realize the Internet of everything, providing many services in different domains, such as traffic management, vehicle networks, energy management, healthcare, and smart homes [1,2,3]. However, the management of IoT devices is challenging. IoT devices have heterogeneous characteristics, showing diversified development trends in different business types, service objects, and device types, which entail higher requirements for the network [4]. Meanwhile, the connection of IoT devices to the Internet involves multiple network domains [5]. The massive number of devices connected to the Internet results in a huge network scale, and the operation and maintenance of the network become increasingly difficult. For massive heterogeneous IoT devices, it would take a lot of time and effort to manually manage and connect them. As such, the closed-loop automation of management and operation for IoT devices has become a trend.

In terms of the research on network automation management, the zero-touch network [6] is a promising solution that can be applied to the management of IoT devices. Its core idea is to realize automatic policy orchestration, minimize manual involvement in the network management life cycle, and maximize the proportion of programs and tools in network management [7]. In this way, the network can learn to become more autonomous, and all operational processes and tasks are performed automatically. The zero-touch network architecture is shown in Figure 1 and realizes automated management in three layers. The upper layer is the intent-driven network, which maps user intentions into policies that can be understood by the control plane. The core of the middle layer is the software defined network (SDN) technology [8], which gives the zero-touch network the capability of an SDN controller. Based on the network topology and protocol, this layer can formulate a strategy deployment scheme and verify the consistency of the strategy, according to the network strategy and state. The lower layer is the data plane, which implements the policy matching and status monitoring of network traffic and performs the corresponding network functions. This paper introduces the concept of the zero-touch network into the IoT, to realize the zero-touch management of the IoT and its service management and to provide the closed-loop automation of self-configuration, self-monitoring, and self-optimization for the IoT.

However, the zero-touch network was proposed for traditional network architectures, and existing network management methods cannot be directly applied to IoT. The zero-touch network was first applied in data center networks, and its implementation relies on SDN technology. The SDN control plane acts as the network management middleware, to receive the administrator’s intention, collect network information, and formulate the policy deployment scheme according to the network policy and state. However, the process of collecting network information by the SDN controller requires the participation of SDN switches, which is not suitable for the IoT architecture. To realize zero-touch management for IoT, this paper introduces digital twin technology as a middleware for IoT management.

Digital twin (DT) technology maps a physical system to a digital model of information space [9]. With the assistance of high-performance sensors and high-speed communication, supplemented by data analysis and simulation, DT can integrate the data of multi-dimensional physical entities, present the actual situation of physical entities in almost real-time, and control the physical entities through a virtual–real interaction interface. A conceptual model of DT is illustrated in Figure 2, which is composed of three parts: the physical entity of the physical space, the virtual entity of the virtual space, and the interaction between the virtual and physical space [10]. DT reflects the characteristics of physical systems, and it can predict and simulate systems, thus playing a key role in resource optimization. As an emerging digital technology, DT creates virtual objects in the digital space using software definition, to accurately reflect the state, characteristics, and evolution of physical entities, so it has excellent state awareness and real-time analysis capabilities. In recent years, digital twin technology has received much attention in intelligent manufacturing, smart cities, and other fields [11,12,13].

The introduction of DT technology into the management of IoT devices, to create a network copy, can help to realize zero-touch management of the IoT. IoT management based on DT has the following advantages:

(1)

Centralized control: DT has a global view of the network, which is conducive to centralized control of heterogeneous networks;

(2)

Device abstraction: DT hides the heterogeneity between devices, so there is no need to consider the underlying implementation details of devices

(3)

Flexible control: DT can dynamically change the network configuration according to the actual network status and the administrator’s intentions.

IoT modeling is the key to DT and provides the function of management middleware. It continuously receives the status information of IoT devices and updates the twin copies to reflect the real status of the network in real-time; meanwhile, it provides a unified access interface, to automatically generate management solutions based on the network status and user intentions, thus helping to achieve closed-loop automation of IoT management.

This paper combines the zero-touch network concept and digital twin technology, to realize the automatic management of IoT systems. An overall IoT network is large and can be composed of multiple edge networks. Therefore, this paper considers each edge network as a management autonomous unit. The contributions of this paper are two-fold:

(1)

Ontology and knowledge mapping technology is employed to model IoT devices and IoT networks, thus supporting the DT of IoT and realizing real-time digital expression of the network through continuous collection of equipment and network environment information

(2)

Based on the DT of the IoT, a zero-touch management architecture of the IoT is designed, which helps to solve the problems of equipment management and network optimization in the IoT and to formulate corresponding automated solutions, to minimize manual participation in the management process.

The application of DT technology to achieve zero-touch management of the IoT provides a new paradigm for the automatic management of the IoT.

2. Related Work

In 2016, researchers at Google first put forward the concept of the zero-touch network in data center network management, as a new paradigm for network policy orchestration [6]. In 2017, the European Telecommunications Standards Institute (ETSI) set up the Zero-Touch Network and Service Management (ZSM) working group [14], to study end-to-end network and service management automation in multi-domain environments. In 2019, the group provided the reference architecture for the ZSM framework [15]. Considering the characteristics of 5G or next-generation networks across multiple network domains, it uses a modular approach to decouple each network domain and develops the interface specification of each domain to realize end-to-end closed-loop automation.

Several methods have been proposed to realize network automation under the framework of zero-touch networks. For instance, Lim et al. [16] used deep learning models in SDN to classify load traffic, to provide effective QoS for each application. Rezazadeh et al. [17] presented a zero-touch control method based on reinforcement learning for the management of 5G network slices, to reduce the energy consumption, delays, and initialization costs of network slices. Prados-Garzon et al. [18] integrated a flow scheduling optimization solution based on deep reinforcement learning in a ZSM-based management and orchestration framework, to realize QoS-driven traffic distribution in 5G backhaul networks. Nathan et al. [19] provided an automatic generation method of service monitoring model, based on an ontology template. This method can be used for continuous monitoring of end-to-end services in zero-touch networks, to satisfy the service requirements. Current research on zero-touch networks focuses on specific network management tasks and uses machine learning algorithms to realize intelligent decision-making. However, these studies only automate the management work at the algorithm level; there is still a large gap to achieving the vision of “zero-touch”, and the implementation schemes of the zero-touch network at the system level are lacking. Moreover, few existing studies focused on IoT scenarios, and to achieve zero-touch management of IoT at the system level, DT technology needs to be introduced.

Since it was proposed, DT has been applied in many fields. The Air Force Research Laboratory (AFRL) was the first to propose the concept of DT and apply it to aircraft maintenance, to manage the whole life cycle of the aircraft using a high-fidelity and real-time updated virtual model [20]. Tao et al. [21] introduced DT technology into the shop floor, to realize intelligent management of production factors. Pfohl et al. [22] integrated DT technology into the management of a supply chain, to remotely monitor and track goods for customer delivery and to determine the availability of goods needed to produce products. Tzanis et al. [23] applied DT technology to a smart grid, to manage a large number of devices in the system, and they used the Spiking Neural Network (SNN) deployed on smart meters in the grid to detect faulty nodes. It is worth mentioning that IoT has been involved in these DT applications, to update the DT model in real-time and obtain the information of the physical entity, but these studies did not consider the management of the IoT.

DT technology has gradually attracted attention in the field of communication networks. Sun et al. [24] introduced DT technology into the research of mobile edge computing, to assist in offloading decisions and reduce the offloading delay. Sun et al. [25] put forward the concept of a DT network and built a DT network platform to help the network realize low-cost trial and error, intelligent decision-making, and high-efficiency innovation. Almasan et al. [26] proposed constructing DT networks using machine learning techniques, to predict the performance of different network configurations. DT technology has achieved preliminary results in network management.

In recent years, studies using DT to realize IoT device management have begun to emerge. Mehdi et al. [27,28] proposed the method of introducing DT optimization management into industrial IoT. They built a graph structure describing the network topology by collecting wireless sensor network (WSN) information and evaluated different network management methods through interactions with the Cooja simulator. In addition, major cloud service providers, such as the AWS Cloud, Microsoft Azure, and HUAWEI Cloud, have proposed DT-based management methods for their IoT platforms. The device twins are constructed using the thing model to realize the digital mapping of the device and assist the cloud platform in managing and controlling the terminal device. Research on applying DT in the IoT is still in its infancy, and the management of IoT devices still requires a lot of manual operations. How to further realize management automation needs to be further investigated.

Considering the limitations of the above studies, this paper proposes a DT-based zero-touch management architecture for the IoT and focuses on the modeling method of DT for IoT and a DT-based automatic management scheme. The study results provide new ideas for IoT management.

3. Twin Modeling of the IoT

Twin modeling of the IoT is the premise of realizing zero-touch management, which maps the elements of the IoT to the digital space and provides a platform for centralized control. In this section, the architecture of the IoT is first analyzed, and then ontology and knowledge graph methods are employed to build DT for IoT devices and networks in turn.

3.1. Architecture of IoT

The IoT system follows a cloud-centric architecture and includes three main parts: terminal devices, gateways, and cloud servers. Terminal devices sense the physical environment and connect physical entities to information networks, including all types of sensors, actuators, and smart terminals. Since most terminal devices cannot be directly connected to the Internet, they need to connect to the gateway through short-distance communication technologies such as Bluetooth, ZigBee, and WiFi. This paper mainly considers such scenarios. The gateway enables terminal devices to access the Internet, and the cloud server provides comprehensive storage, processing, and management functions. The IoT provides two services: storing and analyzing the data collected from terminal devices, and sending instructions and information to the device.

The cloud-centric architecture faces challenges in the form of bandwidth, delay, stability, resource limitation, security, etc. To overcome the limitations of the existing architecture, edge computing is proposed as a supplement to cloud computing, which can allocate tasks to edge servers that are closer to IoT devices, for direct data processing or transmission to the cloud server after preprocessing [29]. The IoT network architecture is presented in Figure 3.

Due to massive IoT devices, it is unrealistic to build a global DT. Considering that the terminal devices within the same access gateway are not only geographically close but also logically perform the same type of tasks, the edge network composed of terminal devices, gateways, and edge servers is taken as the management unit of the IoT. The edge server in the edge network has limited computing resources and can allocate a part of the IoT computing tasks to the edge side. Therefore, we consider each edge network as a management autonomous unit. This paper focuses on the zero-touch management of the edge network of the IoT and aims to achieve edge network autonomy. Therefore, twin modeling should be conducted to build corresponding twin models for devices and networks in turn.

3.2. Device Twin Model

IoT devices have heterogeneous and diverse characteristics, and they increase rapidly in number, which increases the management and control complexity of the IoT. Considering the heterogeneity among devices and the limited resources of the edge servers, this paper uses an ontology model to build device twins of the IoT. Ontology is an ideal knowledge representation model for the formal representation of domain concepts. Using the ontology model to describe the knowledge of devices in the IoT contributes to a unified resource description and facilitates data exchange and sharing.

Currently, in terms of ontology research of the IoT, the semantic sensor network (SSN) ontology is the standard IoT ontology recommended by W3C [30]. SSN has several conceptual modules, including Observation, Deployment, System, SystemProperty, Feature, Condition, Procedure and Result. SSN mainly focuses on the observation data of the sensor and its application, and so the Observation module is the core of the ontology. The Observation module consists of several classes, including Sensor, Observable Property, Stimulus, Observation, and Feature Of Interest, and only the Sensor class is used to describe the device. However, this paper pays more attention to the device, including the attributes of the IoT device and its purpose of use, which are lacking in the SSN. Therefore, an IoT device ontology model is proposed, according to the device attributes and provided services. The IoT device ontology model extends the representation content of SSN ontology by adding a device level description and can be made compatible with SSN ontology. In fact, this ontology can be seen as enriching the contents of the Observation module of SSN, increasing the association attributes of the Sensor class.

The ontology is established using the OWL2 ontology language and the open-source ontology editor Protégé, where OWL2 provides four modeling primitives: classes, object properties, data properties, and instances. The process of IoT device ontology modeling is described below:

(1) Define classes and class hierarchies. The IoT device ontology mainly considers information about the devices and the tasks they perform, so two basic classes are defined: the device class, and the task class. According to the IoT network architecture, the device class is divided into three subcategories: terminal devices, gateway devices, and edge server devices. Since terminal devices have multiple types, they are further divided into fine-grained subcategories: sensors, actuators, and smart terminals. The task class is used to describe the tasks performed by the IoT device, including upload tasks and control tasks. The ontology classes and their hierarchy are illustrated in Figure 4.

(2) Define object properties. Object properties are used to describe the semantic relationship between classes or instances. Under the IoT architecture, the connection between devices and the dependency between devices and tasks need to be considered. Therefore, two object properties “has Connection” and “has Execution” are defined. The former describes the network topology, and the latter associates the device with the task it performs.

(3) Define data properties. Data properties are used to describe the attributes of an instance. According to the built ontology classes, two data properties are defined: device property, and task property; and these are used to describe devices and tasks, respectively.

Device properties describe the configuration information and operating status of the device, which is important for device management, including the Device identifier, Manufacturer, Device model, Firmware version, Owner, Access list, Working condition, Protocol, Location, Storage location, etc. The Device identifier is a unique identifier for the device, which is used to distinguish between different devices in the digital space. Manufacturer is used to obtain valuable information about the device, such as firmware version updates. Device model and Firmware version describe the physical model information and software version information of the device, which together with the manufacturer information support the function of software upgrading. Owner has the highest control rights for the device, including modifying control parameters and accessing attribute information. Access list represents the list of users allowed to access the device information, which is used for access control of the device. Working condition indicates whether the device is running or off. Protocol represents the available communication protocol. Location represents the location of the device in the physical space relative to the gateway. Storage location denotes the storage location of the device twin in digital space.

Task properties describe information about the task executed by the device, including the Task description, Required communication, Required calculation, etc. Task description provides a natural language representation of the executed task. Required communication and Required calculation represent the communication bandwidth and computing power required by the device to perform the task, which are quantitative descriptions of the task. In the case of sufficient resources, the system allocates computation and communication resources to each task according to the above two attributes.

Data properties provide important information for IoT management and could be extended on demand for different network management functions in future research. The data properties and their hierarchy are presented in Figure 5.

(4) Create the instance. After obtaining the class and property information in the ontology, the construction of the ontology model of the IoT device is almost completed. The next step is to instantiate the IoT device and its task based on the ontology template, select the class according to the device and task, create a single instance of the class, and fill in the attribute values for the instance, according to the specific information.

Ontology instantiation performs the abstraction of IoT devices and their tasks. Based on this, the data properties in the ontology are updated by continuously collecting IoT device information, to establish the twin model of a single device.

3.3. Network Twin Model

All device twins are aggregated and interconnected, to form an expandable and autonomous IoT network twin. The network twin provides the overall information of the IoT in the digital space and stores it on the edge server in the form of a knowledge graph.

Protégé does not perform well in processing large-scale data and cannot cope with large-scale IoT device access, so the Neo4j graph database was used to instantiate the ontology, to create a knowledge graph as the network twin of the IoT. Taking the smart home scenario as an example, the knowledge graph representing the IoT network twin is shown in Figure 6.

In this figure, the nodes with different colors represent different types of entities, including gateways, edge servers, sensors, smart terminals, actuators, upload tasks, and control tasks. The knowledge graph represents the IoT devices and their tasks in the form of nodes, and stores this information in the attribute values of the nodes.

To sum up, based on ontology and knowledge graph technology, twin modeling of the IoT is realized, and various elements in the network are mapped onto the digital space, thus realizing comprehensive and real-time perception of network status information through continuous interaction with IoT devices.

4. Twin-Based Zero-Touch Management

DT provides support for IoT network management. This section proposes a DT-based zero-touch management architecture, studies the automatic implementation scheme of device management and network optimization, and reduces the manual participation in the IoT management process.

4.1. Zero-Touch Management Architecture

As a middleware for network management, DT provides the global information of the IoT network. Referring to the three-layer architecture of the zero-touch network, a zero-touch management architecture suitable for IoT is established, as shown in Figure 7.

The zero-touch management architecture consists of three layers: the device layer, the twin control layer, and the application management layer. These layers are introduced in detail below:

(1) The device layer mainly includes edge-side controlled IoT devices, namely various types of terminal devices, gateways, and edge servers;

(2) The twin control layer is the core of the zero-touch management architecture. It maps the IoT elements onto the digital space, perceives the global information of the network, and continuously interacts with the device layer, to obtain real-time status information and maintain an updated view of the network. Meanwhile, it receives management instructions, to generate and execute control strategies.

(3) The application layer includes the specific IoT management functions, and it hides the details of the underlying network technology and focuses on the business requirements. It describes the user’s “what to do”, expresses the user’s management intention through the graphical interface or natural language, and parses these contents into control instructions that can be recognized by the twin control layer.

Based on the zero-touch management architecture, the management steps can be simplified at the device level, and network optimization is realized at the system level. In addition, the edge network composed of terminal equipment, gateways, and edge servers provides the functions of self-coordination, self-optimization, and self-monitoring.

4.2. Device Management

At present, mainstream cloud service providers mainly manage the IoT at the device level. The functions of device access, remote monitoring, software upgrade, and feedback control are realized through the device management system (DMS) deployed in the cloud.

The zero-touch management architecture provides a twin-centric and intent-driven approach to the implementation of device management functions. DT realizes the digital representation of the physical system; the IoT device is bound to the corresponding device twin on the edge server, and the device management function is implemented by controlling the device twin. Meanwhile, the intention parsing module converts the management intention described by natural language into machine-recognizable operation instructions, thus simplifying the operation of equipment management and reducing manual participation.

4.2.1. Device Access

In the zero-touch management architecture, the device accessing the network is realized by establishing the corresponding device twin in the edge server. The process of IoT devices accessing the network is illustrated in Figure 8. First, in the zero-touch management architecture, the administrator declares the intention that the new terminal device will be connected to the network and creates the corresponding device twin according to the ontology template. Then, the terminal device accesses the gateway for the first time, determines whether the corresponding device twin exists through the zero-touch management architecture, and the association between the gateway and the terminal device is established. Finally, the device communicates with the gateway, and the device twin is added to the network twin, according to the connection.

Based on the above operations, the device twin of the new terminal device is established in the zero-touch management architecture, and it is updated through the received device information. As the agent of the device on the Internet, it can be accessed from any part of the network, thus realizing the function of device access to the network. The function of device access corresponds to the creation of a new node in the knowledge graph; similarly, the function of device exit from the network corresponds to the deletion of a node in the knowledge graph.

The automation mechanism of device access can be realized by programming the devices to support the specific infrastructure. According to the ontology model, the device manufacturer stores the relevant information in the form of a script in the physical device, including the Device ID information, so the template of the ontology model can be automatically filled when the device is connected to the network. In addition, in order to realize the real-time monitoring of physical devices by the DT, hardware drivers are installed on the corresponding physical devices to cycle the monitoring thread, and periodically send the device information of interest in the ontology model to the DT. This process can use the MQTT protocol.

4.2.2. Remote Monitoring

The information about the terminal device is stored in the graph database of the knowledge graph through the device twin, which provides a direct data source for querying the device information. Therefore, when users request remote monitoring management service on the Internet, they only need to query the node attribute value in the knowledge graph.

When a user performs remote monitoring management operations, they need to consider the access control issue. Only users with access rights to the device can query the device information through the graph database. The access control issue of the device twin is set through the entity attributes. The owner attribute of the device twin represents the owner of the corresponding device, and it has read and write permissions for the device twin operation. The owner can specify users that can access the twin information of the device and write user information into the access list attribute of the twin device. Therefore, we solve the access control issue, by controlling the access list attribute of the device twin, and only the user appearing in this attribute can read the corresponding device information. The operation flow of the user’s remote monitoring of the device is presented in Figure 9.

The device twin model provides semantic descriptions of IoT terminal devices, abstracts the attributes of the IoT devices and their services, and stores information about devices and services on edge servers, thus showing advantages for remote monitoring management.

4.2.3. Software Upgrade

Software upgrade guarantees the stable operation of IoT devices, and the zero-touch management architecture provides an automatic software upgrade management method.

The zero-touch management architecture periodically queries the device manufacturer for software updates for the device models it manages and compares them with the current version of the device. This information, including the device model, device manufacturer, and device software version, is stored in the device twin for quick access. If the device version issued by the manufacturer is newer than the current one, the current software version is backed up, the new version of the software is downloaded from the device manufacturer and run on the device, and the administrator is informed of the successful software upgrade. The software upgrade process of IoT devices is illustrated in Figure 10.

4.2.4. Feedback Control

In addition to the aforementioned functions, the IoT management architectures also support feedback control. For example, a group of terminal devices can be controlled, to complete a specific task, or an alarm can be triggered according to the device’s condition. The feedback control tasks can be divided into two categories: execution tasks, and condition tasks. The zero-touch management architecture achieves feedback control by adopting an intent-based method, to reduce the required manual operations.

An execution task is generally composed of multiple subtasks and the connector between the subtasks. The subtask is the smallest control unit that is used to perform operations on a single device. Therefore, under the intent-based architecture, the intention parsing module parses the task intention of the execution class into a sub-operation chain; then, it generates a corresponding operation flow chart, to indicate the operating instructions that need to be used and the execution order, as shown in Figure 11.

The zero-touch management architecture helps execution tasks to execute in a specified order and determines the task execution through the change of device states (i.e., attribute value change) displayed by the device twin.

The condition task is mainly a combinational task for existential causal logic, and it consists of two parts: condition and consequence. The zero-touch management architecture is implemented with a rule-based approach. The intention resolution module parses condition-class tasks into rules in the form of “if-then”, and then it realizes the automatic execution of these tasks with the assistance of the zero-touch management architecture.

According to the rule definition, the attribute values of the corresponding device or service are subscribed, and the change of attribute values is sensed by regularly querying the graph database. Then, if the attribute value triggers the condition in the rule, the corresponding action is performed. The execution flow of the condition class task is presented in Figure 12.

The feedback control of IoT devices is first decomposed into operations that can be recognized by the machine through the intent parser, and then the control process is automated through the zero-touch management architecture.

The DT-based zero-touch management architecture implements a twin-centric and intent-driven device management method, which greatly improves IoT management automation.

4.3. Network Optimization

Existing IoT management architectures mainly manage a single device or group of devices, but fail to optimize at the system level of the IoT. Owing to continuous data collection from the physical network, the global perspective of the zero-touch management structure can provide numerous intelligent functions. Through the intelligent algorithm integrated into the twin control layer, the data can be transformed into new insights into the system, thus enabling the network operations to include resource allocation, network diagnosis, and predictive analysis, as well as realizing the self-optimization, self-monitoring, and self-improvement of the IoT network.

Resource allocation: The purpose of resource allocation is to achieve efficient operation of the IoT. The tasks implemented in the IoT mainly consume computing resources and communication resources, which are used to process the collected data of the IoT and transmit the data to the gateway. Computational resources refer to the ability to process data and are usually measured in CPU cycles/s. The data collected by the terminal device is processed either locally or on the edge server, and the latter requires communication resources, which are usually expressed in terms of the communication bandwidth (Hz). The more computing resources are allocated to a task, the less computing time is required. Similarly, the more communication resources allocated to a task, the less communication time needed. Computing resources and communication resources are limited in the IoT edge network, and inappropriate resource allocation will lead to the degradation of the quality of service provided by the IoT. By writing the computing resources of the terminal device, the communication bandwidth of the gateway device, and the computing resources of the edge server into the data attributes of the corresponding device twin, the DT has global information of the edge network and therefore provides a centralized control platform for the resource allocation task.

The resource allocation problem is modeled as follows: There are M terminal devices in the IoT edge network and each device executes a task, which is represented by the required amount of data and amount of calculation. Each terminal device has a certain amount of computing power, so it can choose to complete the task locally, which will lead to a reduction in the required communication bandwidth but an increase in computing time. The edge server has more computing power, so tasks can also be offloaded to edge servers for processing, which will consume the communication bandwidth and computing power of edge servers. The goal of resource allocation is to minimize the sum of the latency of all tasks.

The DT has all the above information, including the computing power of each terminal device, the amount of data and amount of calculation required for each task, the computing resources possessed by the edge servers, and the total communication bandwidth in the environment. Therefore, the problem of resource allocation can be considered from a global perspective. Through appropriate task offloading decisions, bandwidth resource allocation, and edge server computing resource allocation, which generally need to be completed in combination with heuristic algorithms or reinforcement learning, the total delay of all IoT tasks can be reduced.

Network diagnosis: The purpose of network diagnosis is to realize the safe and stable operation of the IoT. A large number of IoT terminal devices are scattered in different locations and run independently, which increases the possibility of network failure. Meanwhile, the IoT increases the attack surface of the network, while realizing the interconnection of everything. Every terminal device may become an attack point for hackers.

Considering the case of anomaly detection based on observations from terminal devices, it is difficult to detect anomalies by analyzing a single device observation. The DT achieves a higher detection accuracy by enriching the observation information. On the one hand, the DT provides context information for the isolated observations of individual terminal devices according to the network topology, which can be combined with graph neural network methods to improve the detection accuracy. On the other hand, the DT can also provide historical information about device observations on a time scale that can be used to implement time series anomaly detection.

Predictive analytics: The purpose of predictive analytics is to calculate and predict the operational status of the IoT, which can reveal possible problems in the system. DT provides predictive analysis using two methods.

The first method needs to be used in combination with the simulation software. DT captures the status information of the real-time network and stores it in a standardized form. This helps to realize rapid virtualization and parameter configuration in the simulation software, preset the environment information, conduct hypothesis analysis, and modify the network configuration according to the insights obtained in the simulation software. The second method requires big data analysis algorithms. DT stores the IoT life cycle data in the database, which can be used to predict future status based on historical trends.

The DT-based zero-touch management architecture can provide intelligent functions for the network, help the IoT to operate in a more energy-efficient, effective, and secure way, and optimize the network at the system level. In fact, the realization of the above network optimization function requires the support of a series of algorithms and software, which will be the focus of the next work. The network twin proposed in this paper provides a basic information model, which realizes a concise and efficient digital representation of the IoT and supports the implementation of other functions.

5. A Smart Home Instance

In this section, a device management instance using the zero-touch management architecture in a smart home scenario is presented, to verify the feasibility of the proposed management scheme.

5.1. Twin Modeling for a Smart Home

A smart home scenario with multiple IoT terminal devices and an IoT gateway in the environment is considered. The terminal devices in the smart home environment involve multiple types of sensors, smart cameras, smartphones, smart appliances, etc. The sensors are connected to the gateway through the ZigBee protocol, and other devices are connected through WiFi. The IoT gateway contains multiple communication interfaces. It encapsulates different formats of communication data and provides a protocol conversion function. In addition, the gateway has certain computing and storage capabilities and plays the role of an edge server.

In the Neo4j graph database, the entity nodes are first created based on the ontology model, to represent a single device, and then the connection relationship between entities is created according to the actual network topology. In this way, the network twin representing a smart home scenario is obtained, as shown in Figure 6.

5.2. Automatic Implementation of Device Management

This section takes the device access function and the remote monitoring function as examples, to show how the network twin can facilitate network automation.

5.2.1. Device Access

Taking an intelligent lamp in the smart home IoT environment as an example, the configuration information of the device is shown in

Table 1. Configuration information of the intelligent lamp.

LABLE	VALUE
Device class	Actuator
Device name	intelligent lamp
Device ID	F5A2D7AB3F16Ct
Manufacturer	Xiaomi
Device model	Mijia1S
Firmware version	1.2.11
Owner	Bob
Access list	Bob
Working condition	On
Protocol	Wifi6
Location	(1,4)
Storage location	D:\iot\intelligent lamp
Task class	Control task
Task name	illumination
Task description	adjust the brightness
Required communication	5bps
Required calculation	0

.

The administrator first creates the device twin of the intelligent lamp according to the device access intention. The intelligent lamp performs the task of lighting, so the device node named “intelligent lamp” and the task node named “lighting” are first created. These two nodes are connected by the relationship of “hasExecution”, and the node attribute value is set according to the ontology template. The above process is automated by executing the Cypher script in Figure 13.

Then, the intelligent lamp connects to the home gateway for the first time and sends its device ID. By querying the corresponding attribute value of the device twin, it can be proven that a digital copy of the device already exists, and the device can communicate with the gateway normally, as shown in Figure 14.

Finally, according to the network topology, the device twin is connected to the network twin to complete the function of device network access. The updated network twin is presented in Figure 15.

5.2.2. Remote Monitoring

Taking the user Alice on the Internet applying for remote monitoring of the status information of a temperature sensor as an example. The user needs to apply to the device owner for access; then, the user name is written into the access_list attribute of the device twin, to grant the user access permission to the device. The device permission setting operation is illustrated in Figure 16.

Alice, with the access right, can initiate a remote monitoring request and perform a query operation in the knowledge graph. The query result indicates that the sensor status information is sent to the user, as shown in Figure 17.

In the zero-touch management architecture, a large amount of work in device management tasks is simplified, to operate the network twin represented by a knowledge graph, such as adding, deleting, querying, and modifying nodes. These operations can be automated by Cypher scripts, thus greatly reducing the manual operations required for management and the possibility of manual configuration errors.

6. Conclusions and Future Work

The current IoT management systems have a low degree of automation and it is difficult to deal with massive device access. To solve these problems, this paper proposes a digital twin-based zero-touch management method for the IoT. First, twin modeling is conducted for the IoT, and an ontology and a knowledge graph are used to map network elements in the digital space. Then, referring to the architecture of the zero-touch network, a zero-touch management architecture suitable for the IoT is established, which combines the network status information provided by the digital twin and the management requirements provided by users’ intentions, to automate the network management. Finally, for the specific tasks in the management of the IoT, this paper proposes an automatic solution under the zero-touch management architecture, and the effectiveness of the solution for device management tasks is demonstrated through an example.

The work in this paper should be regarded as part of the DT. The proposed management method mainly aims at the management of IoT devices. In terms of network optimization, only a few reference schemes are proposed. Network optimization is an additional function brought by DT, and the specific implementation is the key to realizing these optimization functions. In the future, it will be necessary to design appropriate algorithms to solve specific network optimization problems, and this will be the focus of the next step.