5G Deployment Models and Configuration Choices for Industrial Cyber-Physical Systems – A State of Art Overview

The digital transformation of Industry 4.0 is driven by the automation of manufacturing processes. In this context, communication plays a vital role and the emergence of 5G wireless technology brings the promise of connectivity scenarios like the industrial Internet of Things and industrial cyber-physical systems. However, there are still several aspects to consider on how to employ 5G in practical industrial environments such that the highly demanding communication requirements of the use cases can be fulfilled. This article aims to review the essential enabling technologies of 5G and analyze real-world industrial use cases, with respect to available deployment options. While the article focuses primarily on 5G non-public network variants, the potential of network slicing, multi-access edge computing infrastructure, and 5G integration with time-sensitive networking and open platform communications unified architecture is also examined. A critical analysis of available results suggests that these technologies can effectively facilitate ubiquitous wireless industrial communication, despite the stringent needs of industrial applications, including support of different quality of service levels and security requirements. Furthermore, an evaluation of different 5G network deployment options with relevant example use cases is carried out. Lastly, an analysis of available real-world 5G deployments for industrial applications is presented. The article concludes by identifying challenges and open research questions that need further investigation in improving 5G capabilities for industrial networks.

Abstract-The digital transformation of Industry 4.0 is driven by the automation of manufacturing processes.In this context, communication plays a vital role and the emergence of 5G wireless technology brings the promise of connectivity scenarios like the industrial Internet of Things and industrial cyber-physical systems.However, there are still several aspects to consider on how to employ 5G in practical industrial environments such that the highly demanding communication requirements of the use cases can be fulfilled.This article aims to review the essential enabling technologies of 5G and analyze real-world industrial use cases, with respect to available deployment options.While the article focuses primarily on 5G nonpublic network variants, the potential of network slicing, multi-access edge computing infrastructure, and 5G integration with time-sensitive networking and open platform communications unified architecture is also examined.A critical analysis of available results suggests that these technologies can effectively facilitate ubiquitous wireless industrial communication, despite the stringent needs of industrial applications, including support of different quality of service levels and security requirements.Furthermore, an evaluation of different 5G network deployment options with relevant example use cases is carried out.Lastly, an analysis of available real-world 5G deployments for industrial applications is presented.The article concludes by identifying challenges and open research questions that need further investigation in improving 5G capabilities for industrial networks.Raheeb Muzaffar and Mahin Ahmed are with Silicon Austria Labs, 4040 Linz, Austria (e-mail: raheeb.muzaffar@silicon-austria.com; mahin.ahmed@silicon-austria.com).
Thilo Sauter is with the Institute of Computer Technology, TU Wien, 1040 Vienna, Austria, and also with the Department of Integrated Sensor Systems, University of Continuing Education Krems, 3500 Wiener Neustadt, Austria (e-mail: sauter@ict.tuwien.ac.at).
Hans-Peter Bernhard is with Silicon Austria Labs, 4040 Linz, Austria, and also with Institute of Communications and RF-Systems, Johannes Kepler University, 4040 Linz, Austria (e-mail: h.p.bernhard@ieee.org).
Digital Object Identifier

I. INTRODUCTION AND BACKGROUND
T HE industry is currently undergoing a significant trans- formation, regardless of whether one embraces the muchhyped "industry 4.0 (I4.0)" mantra.There are multiple trends that deserve attention.One such trend is the growing connectivity, both within companies' production systems and along Fig. 1.Industrial information/operational technology ecosystem showing trends towards cloud-based systems and horizontal integration along the value chain (adapted from [5]).5G can support diverse communication requirements of OT applications, not limited to mobile devices.
the value chain, as depicted in Fig. 1.This includes connectivity between and among goods, enabling communication capabilities during production and after-sales.This trend is closely related to the ever-increasing volume of data being collected and processed across different levels of industrial systems.
Another noticeable trend is the shift in the industrial information technology (IT) systems's hard-and software infrastructure, moving away from the traditional rigid server-based framework to cloud-based solutions.This transition allows for greater flexibility in terms of underlying computer systems, software tool hosting, and software framework scalability.It encompasses a range of options, from a local cloud near the shop floor to company-owned IT cloud or a remotely hosted software-as-a-service solution.These changes align with concepts like the internet-of-things (IoT) or cyber-physical systems (CPS) [1], [2], [3].Consequently, the traditional automation pyramid, which is still reflected in contemporary automation models and reference architectures [4], is becoming increasingly blurred.
Proper communication systems play a crucial role in supporting these trends.Particularly, ubiquitous connectivity is required.Current shop floor networks, often referred to as operational technology (OT), have traditionally relied on wired connections for real-time performance and reliability.However, these networks are necessarily limited in spatial extension, number of devices, and flexibility.Wireless communications could offer increased flexibility and support for mobile devices, but its adoption has been limited due to concerns about latency and reliability.As shown in Fig. 1, the OT domain in practical settings typically consists of a variety of networks tailored to specific requirements such as safety, real-time performance, or mobile connectivity.
To reduce the heterogeneity of OT networks and to support the Industry 4.0 trends, 5G mobile networks are a much-debated option [5].Although the true impact of 5G was still uncertain in 2018 [13], its visibility and perception within the industry have increased significantly in recent years.Several interest groups such as the 5G alliance for connected industries and automation (5G-ACIA) and alliance for Internet of Things innovation (AIOTI), have been founded to explore the potential of the technology [14].In the context of industrial automation, 5G aims to provide support for diverse communication requirements of OT applications.To achieve this, so-called verticals have been defined that represent systems of end-user entities belonging to a particular application domain.These verticals utilize the end-toend communication services offered by the underlying 5G network, which are tailored to meet the specific user requirements of the application area.For industrial automation, the factories of the future vertical [15] define requirements such as guaranteed latencies below 5 ms, reliability, and device densities of up to 100 devices/m 2 as the key performance targets.These targets are notably ambitious compared to current mobile communication standards, but if realized, they would serve as a solid foundation for meeting the industrial automation requirements.
It must be highlighted that an analysis of different 5G deployment opportunities for the industrial domains is one of the main concerns.It requires a careful evaluation that not only is limited to the technical aspects but also its feasibility and effectiveness for the application at hand.Indeed, industrial needs are so peculiar that efforts have been made in the recent past to overcome the usual, auction-based, approach for frequency assignment in favor of dedicated allocation (as already done in Germany), promoting companies to embrace private 5G networks.In particular, different deployment opportunities lead to different results regarding the fulfillment of industrial communication needs, service customization, and integration with legacy and already-in-place (wireless and wired) networks.
The goal of this article is to provide a survey of the current state of play in the development of 5G with a particular view on its applicability in industrial automation.5G offers the necessary flexibility to cater to a wide range of Industry 4.0 applications.This includes the ability to adapt and configure the system in various ways such as the configuration of network slices with varying quality of service (QoS).Additionally, 5G supports multiple deployment options to provide the best possible applicability of the system.The 5G campus network and its variants is a recent development in cellular systems that allow more flexibility for industrial networks.
In the literature, there is a growing interest in 5G non public network (NPN) deployment and operational models [9], [10], [11], [16], communication challenges and opportunities [8], [17], and corresponding industrial automation use cases and requirements [18], [19].Additionally, the business perspective on private networks, manufacturing use cases, spectrum opportunities, and characteristics of the 5G deployment models are studied in [7], [20].These models are further analyzed in [9], [11] with the conclusion that each model is associated with its benefits and costs and cannot be generalized for all usage scenarios.5G evolving technologies to serve challenging industrial services are also discussed in [6], [10].However, the existing literature provides only an abstract viewpoint on 5G deployments and does not evaluate 5G deployment for realworld industrial use cases.Moreover, the available review of 5G technology development is limited to 3GPP release-16.
In contrast, this article provides a comprehensive study on 5G deployment models including the cloud-native approaches.It suggests example use cases that align with each category.A qualitative analysis of these deployment models considering factors such as cost, network customization and adaptability, data ownership, reliability, availability, deterministic communication support, security, privacy, and data monitoring is also presented.Additionally, the focus is placed on the main enablers, such as network slicing, multi-access edge computing (MEC), time-sensitive networking (TSN), open platform communications unified architecture (OPC UA), and QoS provisioning.These enablers are discussed in accordance with the state-ofthe-art design trends according to 3GPP release-16, 17, and 18 that support I4.0 use cases and their stringent communication requirements.The article also reviews 5G security concepts aligned with the 5G private networks and analyzes real-world 5G deployments for I4.0 use cases.Lastly, the article highlights current challenges that require attention for the rollout of the 5G system to the manufacturing industry and future industrial use cases.A summary of the major contributions of related literature and the article in hand is presented in Table I.
The remainder of the article is structured as follows: Section II gives an overview of the classification of industrial applications and 5G technologies as an enabler for industrial communication.Section III presents various 5G network deployment choices.Section IV describes MEC as an elastic computing infrastructure for factories of the future.Section V provides an overview of 5G support for industrial networks through integration with TSN and OPC UA along with 5G QoS support for communication.Section VI discusses 5G security concepts with the adaption to factory communication.Section VII provides an evaluation of different 5G campus network deployment options with corresponding example use cases.Section VIII analyzes real-world 5G deployment results for industrial scenarios.Section IX lists some of the deployment and operational challenges for industrial networks.Finally, in Section X we emphasize the most important results to conclude the article.

II. INDUSTRIAL APPLICATIONS AND 5G
Industrial (automation) applications are very heterogeneous and pose very diverse requirements to communication systems (IEC/IEEE 60802).This resulted in the adoption of a plethora of technologies, each one trying to solve the needs of a well-defined, limited scenario.Although 5G started off primarily as a generic mobile communication technology, its possible adoption as a sort of "universal" solution substituting all the industrial (wireless) communication technologies that emerged from the very beginning.However, these requirements can be particularly demanding and must be carefully analyzed.

A. Industrial Applications Classification
An important distinction that helps in determining the optimal industrial communication technology is between process and Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.

TABLE I SUMMARY OF RELATED LITERATURE ON 5G DEPLOYMENTS FOR INDUSTRIAL NETWORKS
factory automation.The process industry is normally associated with continuous and batch processes, e.g., the production of oil, gas, pulp, and article.Conversely, factory automation is usually dominated by manufacturing processes that occur in discrete steps, like those involved in assembling a product made of many different parts.
Correct operation of both types of automation systems commonly requires the availability of deterministic communication, where the data exchange is often seen as a set of real-time tasks with associated deadlines with only a very low superimposed jitter.Nonetheless, timing requirements can vary largely between the two scenarios, ranging across several orders of magnitude.Extreme motion control applications with cycle times of tens of microseconds can be found, while most process automation systems typically have cycle times in the order of tens or hundreds of milliseconds.Clearly, such different requirements greatly affect the wireless network characteristics and topology.Most of the discrete automation applications occur within working islands (e.g., consecutive robotic production cells, each with a volume of about 30 m 3 ).Consequently, the star topology is considered to be an optimal trade-off between low-latency and low-power consumption needs.On the contrary, process plants may occupy very large areas up to some square kilometers, and (partially connected) mesh topologies are usually adopted as a trade-off among low power consumption, area coverage, network availability, and reliability.A resume of these very different requirements is provided in Table II.
For the sake of completeness, other vertical applications that can be devised within the industrial domain include: r human-machine interfacess (HMIs), i.e., all the compo- nents adopted by operators to access the production facilities.
r Logistics and warehousing; the former term addresses all the activities and devices needed to manage and control the in-plant logistic aspects of industrial production, from asset tracking to automated guided vehicle supervision; the latter refers to the storage of materials and goods from different plants.
r Monitoring and maintenance, where information flow is essentially from the field level towards cloud-based applications for feeding predictive maintenance tools and Big Data analytics.The latest releases of mobile networks technical specifications explicitly address all the aforementioned peculiarities of Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.[21] industrial communications.Indeed, requirements of many "challenging class of vertical applications, namely cyber-physical control applications, which require very high levels of communication service availability, and some of them also require very low end-to-end latencies" have been considered in normative documents of 5G systems, as in [22].

B. 5G Technologies as an Enabler for Future Industrial Communications
Wireless communication solutions are particularly attractive because of the advantages they offer, including enhanced flexibility and scalability, reduction of installation and maintenance costs, as well as native support for mobility.For all of these reasons, they are expected to be fundamental enablers of future (industrial) communication solutions.However, real-world industrial plants today still mainly adopt wired technologies to satisfy stringent needs for reliability, low latency, and timeliness.The use of wireless networks is mostly limited to niches where the use of wires is not possible, or certain monitoring or simple control applications, where the human operators are in the loop.
However, the availability of 5G cellular/mobile networks promises to change the landscape of industrial networking, since some of 5G design requirements match industrial (control) applications needs.In particular, some vertical domains have been identified in order to realistically offer a unified wireless interface [23].Three main service categories exist: i) enhanced mobile broadband (eMBB), with a peak data rate of up to 10 Gbit/s, ii) massive machine type communication (mMTC), targeting connection density of up to 100 nodes/m 2 , and iii) ultrareliable low latency communication (uRLLC), offering a 1 ms user plane latency with > 99.999% reliability.The 5G new radio (NR) supports operation under two frequency ranges, namely sub-6 GHz (450 MHz-6 GHz) and millimeter wave (mm-wave) (24.25 GHz -52.6 GHz) [24].Obviously, the obtainable performance is greatly affected by the operating frequency range: On the one hand, the bandwidth supported by the mm-wave range is at least ten times higher compared to sub-6 GHz.On the other hand, the communication range is limited to around 100 m due to the mm-wave propagation attenuation property in air [25].The cell size with mm-wave is thus reduced, requiring an increased base station (BS) density [26].
For typical industrial real-time applications, the 5G uRLLC service is the most relevant.A uRLLC transmission can also interrupt a current eMBB transmission in the downlink (DL).The DL is the transmission from the 5G gNodeB (gNB) to the user equipment (UE) (Fig. 2), and the reverse holds for the uplink (UL).Such a transmission capability facilitates very low latency for critical data and is referred to as mini-slot [24].This instant scheduling capability of the NR in the form of mini-slots enables to achieve 1 ms time-to-transmit latency.On the UL, the UE uses pre-configured parameters through the radio resource control (RRC) signaling for periodic grant free (GF) uRLLC transmission.The delay overhead of the regular hand-shaking procedure is avoided through GF UL transmission.Once the UE transmits a uRLLC data packet to the gNB, successful reception of the data is guaranteed through a GF re-transmission scheme.
Additionally, 5G natively provides a definite QoS for critical industrial applications and can easily support connectivity towards automated guided vehicles and mobile robots, which are gaining increased interest for fully automated plants.Moreover, positioning support in 3GPP release-16 is introduced through a new radio positioning protocol A (NRPPa) with the purpose to allow the exchange of signaling information between the RAN and the location management function at the core network [28].In industrial environments, positioning is needed for asset tracking, robotics, and logistics.However, mm-wave operating range should permit better accuracy in the cm range (with a latency in the order of < 15 ms [29]).
5G technology is expected to bring significant advancements to industrial automation due to several enabling features including high-speed wireless connectivity, enhanced mobility, and low-latency communication.Specifically, the advancements made on campus network deployments (Section III), virtualization and network slicing (Section III-C), edge computing (Section IV), support for deterministic communication through TSN integration (Section V-A), and 5G integration with OPC UA to allow vendor-independent machine-to-machine communication (Section V-B) enables 5G to provide low-latency communication needed for industrial use cases.These 5G technology enablers augment in improving existing industrial automation processes.Moreover, the facility to quickly off-load data to an edge-computing system due to high-speed connectivity not only allows quick decision-making but also reduces mobile device complexity in terms of size and power consumption.While 5G brings significant advancements, the current industrial communication technologies such as industrial Ethernet protocols, fieldbuses, and legacy control systems, may continue to be used in certain applications depending upon the automation requirements and their cost-effectiveness.Finally, 5G inherits the proven-in-use security technology of previous mobile communication generations that aids in the deployment of 5G at industrial sites.Nevertheless, significant advancements in improving packet delay variations to allow real-time and low-latency communication as well as advanced security mechanisms are expected in upcoming 3GPP releases to support future industrial demands.

III. DEPLOYMENT OPTIONS
5G was first introduced in 3GPP release-15.To allow early access to the new technology, the 5G NR interface was deployed in conjunction with the existing long term evolution (LTE) core and radio access network.Such a network architecture was termed as non standalone (NSA) architecture.The NSA solution enabled the use of 5G NR without the need for a complete network replacement to support higher data rates compared to LTE.Later, the 5G standalone (SA) architecture was introduced to enable the NR to connect to the 5G core network.The 5G SA core architecture allows virtualization that introduces new ways to develop, deploy, and manage its services.
The 5G SA architecture is depicted in Fig. 2, where the core network functionalities are separated into the control and user plane functions allowing capacity scaling and flexibility in the deployment topology.The control plane carries communication signaling and control traffic required for network access and resource allocation to the UE, whereas the user plane carries the data traffic.The access network includes the UE and the gNB.
The control plane comprises functions such as the access and mobility management function (AMF), session management function (SMF), and policy control function (PCF), while the user plane function (UPF) belongs to the user plane.The UPF is responsible for packet routing and forwarding, enforcing QoS policies, and facilitating efficient and secure communication between different network elements.The AMF handles connection and mobility management tasks including access authentication and authorization of the UE and manages handovers between the gNBs.The 5G system architecture contains reference points between the network elements labeled by numbers N# in Fig. 2. The N1 interface is used for transmitting non-radio signaling between the UE and the AMF to handle messages related to connection and mobility but forwards session management information to the SMF.The SMF performs the session management functions such as allocation of IP addresses to UEs, selection and control of UPF for traffic routing, and signaling of QoS and policy information to radio access network (RAN) via the AMF.The N2 interface supports control plane signaling between the access network (gNB) and the core network for UE context and protocol data unit (PDU) session/resource management procedures.The PCF provides policy rules to SMF that include QoS policy and charging control, network slicing, as well as roaming and mobility management.The network slice selection function (NSSF) role is to provide network slice information to AMF that will serve a particular UE.More details on the 5G functions can be found in 3GPP specifications [27].
The 5G core architecture relies on a service based architecture (SBA) framework that exposes the functionality of the core elements to each other.Thus diverse application scenarios can be serviced using core deployment flexibility and configuration options.Because the application requirements may vary, a different setup of the 5G network may provide preferable services.As an example, in an industrial or manufacturing environment, deployment of a NPN (isolated deployment) may be more suitable compared to other options for applications that require precision control or near real-time communication.A public network integrated NPN (PNI-NPN) requires lower deployment and maintenance costs compared to an isolated deployment.Nonetheless, an isolated deployment has advantages in terms of robustness, availability, security, data privacy, and network scalability as the resources and components can be controlled locally.
Irrespective of the deployment option, 5G network operation depends on the frequency spectrum to be used.In this regard, three options are possible for a 5G private network.These options include the licensed spectrum, unlicensed spectrum, and shared licensed spectrum [7], [9].A licensed spectrum can either be leased from a mobile network operator (MNO) for use within defined premises or can be allocated by the regulatory authorities.On the other hand, 3GPP release-16 enables NR operation in unlicensed spectrum under the 5 GHz and 6 GHz bands.uRLLC configured grant enhancements in unlicensed spectrum are supported in release-17, while additional supporting features are also expected in release-18 [30], [31].A shared licensed spectrum is the means of coordinated and dynamic access of the licensed spectrum subject to meeting a set of regulations.Examples of the shared licensed spectrum include the 3.7-3.8GHz band in Germany and the 3.8-4.2GHz band in the United Kingdom [7].
In the following, we present various 5G network deployment options and their characteristics as presented in Fig. 3.Note Fig. 3. 5G non public network deployment options adapted from [11], [16].A detailed 5G system component architecture is presented in Fig. 2. The network components and interfaces for campus network deployment are shown in blue whereby the public network components and interfaces are shown in orange.
that for each deployment option, the control and user plane separation is depicted in Fig. 2 with its functionality details.The advantage of the 5G SA architecture also lies in the flexibility of the deployment option.Moreover, in each deployment option, the possibility to include MEC facility is open.The 5G MEC configuration is further discussed in Section IV.

A. Isolated Deployment
An isolated deployment -also denoted with aliases such as private network and campus network -is formally known as NPN according to the 3GPP specifications [27].A NPN could either be a SA NPN or PNI-NPN.PNI-NPN versions are further discussed in Section III-B.
A SA NPN is a private deployment of a 5G system (5GS) including the RAN and the core network elements where access to the network infrastructure is exclusive to authorized devices (Fig. 3 a).An SA NPN is identified by a combination of public land mobile network (PLMN) ID and network identifier (NID).One advantage of such a deployment is data security due to its physical separation from the public network.Also due to the proximity of the application server, minimal network delays between the devices are experienced, allowing better support for uRLLC service.However, such a network deployment does not support roaming between other SA NPNs.Similarly, interactions such as handovers between SA NPNs, PNI-NPNs, and PLMNs are not supported [27].The end devices, though, can still have a dual subscription to access services from a PLMN [16].Additionally, a connection between the SA NPNs and PLMN can optionally be set up via a firewall.
The SA NPN enhancements for neutral host deployment are further provided in release-17 where a UE subscribed to a PLMN Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
or another SA NPN can be configured in access mode to operate with a given SA NPN.The support of neutral hosts is provided by the SA NPN by broadcasting an indication that the registration attempts from UEs that are not explicitly configured with the current SA NPN are allowed.Furthermore, a UE may have multiple SA NPN subscriptions but the order in which the UE should attempt for registration with a SA NPN is undefined and implementation dependent.Moreover, emergency services are supported in SA NPN access mode.
A SA NPN remains exclusive to an organization such as an industrial site (e.g., a warehouse or a production plant) enabling dedicated coverage, network control, and customized service availability [7].The number of BSs can also be scaled according to the capacity and coverage requirements.Moreover, connectivity with MEC system for computing and storage purposes can also be provisioned [32].An SA NPN can be deployed in various ways, including a cloud-native approach where the control plane, user plane, and edge computation services are hosted in the cloud (Fig. 3(b)).Such a deployment option is appropriate for small enterprises offering reduced capital and operational costs.Although it is valid for both multi-site and single-site scenarios, it is more suitable for connecting an enterprise having multiple locations.However, it may not be suitable for enterprises requiring high data privacy, as enterprise traffic leaves the premises in a cloud-native approach.

B. Public Network Integrated NPN
The PNI-NPN deployment options combine parts of the public cellular network to locally installed elements of a private network.In a PNI-NPN, a closed access group (CAG) may optionally be created to allow network access to authorized UEs.This helps in avoiding overload of network resources by restricting network access to authorized UEs only (3GPP TS 22.261).A CAG cell identified by a CAG ID is unique within a PLMN.A PLMN is identified by a PLMN ID.A CAG cell may have one or multiple CAG identifiers per PLMN whereby a UE can gain access to a CAG cell if it is configured with a list of allowed CAG identifiers.
In the following, we present PNI-NPN deployment options that share public network resources.
1) Shared Access Network: One deployment option for a PNI-NPN is to share the RAN deployed for a public network with the NPN core network as suggested in 3GPP TS 23.251 (Fig. 3(c)).In such a deployment, despite shared use of the RAN, all data flows of the NPN remain segregated within the perimeters of the premises, e.g., at an industrial site [7], [16].This is because the UEs belonging to PNI-NPN and those belonging to PLMN deliver data traffic to their respective UPFs.However, an agreement with a public network counterpart is required on RAN sharing.Despite shared use of the RAN, it is difficult to compromise the data security of the private network at the RAN level.Also, uRLLC can still be achieved due to low communication delay between the UEs, RAN, UPF, and MEC.
2) Shared Access Network and Control Plane: The shared access network and control plane PNI-NPN deployment option share the RAN with a public network, while the control plane network functions are completely handled using the public infrastructure, e.g., of a MNO [7], [11], [16] (Fig. 3(d)).However, a private and dedicated user plane along with the MEC can be part of the private network.The UPF and MEC are thus physically separated and placed in the private campus, while the 5G core functions are logically separated and shared.Due to this physical separation of the UPF and MEC, NPN traffic flows remain within the logical perimeters of the premises allowing uRLLC for industrial use cases.However, the NPN devices remain subscribers of the public network by definition.The segregation of the traffic from a public network and NPNs can be configured by means of defining network slices.Alternatively, the 3GPP defined access point name (APN) feature can be used to configure this deployment scenario [16].An APN comprises a data network identifier and an operator identifier.The data network identifier specifies the gateway to connect while the operator identifier specifies the MNO with which the gateway is associated.An APN configuration for this scenario also allows identifying and separating NPN traffic from public network traffic.
3) Hosted by the Public Network Operator: A NPN can also entirely be hosted by a public network operator [7], [11], [16] (Fig. 3(e)).In this scenario, NPN traffic no longer remains within the logical perimeters but is routed towards the PLMN via the shared RAN.The separation of the traffic from NPN and public devices can be enforced through network slicing configured and defined by the MNO.Similar to the shared access network and control plane PNI-NPN, an APN can also be defined for this deployment option [16].
Another variant of this deployment could be a cloud-native approach where the enterprise customers share the RAN deployed for a public network, however, the control plane, user plane, and edge services can be deployed in a cloud separated from the traditional MNO premises (Fig. 3(f)).Such deployment would keep traffic segregation between public and non-public networks, although solutions based on APN or network slicing can be applied to support multiple private customers.

C. Network Slicing
Network slicing entails the programmable provisioning of virtualized networks.It provides high flexibility and modularity to the network functions by logically isolating the network to support diverse application requirements.Since the 5G system promises support for eMBB, mMTC, and uRLLC service categories, network provisioning for applications with conflicting communication demands is required.Network slicing is an effective technique to provision the network according to the communication demands even for one service category such as uRLLC.Network slicing efficiently utilizes the network resources that also bring economic benefits [33].software-defined networking (SDN) and network function virtualization (NFV) are the key enabling technologies to realize network slicing [34].SDN in 5G systems allows the physical separation between the control plane functions and the user plane function whereby NFV enables dynamic resource allocation and scalability of these functions to meet the service demands [35].A network slice may span across multiple domains of the network including the core network, transport network, distributed edge infrastructure, and the RAN [36] (Fig. 4).The purpose of configuring a network slice is to provide customized functionalities needed to support the requirements of specific use cases.These requirements may also change and accordingly be managed and orchestrated.The 5G network functions specific to network slicing include NSSF, network slice specific authentication and authorization function (NSSAAF), and the recently introduced network slice access control function (NSACF) in release-17.The NSSF exposes its services to AMF or another NSSF (in case of roaming) by informing the appropriate AMF defined to serve the UE that is requesting registration to the network.The UE registration request message includes a list of network slice selection assistance informations (NSSAIs) it wants to use for connectivity.If the network supports the requested NSSAI, a PDU session is established for a particular single NSSAI (S-NSSAI).The NSSAAF performs S-NSSAI specific authentication and authorization for a given UE while the NSACF is responsible for performing admission control on the allowed number of UE to the S-NSSAI.
Network slicing is not limited to PLMN but can also be configured for SA NPN.In the context of digitization and connectivity for smart factories, network slicing enables high flexibility and better QoS support since multiple industrial applications can be serviced simultaneously.However, industrial use cases may have stringent communication demands such as highly accurate localization services for which optimized slice management and orchestration may be needed [37].This optimization can potentially be achieved through incorporating artificial intelligence (AI)/machine learning (ML)-based approaches to network slicing for their intelligent management, configuration, and optimization [37], [38].

IV. MULTI-ACCESS EDGE COMPUTING
MEC is also an enabler to support uRLLC.Here, edge computing should not be confused with edge devices in the IoT that can perform computing and storage operations as a local service.In the context of 5G, MEC (also known as distributed edge computing) provides computing and storage resources close to the end-user allowing low-latency communication through local processing, real-time interaction, and high data exchange rates [39].As an example, a high number of sensors and devices participating in an industrial process may generate a large amount of data.These sensors and devices may not have enough processing capabilities and require data offloading at an edge for computation and coordination.The edge computing devices not only deliver results quickly but also help in achieving low-latency local communication and avoid overloading public networks [40].MEC can also be used for location awareness of mobile users by utilizing their signaling information.Similarly, it can be used for network optimization by utilizing knowledge of network conditions and contextual information [41].The upcoming CPS applications including augmented reality and collaborative CPS among others will include edge computing in different forms (customized to the specific needs and limitations of the relevant domains), ranging from the device edge to the network edge [42].The industrial CPSs will greatly benefit from the integration of MEC by offloading data from CPS devices to the edge for processing instead of sending it to remote clouds.It offers benefits including reduced latency for realtime responsiveness, optimized bandwidth usage by transmitting only relevant data, improved scalability through distributed computing, enhanced privacy and security by keeping sensitive data local, energy efficiency by minimizing data transmission, and offline operation when connectivity is limited.Overall, MEC enables efficient data processing, real-time decisionmaking, and enhanced system performance and reliability in CPS.
The European telecommunications standards institute (ETSI) industry specification group (ISG) has published a set of MEC specifications that focus on management and orchestration, application enablement, application programming interfaces (APIs), and UE API in ETSI GS MEC 003 [43].Accordingly, MEC can be placed in or close to the network edge which runs applications using a virtualized infrastructure while the APIs facilitate in running these applications and ensure service continuity.The 3GPP 5G system architecture also specifies support for MEC integration through the exposure of 5G core network information and capabilities to external consumers [27], [43]   enablers.These enablers may include connectivity support to a local area data network, user plane (re)selection to influence the application traffic routing decisions, session and service continuity to provision application and device mobility, and interaction for QoS control and charging rules [27].
The 5G SBA for network functions and services align with ETSI API framework for MEC enabling them to interact for their services reciprocally [32].This is further illustrated in Fig. 5 which presents the MEC architecture integrated with the 5GS as per the 3GPP specifications.The 5GS enables the use of edge hosting environment (EHE) in the data network (DN) beyond the UPF, which can be controlled by either the operator or third-party entities.The EHE holds the edge servers i.e., the edge enabler server (EES), the edge application server (EAS), and the edge configuration server (ECS).The EES provides functionalities like interaction with the 5G core network for accessing the capabilities of network functions to support the EASs and edge enabler client (EEC).The EAS is the application server to which the MEC application connects to avail services and benefit from edge computing.The ECS provides supporting functions to the EEC for connecting to the EES.The edge servers connect with the 5G core network either directly via the PCF or indirectly via the network exposure function (NEF).On the 5G core network side, the edge application server discovery function (EASDF) registers with the network repository function (NRF) for EASDF discovery and selection.The EASDF has direct user plane connectivity with the UPF using the N6 interface.On the UE side, the EEC supports the application client by providing functionalities like detecting UE mobility, retrieving configuration information for the exchange of data, and discovery of EASs.The reference points Edge-1 to Edge-8 are used for the interaction between different entities in the MEC architecture.
Once an end device (UE) is registered with the 5GS and a PDU session is established, available MEC applications from the user application lifecycle management proxy using the Mx2 interface can be discovered.The procedures resulting from the requests generated by the UE API get routed via the operations support system towards the MEC system-level management.A UE can then send an application instantiation to the MEC host if the desired application package is enabled at the MEC orchestrator.
The deployment of MEC is a challenging task requiring the analysis of different operational, performance, and/or security aspects impacting the QoS of the IoT system.MEC deployment options for 5GS are presented in the ETSI white articles [32], [41], and [44].A proof-of-concept demonstration of ETSI-complaint MEC deployment is presented in [45].For the optimal performance of MEC, it is not only important to identify the edge gateway and the host devices but also to identify where each service needs to be deployed.Similarly, the deployment and management of networked resources are equally important to investigate.Correct deployment of MEC services and networked resources ensures flexibility, reduced processing burden on MEC servers, and optimized computation offloading.Different MEC service deployment frameworks are presented in [46], [47], [48].The management and deployment of networked resources is a complex task given the distributed nature of the resources.Reinforcement learning and Lyapunov optimization techniques [49], [50], [51] are used for resource management in MEC to meet the QoS requirements.Further evaluations can help analyze and optimize the management of network resources.Different strategies and tools used in the literature for MEC practical implementations and its initiatives are discussed in [52] with regard to the ETSI MEC standard.
Machine learning algorithms can be deployed on the edge instead of the cloud to support applications like Tactile Internet, monitoring and maintenance, and anomaly detection [53], [54].Such a capability is referred to as edge intelligence.The computationally heavy tasks like prediction, estimation, classification, and alike can be offloaded from the IoT devices to the edge server.The edge server being closer to the edge devices enables low end-to-end delay, reduced energy consumption, and high learning/inference accuracy [55], [56].The concept of multi-service edge intelligence is also introduced recently to enable real-time control over wireless medium (i.e., 5GS) [57].It requires a strong coupling of the wireless edge with edge computing and ML techniques aimed at ensuring reliability even in the presence of wireless inconsistencies.Similarly, pervasive edge computing (PEC) for 5GS and beyond systems has been discussed with a focus to achieve low latency for delay-intolerant applications [58].PEC presents a highly relevant and crucial deployment approach for industrial communication networks, particularly given the emerging trend of incorporating local operations and flexible management in private industrial 5G networks.

V. 5G SUPPORT FOR INDUSTRIAL NETWORKS
In this section, we focus on 5G integration with TSN and OPC UA to support communication for industrial networks.Moreover, we discuss 5G QoS support for communication.

A. 5G-TSN Integration
Industrial applications not only desire reliable and low latency transmission but also deterministic communication with defined QoS.The IEEE 802.1 task group is working towards standardization of TSN to fulfill the requirements of industrial communication [59].Although TSN standardization is focused on wired networks such as the local area network, 3GPP release-18 provides support for 5G integration with TSN along with enablers for time-sensitive communications and time synchronization [27], [60].
5G-TSN integration is supported for the fully centralized TSN configuration model (IEEE 802.1Qcc).The 5GS integrates with the TSN domain as a TSN logical bridge without exposing its core and access network procedures (see Fig. 6).This integration is achieved through TSN translator (TT) functionalities that facilitate communication between the TSN domain and 5G system [27], [61], [62], [63].These functionalities include the network side TSN translator (NW-TT) and the device side TSN translator (DS-TT).On the control plane, the TSN-AF interacts with the centralized network configuration (CNC) for control and management procedures and to influence traffic routing in the user plane.On the user plane, NW-TT, located at the UPF, interacts with the TSN domain while the DS-TT, located at the UE, interacts with the end stations to enable wireless TSN for industrial devices.
To support time synchronization (IEEE 802.1AS), the 3GPP release-18 specifies the distribution of timing information via the 5G internal system clock (boundary clock solution) or the use of TSN grandmaster (GM) clock and time-stamping mechanism through generic precision time protocol (gPTP) messages (transparent clock solution).The residence time (the duration that the gPTP packet spends within the 5GS) is calculated and added to the correction field of the TSN synchronization packets.Additionally, to support timing resiliency to 5G applications sensitive to degradation in timing synchronization (examples include power grid and financial sector), release-18 (TS 22.261) provides mechanisms for 5G time resiliency.In this timing architecture, the 5G system acts as redundant or an alternative clock source to time-sensitive applications.5G supports TSN traffic shaping and scheduling with a hold and forward mechanism and TSC assistance information (TSCAI).TSCAI parameters obtained from the TSN AF via the CNC enable 5G RAN to schedule time-sensitive traffic.time-sensitive communication (TSC) defines QoS flows using delay-critical guaranteed bit rate (GBR) and 5G quality indicators (5QIs) [63].The 5G multipath transmission support ultra-reliability and enables TSN frame replication and elimination for reliability (FRER) at the cost of increased resource consumption [64].Different approaches for redundant transmission paths include redundant PDU sessions over user planes, redundant user plane paths for dual RAN connectivity, redundant UEs, redundant transmission path between RAN and UPF, and intermediate UPFs.The 5GS support for perstream filtering and policing (PSFP) depends on implementation support from TT functions on both device and network sides.The TSN AF interfaces with the CNC to obtain PSFP information, extract relevant configuration parameters, and determine traffic pattern details.This information is forwarded to the SMF via PCF for configuring 5G QoS flows.5G supports resource reservation as the TSN AF stores the binding between the DS-TT and PDU session.Port capabilities and delay information are shared with the CNC for traffic scheduling.The residence time is the same for UL and DL but may vary among UEs.The TSN AF facilitates connectivity and coordination between 5G and TSN-enabled devices.Some recent works on the implementation and analysis of different aspects of a 5G-TSN integrated network are available.In particular, an analytical and experimental analysis of IEEE 802.1AS time synchronization over wireless media, in particular over 5GS is also presented [65].The authors analyze the factors that negatively impact the performance of time synchronization over wireless along with setup challenges.The performance of IEEE 802.1AS in a 5G testbed is evaluated for an industrial closed-loop control application to enable TSN over 5GS [66].The accuracy of time synchronization in a 5G-TSN integrated network and different over-the-air timing errors related to reference time indication are investigated in [67].Apart from this, a proof-of-concept translation technique for TSN and 5GS traffic is demonstrated in the NeSTiNg simulator [68].

B. 5G-OPC UA Integration
OPC UA (IEC 62541-1) is a popular standard in industrial automation, serving SCADA, manufacturing execution systems, and enterprise resource planning [4]  The integration of 5G with OPC UA offers several benefits for industrial systems.It leverages edge computing, mobility, and security features of 5G to enable faster communication, improved scalability, mobility, flexibility, and enhanced security to industrial systems, fostering advanced applications and IoT adoption.It enhances existing infrastructure without completely replacing current systems.Legacy systems can coexist with new 5G-enabled devices, allowing a gradual transition and futureproofing industrial communication networks.
For the 5G-OPC UA integration, two different options can be considered (Fig. 7): first, an integration of OPC UA with 5GS as a logical TSN bridge and second, a direct integration of OPC UA into 5G.The OPC UA application can reside on a UE, an end station connected to a UE, or a non-UE device connected via an external network (Ethernet or WLAN).
The 3GPP release-16 describes mechanisms for the integration of TSN and its centralized configuration model with 5GS (details in Section V-A).Additionally, the integration of OPC UA publisher/subscriber (PubSub) with TSN has been discussed in the literature [69], [70].The 5GS is integrated as a logical TSN bridge, and OPC UA could interact directly with TSN, as shown in Fig. 7(a).The connection with OPC UA application is made either via the DS-TT or the NW-TT.The 5GS could furthermore interact directly with the TSN CNC.The OPC UA applications could directly report their QoS requirements to the centralized user configuration (CUC) in the TSN network to set up Ethernet PDU sessions.In this way, the OPC UA applications would not have to deal with any 5G aspects of the network.While mechanisms for 5G-TSN integration are defined in 3GPP release-16 and also in the upcoming release-17, both OPC UA and TSN are being actively standardized and cannot be considered as fully developed standards.Hence, several open questions remain for the 5G-OPC UA integration.Currently, the IEEE/IEC 60802 industrial automation TSN profile and OPC UA extensions for field eXchange (OPC UA FX) working group are working towards filling gaps for the OPC UA TSN integration.
The 5GS is also capable of meeting the requirements of industrial applications like OPC UA without TSN as a middle-ware.In this approach, the OPC UA can directly interact with the 5GS, as shown in Fig. 7(b).This integration could be made possible using the NEF as presented by the 3GPP release-16 [27], [71].The NEF exposes 5G capabilities to external services via the standardized interface D. OPC UA could additionally also define an information model for the 5G management system to support the management of the network functions.
For each of the above integration approaches, it would be highly desirable that the integration does not compromise the security aspects of both 5GS and OPC UA and allows for independent development of both standards.An example 5G-OPC UA integration architecture is presented in [72] for smart manufacturing with a feasibility study.

C. 5G QoS Support
The wide variety of industrial applications defines diverse communication requirements that rely on the QoS provisioning of the underlying communication system.The 5GS defines extensive mechanisms to support and monitor QoS to fulfill the communication requirements for diverse applications.QoS in 5G can be differentiated by defining a QoS flow profile as a set of QoS parameters.A QoS flow represents the smallest granularity of QoS differentiation (Fig. 6).The connection between a UE and the data network through the UPF is provisioned by establishing a PDU session.A PDU session may have one or more QoS flows.A QoS profile includes parameters such as the 5QI, the allocation and retention priority, the reflective QoS attribute, the guaranteed flow bit rate (GFBR), the maximum bit rate, the notification control, and the maximum packet loss rate.The 5QI is a value that identifies the set of QoS parameters [27].
The QoS flow between the UE and UPF can be characterized by 5QIs in terms of resource type, priority level, packet delay budget, packet error rate, averaging window, and maximum data burst volume.The resource types can be GBR, non-GBR, or delay critical GBR [27], [62].Averaging window represents the duration over which the GFBR and maximum flow bit rate (MFBR) are calculated.GFBR is the guaranteed bit rate to be provided to a QoS flow, while MFBR limits the highest expected bit rate for the QoS flow over an averaging window.
QoS monitoring to assist uRLLC service can be applied for packet delay measurements.The monitoring of UL and DL packet delays between the RAN and UPF can be performed on the smallest granularities such as per QoS flow per UE.

VI. ALIGNMENT WITH FACTORY COMMUNICATION SECURITY CONCEPTS
Typical for mobile networks, 5G has its own security concept designed for standalone installations (3GPP TS 33.501), but when 5G is deployed in an I4.0 factory environment, it faces an environment characterized by existing legacy wired and wireless communication systems [5].In these environments, 5G is not the only network but has to be integrated according to the deployment type and security requirements of the specific use case.In most cases, I4.0 state-of-the-art security concepts follow a defense in depth approach that has been proposed almost two decades ago [73] and is elaborated in detail in the IEC 62443 standard entitled Industrial communication networks -Network and system security.IEC 62443 assigns network segments with similar security requirements to zones.The links between zones are called conduits that are implemented vertically and in specific cases horizontally.The vertical conduits interconnect OT with IT domains or different security level (SL) domains and zones.It is common to think of conduits as wired connections that are controlled by firewalls or similar devices.There are already threat models [74], tools, and concepts covering the security requirements in OT [75], [76], [77], [78] but integrating the specific properties of and requirements for wireless industrial communication is often difficult.
Wireless industrial networks already in use today are mostly used as local wireless substitutes or extensions of Fieldbus systems.Examples are WirelessHART, ZigBee, ISA100, BLE, and many more.Also, WiFi is used in the OT domain if higher coverage and bandwidth are needed.Technologies like LoRaWAN rolled out in industrial environments have low rates but high coverage and can be used for very basic communication tasks.Security for LoRaWAN in the context of IEC 62443 and industry applications is discussed in [79], [80], [81].Generally, wireless industrial networks are far less popular compared to their wired counterparts due to limited reliability, and their usage is often restricted to niche applications.
5G is expected to overcome the limitations of existing industrial wireless solutions by providing higher QoS, broader coverage, and structured deployment.However, from a security architecture standpoint, 5G introduces new challenges.Unlike existing wireless networks that are integrated into predominantly wired OT communication architectures, 5G provides a parallel communication infrastructure that does not naturally integrate with industrial communication architectures.Therefore, when integrating 5G into a security architecture like IEC 62443, specific considerations for the deployment scheme must be addressed first.

A. Isolated Deployment
In SA NPN, the 5GS including RAN and core network elements are implemented on-premise as introduced in Fig. 3 a.This deployment option allows security zones to be seen as network slices [82].However, when integrating existing industrial networks, this concept must be adapted to the integrated parts or vice versa.This is still an open topic, especially since the integration of the 5G security concept into an existing IT-OT environment is not solved yet.Building blocks such as UE authorization could be useful, also for TSN integration, building blocks are provided and controlled by the 5GS (see Fig. 6) that belong to different SL zones.

B. Public Network Integrated NPN
The PNI-NPN deployment options combine parts of the public cellular network with locally installed elements of a private network.If only RAN and gNB are used in shared mode, the network slicing concept solves the multiple uses as all control and interfacing are done by in-house deployments (Fig. 3(c)), so it can be treated similar to an isolated one.
When the deployment is considered as in Fig. 3(d) and Fig. 3(e), it allows benefits including inter-factory communication through the use of a PNI-NPN and secured network slicing supported by 5GS of the PLMN operator.However, if the 5G network is part of a critical industrial system, the operator of the industrial infrastructure must set up trust measures together with operators of the 5G network [82].Within the IEC 62443 standard, it is possible to develop these measures and implement them in the factory.Traditional OT deployment assumes that all structures in a network or zone are part of a single trust zone.When the PLMN operator provides parts of the OT network infrastructure or services as 5G PNI-NPN deployment, the PLMN operator has to be a reliable entity, which the OT operator can trust for certification requirements.Therefore visibility and tracking capabilities are key requirements to establish trust and ensure compliance safety rules on both OT operator and PLMN operator sides.

C. Network Slicing
Network slicing has the potential to enhance security within the context of the IEC 62443 standard in various ways.By configuring network slices, it becomes possible to create isolated slices for specific security zones as defined by IEC 62443.This opens up the opportunity to prevent unauthorized access or the spread of attacks across different security zones.Additionally, network slicing offers flexibility in deploying security network functions that are tailored to the requirements of individual secure zones and can adapt to evolving security threats.This flexibility allows for a higher level of responsiveness and effectiveness in implementing security measures.Moreover, network slicing provides the means to isolate and contain potentially malicious devices or network components that exhibit suspicious behavior.Hence, mitigating risks and ensuring a more secure environment.
For all variants of 5G deployments in a factory, it is required to fulfill QoS, security requirements, and their integration in existing infrastructure.This opens up new research topics which cannot be answered in this work.To improve and further evolve I4.0, the new possibilities with 5G are an opportunity to innovate.

VII. EVALUATION OF DEPLOYMENT OPTIONS
A PNI-NPN may be a preferred option for many industrial enterprises since implementation and operation of an isolated deployment involves additional resources and efforts to manage Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.[9], [11], [16], [20] the network [20].In addition, an isolated deployment requires high setup costs, whereas a PNI-NPN hosted by a public network operator may require the least operational and capital costs.The costs for the needed infrastructure in terms of the core network control and user plane machines, MEC devices, RAN including the baseband unit and radio heads, and the UEs are to be considered.In case of an isolated deployment the infrastructure cost is to be borne by the enterprise itself whereby in case of a public network operator hosted setup, the infrastructure is provided by the MNO, and thereof the cost includes leasing/usage of the MNO services.Therefore, the costs for MNOs providing managed service in case of PNI-NPN or regular upgrades and licensing (software, frequency, etc.) in case of isolated deployments should be considered while selecting a deployment option.Although cost could be a decisive factor for 5G deployment in an industrial environment, an isolated deployment nevertheless allows complete control over the design and configuration of the network [16].This not only enables exclusive data ownership, but also provides the highest level of reliability, availability, privacy, and data security guarantees.The features of different 5G network deployment scenarios are summarized in Table III.

TABLE III EVALUATION OF 5G NETWORK DEPLOYMENT OPTIONS
Another consideration for 5G deployment may be based on applications that require low latency or time-sensitive deterministic communication.Such applications can be served best by an isolated deployment, specifically through a 5G TSN integrated deployment (as explained in Section V in more detail).Accordingly, an influencing factor is the location of UPF that enables the local functioning of time-critical applications along with the availability of multi-access computing resources which is usually desired for industrial applications [9], [11].Moreover, the possibility to manage communication control signaling and tuning QoS parameters locally (through isolated deployment or shared RAN deployment) would be an added advantage in terms of availability and robustness.Communication control signaling means the exchange of information that enables UE access to the network, such as authentication, resource allocation, mobility, etc. QoS customization may be referred to as the flexibility to configure network parameters in a way that the requirements of the targeted use case can be satisfied.These requirements may vary and can be identified through parameters such as throughput, latency, jitter, and reliability.However, besides these performance parameters service availability, network scalability, privacy, and data security may also be considered for industrial scenarios.Therefore, with a greater degree of network isolation, higher performance, and network flexibility can be achieved.
From the QoS perspective, a network operator may also deploy a light-weight customer-tailored core network with some core functions and UPF at industrial premises that may fulfill all QoS requirements of an application [8].However, with respect to strict security requirements in OT trying to prevent unauthorized access to the plant infrastructure, an isolated deployment intuitively seems most suitable to meet security and privacy regulations [9], [11].Nevertheless, the security measures enforced by the operators on RAN and the core network might also satisfy the needs of a particular use case.From a security viewpoint, the appropriate level of isolation can therefore be decided based on the application scenario and the guarantees from the network operator when considering PNI-NPN as the deployment option.
The industrial automation trend towards digitization, resilience, and sustainability led to the incorporation of robotic platforms, flexible manufacturing designs, and the possibility of individualization of products.Customers may have different and diverse demands for a desired product.To meet these diverse demands, the units of the production line may need to be replaced to adapt to the design requirements of the product.In addition, to increase productivity robotic platforms can be used that not only provide mobility of objects but also assist humans in the manufacturing area.These trends have revamped the automation processes, however, require the support of reliable, dependable, and safe wireless communication systems.Some of these applications may also require a high amount of data off-loading, computation, and fast processing of results.In such scenarios, an isolated deployment can be an ideal wireless connectivity solution since the network QoS capabilities, computational resources, and infrastructural capacities can be customized and configured according to the application requirements.While 5G is not a replacement for all industrial communication technologies, it is a solution to provide mobile and wireless connectivity to support the digitization and automation of manufacturing processes.Therefore, the choice of the deployment option highly depends on the requirements of the manufacturing use case.
Considering the requirements from different industrial applications [18], [19], [88], use cases that fit best to the corresponding deployment option are presented as a guide in Table III.The motion control and augmented reality (AR) use cases are more suitable for an isolated deployment since motion control requires time-aware scheduling and strict deterministic cyclic communication (< 0.5 ms) while the AR use case requires quick feedback after processing complex tasks through the edge.The shared access network deployment option is suitable for controller-to-controller communication and closed loop control where the requirements in terms of reliability, latency, and determinism are less stringent compared to the motion control use case, and usually, no interaction with the public network is needed.The identified cyclic communication requirement for the controller-to-controller use case is 4-10 ms whereas for closed loop control is 10-100 ms [18].The shared access network and control plane deployment fits better for mobile robots (100 ms cycle time) and process monitoring (50 ms cycle time) use cases since it may require wide service area coverage and interconnection with the public network.Lastly, the public network operator-hosted option is suitable for massive wireless sensor networks and plant asset management that have relaxed requirements and may require interconnection with the public network.
In summary, even though an isolated deployment provides several advantages over other deployment options, the choice of deployment depends on the functional, performance, and operational requirements of the use case.Moreover, the deployment cost would be a decisive factor to consider.

VIII. ANALYSIS OF REAL-WORLD DEPLOYMENTS
5G technology promises support for a wide variety of application scenarios.Even though there is interest from the industry, as documented by their presence in forums such as 5G-ACIA, there is still a need to experimentally demonstrate the communication performance of 5G in industrial applications.In this regard, a few initial studies have been conducted that indicate the potential of the 5G technology.However, detailed measurement campaigns covering a wider range of scenarios are still needed.We highlight the reported measurement campaigns for industrial applications as lab trials, real-world evaluations, and initiatives toward demonstrations.Table IV summarizes reported parameters of the measurement campaigns.

A. Lab Trials
Evaluation of a 5G NSA testbed to serve the requirements of I4.0 applications was conducted in [87].Mobile robots use case was considered for the evaluation.As a preliminary result, the round trip time (RTT) parameter was measured, being the most relevant for robotic applications.It was observed that the RTT remains under 17.9 ms which may suffice for some industrial robotic applications.
While latency and reliability are parameters of higher concern in industrial automation systems, Rischke et al. studied one-way packet delay and packet loss using a 5G NSA and SA testbeds based on release-15 in [84].Considering automation use cases, constant bit rate traffic was generated.It was observed that the DL packet delays fall in the range of 4-10 ms while the UL delay remains in the order of 20 ms for the SA setup.The DL packet loss probability was on the order of 10 −1 .The DL and UL packet delays for the NSA setup were recorded in the range of 20 ms while the DL packet loss probability was on the order of 10 −4 .
The aforementioned lab trials suggest a clear improvement in the latency measurements in 5G SA compared to the NSA setup.

B. Real-World Evaluations
Experimental evaluation to compare the performance of Wi-Fi 5/6 and 5G for control of automatic guided vehicless (AGVs) was performed at Aalborg University 5G Smart Production Lab.This lab can be depicted as a small-scale industrial factory environment [86].The evaluation focused on measuring control-loop latency and packet error rate while the AGV autonomously navigated through a defined route making handovers between multiple cells.A median latency of 11 ms at 99.9 percentile was observed with 5G, whereas for Wi-Fi 5/6 an average latency higher than 1 s was recorded.Furthermore, no packet loss was recorded when using the 5G system.The results indicate Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.

TABLE IV 5G MEASUREMENT CAMPAIGNS FOR INDUSTRIAL NETWORKS
superior performance of 5G technology over Wi-Fi 6 both in terms of latency and reliability since several outage occurrences using Wi-Fi 6 were observed.Considering encouraging 5G performance, it can be concluded that fleet management control of autonomous mobile robots in industrial scenarios can be supported.
Nakimuli et al. in [83] also evaluated 5G NSA, but to assess the operational efficiency of an AGV in a factory environment.Parameters including guide error as the deviation of the AGV from the correct path and energy consumption were evaluated.Results show that with higher packet delays or losses, large guide errors occur and subsequently more energy is consumed.It was observed that compared to 4 G, the guide error was reduced by 34.5% when using the 5G system that could extend 5 hours of a lifetime.For a similar use case where a wheel loader was remotely controlled, a measurement campaign to evaluate network throughput using 5G NSA deployment was conducted [89].Evaluations were performed at an operational industrial area that mimics a construction site.Only UL throughput measurements were recorded at discrete time points along the path using a mobile UE that was placed inside the robot.The maximum recorded throughout was 120 Mbit/s while the average was around 50 Mbit/s.
Ansari et al. in [85] presented measurements conducted in real production environments using traffic profiles derived from industrial use cases.Performance evaluation for both NSA and SA was conducted considering collaborative robots, machine tools, and AGV use cases.It was observed that tuning RAN parameters according to the use case requirements can significantly impact network performance.Latencies between 1.05-4.1 ms in UL and 4.7-4.8ms in DL were observed for message sizes of 100 bytes when the system was tuned for eMBB focused configuration.However, considering uRLLC configuration, the median UL latency remained below 0.8 ms whereas in the DL 0.8-0.9ms were measured.
Based on real-world industrial measurements, it can be concluded that considerable improvements, in particular, the latency parameter are witnessed with newer 3GPP releases.A higher level of deterministic communication can be expected with the 5G-TSN integrated system as is also highly desirable for industrial networks, however, further experimental evaluations are needed to demonstrate the suitability of the technology for various industrial applications.

C. Demonstrations
There are a few initiatives on demonstrating 5G capabilities for the manufacturing industry.The 5GSMART1 project is undertaking measurement campaigns and demonstrations on mobile robots, human-robot interaction, edge cloud, and 5G-TSN integration.The published deliverable validate 5G capabilities for supporting communication requirements to the targeted use cases.Recently, large-scale trial projects under smart networks and services2 including TARGET-X, FIDAL, and IMAGINE-5G have started to explore and demonstrate 5G/6G technologies for different industry verticals.
Based on the existing evaluations, it can safely be stated that despite a few initial promising results, detailed systematic performance analysis is still needed for various industrial use cases before a rollout in production environments can take place.Moreover, several challenges such as the evaluation of commercial end devices and 5G network configurations supporting traffic profiles of industrial use cases are to be conducted.Some of these challenges are also highlighted in the next section.

IX. CHALLENGES AND OPEN RESEARCH DIRECTIONS
Several 5G deployment and configuration choices are possible, however, each model has its own benefits and associated costs.The selection of the deployment model depends on the usage scenario and compromises about the associated deployment costs.In some cases, a very short interruption in communication can result in large financial losses.Therefore, a detailed analysis of the requirements to identify the correct model and configuration choice is important.Even though many QoS details can be specified for some models, they may still be unable to fulfill the requirements of an extremely high-demanding application.Advancements to cater to such applications are expected in upcoming 5G specifications.In this context, there still exist many open issues that need further attention.A few of them are briefly stated in the following.
Non-public networks: The SA NPN 5G networks subsume many advantages compared to public networks in terms of network availability, data privacy, scalability, and interference management.However, NPN and corresponding deployment variants need further enhancements to better support industrial requirements in terms of security, performance, reliability, and mobility.Specifically, automated real-time monitoring solutions would be desirable for service availability, QoS performance indicators such as throughput, latency, and packet loss rate to better control the network or adapt to the manufacturing processes accordingly.Potentially automated AI/ML-based predictive maintenance solutions can be investigated to manage and orchestrate connectivity changes such that the manufacturing processes could avoid falling into frequent safety-critical states.
Another aspect to consider for SA NPN is the support for roaming between other SA NPNs.An enterprise may think of deploying independent SA NPNs for OT and IT domains for the sake of isolation or not overburdening the OT network.Despite this separation, roaming for some UEs can be desirable which under the current specifications is not possible.
Network slicing: Being an effective means to support applications with diverse requirements and scenarios, network slicing logically isolates a 5G network to offer specific capabilities and network characteristics.However, emerging industrial applications have stringent communication requirements that demand a higher level of QoS support due to dynamic and changing scenarios of the manufacturing processes.Because industrial automation trends are moving towards flexibility and customization of products, communication demands and scenarios change accordingly.This brings in the need to self-customize, self-optimize, and self-configure the network slice according to the changing communication demands.More intelligent capabilities using AI/ML-based techniques can offer significant benefits in reading the communication demands and optimizing the network services.
Multi-access edge computing: MEC boosts reliability while fulfilling the demand for applications and services in proximity to end-users.Nevertheless, MEC technology is still in its infancy and a number of challenges need to be addressed to realize its full potential.Mobility and continuity management are crucial for MEC and influence service strategies such as computation offloading and resource allocation.Although research is ongoing to extend support for handover procedures in MEC, a comprehensive optimal method for mobility management remains an open challenge.With the growing number of applications and services for MEC deployment, there is also a need for joint optimization of multiple use cases such that task assignments are optimized to the associated services.Additionally, the incorporation of complementary technologies such as NFV, SDN, and network slicing as MEC enablers is still ongoing.
End-to-end deterministic communication: Although 5G integration to TSN supports deterministic communication, it does not cater to determinism from end-to-end application layers.5G architectural enhancements to support extremely low latency (>1 ms) and improvements on deterministic features need further investigation.Moreover, the design of detailed mechanisms on OPC UA integration with 5G, and its interfacing to TSN are needed.Such integration may also enable to create a common interface for industrial processes.An architectural design enhancement catering to synchronization, scheduling, and resource allocation to support end-to-end deterministic communication for industrial wired networks with 5G is needed.Potentially exposure to network interfaces, capabilities, and services can help support better determinism.These may also include mapping of industrial application traffic requirements and priorities to 5G QoS parameters and corresponding resource allocation for end-to-end deterministic communication support.
Security: Network and communication security is another influencing factor in the selection of a 5G network deployment model.Although 5G specifications already provide a security concept for standalone network deployment, they do not account for the possibility of a smooth integration with industrial networks.Similar to uRLLC, which is seen as the driver for the state-of-the-art in functional support for industry, there is an urgent need for a 3GPP standard based integration concept for the key security functions needed in industry.The 5G stateof-the-art deployment in an industry requires the consideration and incorporation of IEC 62443 into the deployment guidelines for 5G to serve as a complete and viable solution in industrial environments.Otherwise, every single installation would have to address the topic of security integration from scratch, which would inevitably lead to serious vulnerabilities in industry.
Network automation: Automation can enable the delivery of next-generation services quickly and efficiently.Some initiatives in this direction such as the EU 5GZORRO project that develops solutions for zero-touch service, network, and security management have been taken.Also, white articles and specifications on zero-touch management have been published.However, the design and development of 5G/6G architecture and algorithms to provide service automation for industrial use cases based on their requirements will support efficient resource planning, load management, and self-organization [90].In fact, to date, the deployment of the 5G network and its configuration itself is a tedious task.Even configuring network slices or configuring QoS parameters of an APN for the desired network performance requires vigorous effort.Further investigations in this direction are needed to support interactive and customized configuration management tools to enable network configuration for diverse industrial applications.
Similarly, quite an effort has been made on developing network architecture to integrate 5G into industrial communication technologies e.g., TSN, DetNet, etc.However, the adaptation between these protocols has high complexity, which needs mechanisms to simplify the complexities.OT would expect seamless support of industrial communication to reduce system adaptation difficulties and network deployment complexity.Automated and interactive solutions in this respect will help easy roll-out of the 5G system to industrial domains.
Testing and validation: There is a large gap between the defined industrial application requirements and validation through experimental testing.A few initiatives to conduct performance testing of 5G technologies for industrial use cases are reported.A detailed study of multiple industrial use cases will help analyze the system and identify further challenges.Moreover, parametric analysis of the 5G core and RAN configuration based on traffic profiles of the use cases needs to be done.Furthermore, evaluations of the 5G integrated TSN system for industrial applications Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
would be helpful for further enhancements.Considering that 5G provides the flexibility for network reconfiguration and mobility to industrial devices, integration of TSN CNC and CUC with 5G management and orchestration might be considered to provision deterministic communication within the 5GS, i.e., without a need for 5G-TSN integration through a wired network.
Joint sensing and communication: Joint sensing and communication is currently being explored as technology for the future sixth generation of wireless networks [91].Joint sensing and communication is expected to play a pivotal role in Industry 5.0 applications by facilitating seamless collaboration between humans and machines.An existing network of sensors deployed in a factory area can be used in combination with the communication system to make informed decisions and adjust industrial operations accordingly.Besides sensory information, communication signals can be used to sense the environment accurately.The expansion of the frequency spectrum towards the sub-Terahertz region in 6G systems allows its usage in a radar-like fashion where the reflections of the transmitted signals can be processed to yield spatial knowledge of the physical surroundings.However, processing information from both the sensor network and the communication network would require an increased number of resources in time, frequency, and computation capabilities.One way to manage the resources could be by applying AI/ML techniques for training the system and reducing computing burdens.In addition, fast and reliable data offloading techniques can be developed to better utilize the computation infrastructure to allow an intelligent interconnect of humans and machines.The area of joint communication and sensing still needs further investigation specifically in the Industry 5.0 paradigm.

X. CONCLUSION
The concept of industrial automation based on 5G communication technology is being extensively studied and debated today.The promise of faster and more reliable wireless communication links provided by 5G holds the potential to increase the customization flexibility of industrial operations, enabling easier adaptation of the factory floor to changing communication demands.This article provides an overview of the available options and configuration choices for 5G deployment that can assist in designing a communication network for industrial CPS.Several 5G features and ongoing developments such as network slicing, MEC, 5G-TSN integration, and 5G-OPC UA integration already allow communication support for diverse industrial applications.However, the assessment done in this article also acknowledges that the adoption of 5G as a communication system for industrial environments is not a straightforward task.While 5G supports digitization and automation of industrial networks and can provide communication services for several use cases, it is not a complete replacement for existing industrial communication networks.
The critical analysis conducted in this article highlights some of the many open challenges that still require extensive research to provide effective solutions for industrial CPS.Of paramount importance is the need for validating low latency, determinism, and effective integration with technologies like TSN and OPC UA in real-world scenarios.Equally significant are ensuring security measures and achieving seamless integration between the original 5G specifications and widely accepted standards in the industrial domain.This latter aspect will in particular require increased cross-domain standardization efforts.The evaluation of different 5G deployment options also highlights the limitations of the current state of 5G deployment in industrial practice.One of the essential factors is the lack of network automation and zero-touch management solutions which hinders easy deployment and configuration of the system.
Though the use of 5G in industrial automation is a vibrant topic, the survey shows that the validation and demonstration of 5G in industrial environments so far have been limited to simple test pilots under controlled conditions, which indicates the need for further investigation.Nevertheless, despite the open challenges that still need to be addressed, this work shows that 5G in industrial automation has potential benefits in the long run.

Manuscript received 7
April 2023; revised 15 July 2023; accepted 19 August 2023.Date of publication 4 September 2023; date of current version 12 October 2023.This work was supported by the Research and Technology Development of Gigabit Applications through Lighthouse Projects BBA2030:GA of the Federal Ministry for Finance, Austria represented by the Austrian Research Promotion Agency (FFG) under Grant FO999899772.(Corresponding author: Raheeb Muzaffar.)

Fig. 2 .
Fig. 2. 5G standalone reference point system architecture [27].The numbers N# denote point-point interfaces between network elements.Y2 is an interface to untrusted non-3GPP access and Uu is a wireless interface to the UEs.
in TS 23.558 and TS 23.548, with security aspects presented in TS 33.558.The MEC can interact with the 5GS as an application function (AF) to gain support for one or a combination of 5G Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.

Fig. 5 .
Fig. 5. 5G MEC network deployment architecture.The figure is derived from the reference architectures specified in TS 23.558 and TS 23.548.
. It replaces the open platform communications classic and includes a meta-model, transport protocol specification, and a server.OPC UA has domain-specific information models and supports client-server and PubSub communication models.PubSub enables real-time capabilities, unlike the client-server model.OPC UA ensures vendor-neutral interoperability, offers mature information modeling, open standardization, and security features.It accommodates new technologies while maintaining backward compatibility (IEC 62541-1).Combining OPC UA and 5G provides Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
5G Deployment Models and Configuration Choices for Industrial Cyber-Physical Systems -A State of Art Overview Raheeb Muzaffar , Member, IEEE, Mahin Ahmed , Member, IEEE, Emiliano Sisinni , Senior Member, IEEE, Thilo Sauter , Fellow, IEEE, and Hans-Peter Bernhard , Senior Member, IEEE