CIP Security, Resource-Constrained EtherNet/IP Devices, Updated Terminology Headline ODVA Hannover News

ODVA’s annual Hannover Messe press conference highlighted new technologies that extend EtherNet/IP and CIP Security to “resource-constrained” devices. Thanks to advance in 2-wire Ethernet, devices that were too small or too inexpensive for a network chip can now join the EtherNet/IP network. There is an international movement to change traditional networking terminology, for example “master-slave”, that would be offensive to many. Here are the news releases.

CIP Security

ODVA announced that CIP Security has added support for resource constrained EtherNet/IP devices. CIP Security can now provide device authentication, a broad trust domain, device identity via Pre-Shared Keys (PSKs), device integrity, and data confidentiality for resource-constrained devices such as contactors and push-buttons. Additionally, a narrow trust domain, user authentication, and policy enforcement via a gateway or a proxy are available options. 

The recent integration of single pair Ethernet has opened up the door to overcoming lower-level device constraints and ultimately to expanding the footprint of EtherNet/IP. Adding simpler devices to EtherNet/IP allows for the benefits of additional remote diagnostics, asset information, and parameterization capability. The addition of more nodes to the network within the context of IT/OT convergence makes device level security a fundamental need to ensure that indispensable assets and people are protected from physical harm and monetary loss. 

The new CIP Security specification has added a Resource-Constrained CIP Security Profile in addition to the EtherNet/IP Confidentiality and the CIP User Authentication Profiles. The Resource-Constrained CIP Security Profile is similar to the EtherNet/IP Confidentiality Profile, but is streamlined for resource-constrained devices. The same basic security aspects of endpoint authentication, data confidentiality, and data authenticity remain. Access policy information is also included to allow a more capable device, such as a gateway, to be used as a proxy for user authentication and authorization of the resource constrained device. 

Implementation of CIP Security for resource-constrained devices requires only DTLS (Datagram Transport Layer Security) support instead of DTLS and TLS (Transport Layer Security), as it is used only with low-overhead UDP communication. 

Terminology Updates

ODVA announced that the April 2021 publication of the DeviceNet and ControlNet Specifications have replaced the usage of the words “master” and “slave” within ODVA references. Developers of devices for ODVA networks will now utilize the words “client and server” (EtherNet/IP, including the integration of Modbus devices), “controller and device” (DeviceNet), and “system time supervisor or active keeper” (ControlNet) to describe these functions. With the goal of eliminating terminology that is hurtful, these changes are the first in a series to update the entire library of ODVA specifications and documents to rectify the use of these terms. 

EtherNet/IP for Resource-Constrained Devices

ODVA announced that The EtherNet/IP Specification has been enhanced to allow vendors to bring the network to resource-constrained devices in-cabinet, including push buttons and contactors. Cost, size, and power restrictions have historically limited the usage of EtherNet/IP at the edge, where many nodes are still hardwired. However, the continued decrease in the cost of semiconductor chips has enabled increased connectivity of simple devices, as evidenced by the rapid expansion of the Industrial Internet of Things (IIoT). The sustained, strong growth of EtherNet/IP combined with accelerating IT/OT convergence has made it possible to deploy EtherNet/IP within cabinets on lower-level automation devices such as contactors and push buttons.

The inclusion of resource-constrained devices within cabinets on an EtherNet/IP network is enabled by recently published enhancements to The EtherNet/IP Specification including the physical layer In-Cabinet Profile for EtherNet/IP along with low overhead UDP-only resource-constrained EtherNet/IP communication. Resource requirements have been reduced via enhancements such as an IT friendly LLDP node topology discovery mechanism, auto-commissioning support, and auto-device replacement support. Additionally, a specification for a new select line circuit facilitates the efficient delivery of system wide sequential commands. 

The EtherNet/IP in-cabinet bus solution reduces interface components through use of single pair Ethernet (IEEE Std 802.3cg-2019 10BASE-T1S) and reduces node cost via multidrop cabling that spans a single cabinet with one interface per device and one switch port that supports many devices. Cost is further reduced via cables that use composite network and control power to eliminate separate parallel runs. The select line for topology eliminates configuration switches by enabling discovery based on relative position and allows for direct connection with programming tools during assembly for parameterization. Assembly time is lowered by eliminating most wire or cable preparation with insulation displacement (piercing) connectors. Nodes will also be able to be replaced with compatible nodes of the same type during normal system operation without any engineering tools in a plug and play manner. 

This will be made possible through reduced hardware requirements enabled by UDP-only EtherNet/IP communication, usage of single pair Ethernet, and shared in-cabinet external power and cabling. Adding low-level in-panel devices to the network will enable the benefits of additional remote diagnostics, asset information and parameterization capability, automatic node topology discovery, and plug and play device replacement. 

Companies Are Finding Ways To OT and IT Cybersecurity Solutions

Network cybersecurity news updates from Indegy, now part of Tenable, and Nozomi’s partnering efforts.

A visitor to the show floor of the annual ARC Advisory Group Industry Forum in Orlando a few years ago might have been surprised at the sheer number of new cybersecurity companies exhibiting. Adding to this number were a couple of established companies who had drunk the kool-aid and established cybersecurity practices.

My first thought, having been down this worn path too many times in my career, centered on how these companies could survive and, indeed, even find enough market to grow. Many companies are formed to sell. I figured that most of these new cybersecurity company founders were as much looking for exits at the Forum as much as looking for customers. Since that time, many have been acquired.

We only hope that, in the long run, this burst of creativity in the field will improve industrial control system (ICS) cybersecurity. Although the recent incident at a Florida water treatment facility shows how far we still need to go.

Tenable Cybersecurity

I had a brief chat with Barak Perelman, VP of OT Security at Tenable and former CEO of Indegy to discuss the threats to cybersecurity opened up by the great dispersion of industrial workers due to the Covid pandemic. 


Indegy was an operations technology (OT) firm brought into an IT company (Tenable) in late 2019. This is one way to bring IT and OT together. Perelman told me that overall IT and OT networks are more interconnected than ever. Threats can freely flow between networks. And 67% of OT organizations are reporting new and more sophisticated tactics being used against them.

I asked Perelman who within a prospective customer company Indegy had called on and who was the effective buyer. He said this was the biggest shift of the last two years. The customer was plant manager, engineering manager, etc. Now more likely the buyer is the IT cybersecurity team. The biggest success they’ve seen is with a combination of the forces, for example placing an engineer from the plant on the security team. Strategically, senior-level executives and the board level have become concerned. They went to their CISO first for results. So most Tenable projects are led by IT teams.

Another big change in the market is reflected in his slide deck. He used to have a slide on “air gap” but that has been dropped. “Everyone now understands that everything is connected.”

Prior to the pandemic and the movement to remote work in 2020, companies thought that they didn’t have exposure to remote access. Then they discovered that an engineer somewhere added an unauthorized cell modem for the ability to access the system remotely for troubleshooting purposes. After the pandemic, utilities, for example, have as much remote as possible. Many organizations understood they wouldn’t fight it anymore. If you can’t fight it, then join it. 

Nozomi Partnerships

Companies forming partnerships has been one of the biggest trends in the market during the past couple of years. Here are a couple featuring cybersecurity company Nozomi.

Tempered Combines Strengths with Nozomi Networks 

Tempered Networks and Nozomi Networks announced a new partnership and product integration to deliver a full-featured industrial security solution for network visibility, threat detection and remediation. The joint offering integrates Nozomi Networks’ leading network visibility, threat detection and incident response system with Tempered Network’s Zero Trust policy enforcement and centralized software-defined perimeter management console. Today’s sophisticated security threats are driving requirements for not only extreme visibility and intelligent threat detection, but also automated remediation that can lock-down vulnerable systems while ensuring continued availability for authorized access and continuity of business.

“As the leader in OT and IoT security visibility and threat detection, Nozomi Networks gives us a powerful partner to deliver greater insight and remediation capabilities to our customers,” said Jeff Hussey, Founder and CEO of Tempered Networks. “The AI-powered network analysis and anomaly detection that they provide can drive more accurate micro-segmentation and security policy enforcement into our Airwall platform, providing a more secure, rapid response approach against industrial-grade network attacks.”

“Tempered Airwall delivers the military-grade encryption and secure access policy enforcement that many of our joint customers rely upon to quickly remediate anomalies and threats in their networks,” said Chet Namboodri, Nozomi Networks Senior Vice President of Business Development and Alliances. “The combination of threat visibility and automated enforcement significantly improves security response. Ubiquitous threats like the SolarWinds attack continue to emerge and industrial connectivity for remote work and connected smart devices continue to accelerate. Our combined offerings provide strong detection and defense against the rapid proliferation of advanced persistent threats, actively buttoning down attack surfaces.”

The product integration includes the ability of Tempered to mirror secure traffic to Nozomi Networks solutions through a fully encrypted overlay for greater analysis and insight. Armed with AI-driven insights from Nozomi Networks, Airwall customers can take remediation steps or refine Tempered security policies through the Airwall Conductor management console API. The Nozomi Networks solution and Tempered Networks Conductor work in concert to refine Airwall zero trust policies and address identified threats, going beyond the capabilities of traditional network security devices like firewalls or remote access solutions.

“A two-way integration of network monitoring of IoT devices and secure, zero-trust, communications is brilliant,” said Richard Stiennon, industry analyst with IT-Harvest and author of Security Yearbook 2020. “Ensuring that all communications is stealthed and encrypted while preserving visibility into traffic is a winning combination.”

NanoLock Security and Nozomi Networks to Provide End-To-End Cyber Protection for Critical and Industrial Infrastructures

NanoLock Security, a leader in OT and IoT device-level protection and management and Nozomi Networks Inc, a leader in OT and IoT security and visibility, announced they have partnered to provide an end-to-end cyber protection and management solution to secure OT in critical and industrial infrastructure. The joint solution will be deployed in the Atlantica Cybernext Security Operations Center (SOC) to serve clients with the most technologically advanced solutions for protecting their business and infrastructure.

Nozomi Networks’ real-time OT and IoT security solution provides network visibility, threat detection, and operational insight for OT and IoT environments, while NanoLock’s device-level protection and management solution tackles the rapidly growing Advanced Persistent Threats (APT) from both outsider and insider adversaries. 

Together, the joint security solution from NanoLock and Nozomi Networks introduces a holistic approach that spans the entire IoT and OT network. Adding NanoLock’s device-level protection and forensic data to Nozomi Networks’ advanced network visibility, threat, vulnerability and anomaly detection extends cybersecurity coverage to include: 

  • Lightweight, passive cyberattack prevention for devices such as smart meters, data concentrators, and controllers, with near-zero processing, power requirements and memory footprint 
  • Anomaly detection covering the network as well as IoT and OT devices 
  • Unified alerts and deeper device-level as well as network-level forensic data 
  • Centralized device visibility, risk monitoring, and intelligence management 
  • Secured and enforced OTA (Over-The-Air) device updates 

“With cybersecurity threats to critical infrastructure on the rise, our partnership with NanoLock Security delivers advanced, end-to-end protection,” said Chet Namboodri, Nozomi Networks Senior Vice President of Business Development and Alliances. “We’re teaming with NanoLock to strengthen utilities’ defenses against cyberattacks, using robust device and network-level detection and protection alongside extensive network visibility and risk assessment.” 

“We’re delighted to partner with Nozomi Networks to introduce a broader IoT and OT cybersecurity solution,” said Yanir Laubshtein, NanoLock’s Vice President of Cyber Solutions. “We see a critical need for a cybersecurity solution that starts at the device level and spans the network to bring comprehensive detection, protection, and management. Our joint offering addresses that need, while also bringing operational efficiency analytics to critical and industrial infrastructure.” 

Aruba Expands Roster of Easy-to-Deploy Workplace Safety Solutions

Aruba, a Hewlett Packard Enterprise company, announced an expanded set of integrated, easy-to-deploy Edge and IoT solutions designed to enable organizations to bring employees back to physical workplaces safely. I am beginning to compile a number of solutions to returning to work or working with Covid. A doctor from Cornell University Medical Center talked with me about a solution he developed that is in queue for posting. I also heard about a solution used by a chemical plant during a turnaround with 900 contractors on site with almost no Covid cases experienced. This one uses already  installed access points (or you can add a system).

Developed using Aruba Wi-Fi access points (AP’s), EnOcean 800/900MHz radios that insert into the AP’s, and compatible IoT devices from Aruba Technology Partners, these solutions monitor hoteling spaces, room occupancy, air quality, and cleaning/disinfection scheduling. By operating on customers’ existing Aruba infrastructure and leveraging cloud-based applications, the solutions can be rapidly deployed and eliminate the need for expensive IoT overlay networks.

As the world continues to adapt to new business realities brought about by the COVID-19 pandemic, organizations are considering a myriad of return-to-work scenarios, including re-opening offices and safely bringing employees back in-person. Since IT infrastructure spans across the entire enterprise, it’s the ideal platform on which to build cross-organizational systems and processes encompassing social distancing, contact tracing, infection control, and space management. Flexible, cloud-native applications targeting these use cases can be quickly spun up – at minimal cost – as return-to-work initiatives are rolled out.

Aruba ESP (Edge Services Platform) provides the unified, secure, cloud-native network infrastructure that underpins EnOcean’s integration with Aruba. Plugging an EnOcean 800/900MHz USB adapter into a compatible Aruba AP enables communication with wireless IoT air quality monitors, presence detectors, light level sensors, and other devices that use EnOcean-developed protocols, wireless radios, and energy harvesting power sources. IoT data is streamed from the AP to the target return-to-work application over secure tunnels. Aruba ESP applies consistent security policies and provides unified management from a single point of control. Customers have the freedom to implement return-to-work solutions at any time, in both new and existing deployments, without ripping and replacing IT infrastructure.

Return-to-work applications and technology partners include:

  • Hoteling space management: Wireless sensors are ideal for managing the availability, occupancy, air quality, and cleaning requirements of hoteling spaces. DEUTA Controls’ EnoPuck visually identifies if a space is reserved, occupied, available, or vacated, while simultaneously monitoring air quality and light levels. Departure of an occupant can automatically trigger a request for cleaning and disinfection.
  • Occupancy management: To ensure compliance with social distancing and sanitation protocols, IAconnects’ Mobius Flow application manages people-counter and occupancy sensors to monitor the status of communal areas, e.g., washrooms, kitchens, and meeting areas. A “cleaning threshold” feature alerts maintenance when an area requires attention.
  • Smart restroom: The smart restroom solution from Nanjing Winshine checks traffic flow and occupancy of restrooms in real-time. Employees are alerted when the restrooms are unavailable, and the application can automatically generate work orders for cleaning and disinfection services.
  • Demand-oriented ventilation: Typically used in classrooms, public buildings and offices, Thermokon’s CO2 sensor solution contributes to demand-oriented ventilation to reduce the risk of infection. The solution currently measures CO2 within a particular area and activates the ventilation system to meet defined air quality standards. Temperature, relative humidity, and volatile organic compound (VOC) sensing will be available later this year.
  • Building management: The building management application from Titanium Intelligent Solutions manages lighting, energy, and space efficiency during shelter-in-place mandates and when curfews are enforced. Building functions are securely and remotely controlled via a simple, web-based application.

“The simplest, most automated, and cost-effective way to implement return-to-work safety initiatives is by deploying data-driven smart solutions on top of existing IT infrastructure,” said Michael Tennefoss, vice president of IoT and Strategic Partnerships at Aruba, a Hewlett Packard Enterprise company. “Because of their ubiquitous deployment throughout enterprises, in locations that are ideal for wireless sensor communications, Aruba AP’s are ideal on-ramps for return-to-work IoT devices. As monitoring and safety requirements change over time, additional IoT devices can be added by tapping into the EnOcean Alliance, a vast ecosystem of vendors that have developed interoperable, self-powered wireless sensor solutions. Armed with this technology, organizations can re-open with confidence today using a future-proof platform that is ready for what lies ahead.”

 www.arubanetworks.com

OPC Foundation Extends Work To Field Layer Specifications

Whatever happened to Time Sensitive Networking (TSN)? I had been pondering the relative disappearance of several technologies creating buzz in 2020—TSN, Arduino, Raspberry Pi. Then came buried within the OPC Foundation discussion with us at the 25th ARC Industry Forum this month word of TSN.

This appears to be the last of the updates I received at ARC this year. OPCF president Stefan Hoppe began with a photo of the unusual amount of snow around his house in Germany (as I was contemplating my yard in my new house in the Chicago suburbs with about 2 feet of snow blanketing the area. Meaning—none of us were in Florida this year).

I wrote last month about the Field Level Communications standard work. In this, 300 experts from 60 major companies published a Technical Paper and completed Initial Release Candidate. OPCF continues work on the networking side with this FLC specification along with work on the “Advanced Physical Layer”, which is a new Ethernet cabling standard. Hoppe stated the mission, “…in order to drive industrial interoperability from field to cloud (and vice versa) and to support IT/OT convergence.”

Work has also started on identifying and creating facets and profiles that define the mandatory feature sets for the various types of automation components which is essential to reach a high level of cross-vendor interoperability.

Hoppe continued, “Ethernet APL and TSN are important enablers, which allow OPC UA to further penetrate new application areas in process and factory automation. The OPC Foundation’s Field Level Communications Initiative bundles these activities and acts as a global center of gravity for a unified OPC UA-based industrial interoperability solution harmonized between the process industry and factory automation.”

Peter Lutz, Director of the FLC Initiative, said, “The initial release candidate, which was completed in November 2020, is a major achievement because it facilitates the long-awaited standardization of Controller-to-Controller (C2C) connectivity. The specifications are used not only to build prototypes, they are also used to create test specifications that will be converted to corresponding test cases for the OPC UA certification tool (CTT). Furthermore, it lays the foundation for specification enhancements, covering the Controller-to-Device (C2D) and Device-to-Device (D2D) use cases in the next step.”

The initial release candidate (RC1), which focuses on Controller-to-Controller (C2C), consists of four parts (Parts 80-83) that specify how automation controllers exchange process data and configuration data using OPC UA Client/Server and PubSub extensions in combination with peer-to-peer connections and basic diagnostics.

These parts are extensions to the OPC UA framework and are labelled with OPC UA FX (Field eXchange):

  • Part 80 (OPC UA FX 10000-80) provides an overview and introduces the basic concepts of using OPC UA for Field eXchange.
  • Part 81 (OPC UA FX 10000-81) specifies the base information model and the communication concepts to meet the various use cases and requirements of Factory and Process Automation. 
  • Part 82 (OPC UA FX 10000-82) describes networking services, such as topology discovery and time synchronization.
  • Part 83 (OPC UA FX 10000-83) describes the data structures for sharing information required for Offline Engineering using descriptors and descriptor packages.

In addition, a 40-page technical paper was published that explains the overall vision and the technical approach.

Since the Advanced Physical Layer (APL) and Time-Sensitive Networking (TSN) are key technologies for the OPC Foundation’s strategy to bring OPC UA down to the field in discrete and process industries, different cooperation strategies have been established:

  • The OPC Foundation has joined the Advanced Physical Layer Project Group (APL) to support the development and promotion of the Advanced Physical Layer (APL) for Industrial Ethernet, suitable for use in demanding applications and hazardous locations in the process industry.
  • The OPC Foundation has established liaisons with IEC SC65C as well as IEEE 802.1 in order to support and align with the IEC/IEEE 60802 TSN Profile for Industrial Automation, which is essential in building converged industrial automation networks in which multiple IT and OT protocols share a common network infrastructure. 

Distribution Management Standardizes on Aruba Network Infrastructure

I’ve helped a number of people, including myself, with the installation of networking and WiFi in homes. When I consulted with an organization with a large building and many users, I ran into Aruba. About five years ago I started attending HPE conferences and getting deeper dives into robust networking. Perhaps the best story was meeting the IT head of the European PGA tour who talked about the WiFi requirements for hosting the Ryder Cup.

Aruba is one of my go-to sources for networking technology and application news these days. Today, this news came about a rugged network solution that includes IoT and robots and other things near and dear to my heart. Use this for an example of what you can accomplish with this equipment whether in distribution or other industrial or manufacturing settings.

Aruba announced that Distribution Management, a leading fulfillment and supplies network, is standardizing on Aruba wireless, switching, and security solutions across all of its locations to enable digital transformation initiatives to support the company’s rapid growth and increasing customer demand. 

With headquarters in St. Charles, Missouri, and five distribution centers across the U.S., Distribution Management operates a supplies and order fulfillment network that can reach 99 percent of the country within one-to-two days. The company also operates a Foreign Trade Zone that services international needs, and offers managed services for printer fleets, dispatching technicians for troubleshooting and repair, as well as supplying printer repair parts.

As Distribution Management has grown and seen increased demand from customers, modernizing and streamlining operations, and improving efficiencies and employee productivity, have become key objectives. According to Tom Huck, Distribution Management’s Director of Infrastructure Technologies, the company realized it needed to upgrade its network infrastructure to achieve these objectives.

“We knew that the underlying network foundation would be critical to advancing all of the modernization and expansion efforts we had in mind,” Huck said. “It was pretty clear our existing network couldn’t accommodate our growing needs.”

As the company planned for expansion into larger warehouse spaces, with an increasing number of IoT devices on the network, and new distribution models that would include replacing traditional conveyor equipment with robots, it realized their legacy Cisco network had to be replaced. After evaluating new solutions from both Cisco and Aruba, Distribution Management chose to standardize on Aruba across all of its sites.

Working with partners Insight and InterVision, Distribution Management began installing Aruba access points, mobility controllers, and access switches, as well as ClearPass, so the organization can authenticate every wired and wireless device that accesses the network and begin implementing consistent role-based policies. 

According to Jim Adelmann, network administrator for Distribution Management, the new Aruba network is accelerating the organization’s warehouse digital transformation, allowing the IT team to connect a variety of crucial devices including robots to the network for automated inventory management. The robots use the wireless network to check in and “call home” for real-time order details that indicate where to go within the warehouse and how to process orders.

Other devices and applications benefiting from the Aruba network include Zebra barcode printers and wrist-mounted TC52 devices, which warehouse employees use to scan, pick and pack inventory, QubeVu hardware which is essential in viewing and analyzing the dimensions of packages coming through their warehouse so they can be processed properly, and RingCentral softphones for videoconferencing and employee laptops and mobile devices.

From an IT perspective, Adelmann said the Aruba network is providing the kind of reliability, redundancy and always-on connectivity that Distribution Management needed to move forward with their expansion and modernization efforts confidently.

“Had we stuck with Cisco, we would have spent twice the amount of time getting the network up and running. With Aruba, network management is so easy – we had everything rolling within a week,” Adelmann said.

Adelmann also noted that the modularity of the Aruba solutions allowed the IT team to stage everything ahead of time and that the uptime has been “through the roof,” freeing up the IT team to focus on more strategic initiatives. Added Huck, “Lost productivity translates into lost revenue. That’s why having a solid network foundation was so vital to supporting our digital initiatives and meeting our growth and expansion needs.”

To date, Distribution Management has installed the Aruba infrastructure in three of its five distribution centers and plans to continue its roll-out to its additional two centers in the near future. In 2021, the company also plans to continue its move to role-based access control with ClearPass, and will evaluate Aruba Central for management, as well as Aruba User Experience Insight sensors to provide additional troubleshooting and diagnostic capabilities. 

Said Huck, “We now feel confident that as our business grows and evolves, our network can grow with it, supporting whatever initiatives we undertake.”

ONF Announces Aether 5G Connected Edge Cloud Platform

Many industry pundits and observers seem to not understand all the ramifications and potentials for 5G. I’ve listened to podcasts from John Gruber at Daring Fireball and the guys at Accidental Tech Podcast talk about how 5G isn’t providing the anticipated boost for data speeds for their new iPhone 12s. But 5G provides for so much more than that.

I’ve had an opportunity to talk with people from the new Open Networking Foundation and check out this open-source community springing up. Here is a recent press release. Open source is burgeoning right now. Cynics say it’s just a way for big companies to cut development costs. I think it goes much deeper than that given licensing protocols and the spread of technology. This one is interesting and poised to take (among other things) Industrial Internet of Things to a deeper level.

The Open Networking Foundation (ONF) announced that ONF’s Aether 5G Connected Edge Cloud platform is being used as the software platform for the $30M DARPA Pronto project, pursuing research to secure future 5G network infrastructure.

DARPA is funding ONF to build, deploy and operate the network to support research by Cornell, Princeton and Stanford universities in the areas of network verification and closed-loop control. ONF will enhance and deploy its open source Aether software platform as the foundation for the Pronto research work, and in turn the research results will be open sourced back into Aether to help advance Aether as a platform for future secure 5G network infrastructure.

Aether – 5G Connected Edge Cloud Platform

Aether is the first open source 5G Connected Edge Cloud platform. Aether provides mobile connectivity and edge cloud services for distributed enterprise networks as a cloud managed offering. Aether is an open source platform optimized for multi-cloud deployments, and it simultaneously supports wireless connectivity over licensed, unlicensed and lightly-licensed (CBRS) spectrum.

Aether is a platform for enabling enterprise digital transformation projects. Coupling robust cellular connectivity with connected edge cloud processing creates a platform for supporting Industrial Internet-of-Things (IIoT) and Operational Technology (OT) services like robotics control, onsite inference processing of video feeds, drone control and the like.

Given Aether’s end-to-end programmable architecture coupled with its 5G and edge cloud capabilities, Aether is well suited for supporting the Pronto research agenda.

Aether Beta Deployment

ONF has operationalized and is running a beta production deployment of Aether.  This deployment is a single unified cloud managed network interconnecting the project’s commercial partners AT&T, Ciena, Intel, Google, NTT, ONF and Telefonica. This initial deployment supports CBRS and/or 4G/LTE radio access at all sites, and is cloud managed from a shared core running in the Google public cloud.

The University campuses are being added to this Aether deployment in support of Pronto. Campus sites will be used by Pronto researchers to advance the Pronto research, serving as both a development platform and a testbed for use case experimentation. The Aether footprint is expected to grow on the university campuses as Aether’s 5G Connected Edge Cloud capabilities are leveraged both for research on additional use cases as well as for select campus operations.

Aether Ecosystem
A growing ecosystem is backing Aether, collectively supporting the development of a common open source platform that can serve as an enabler for digital transformation projects, while also serving as a common platform for advanced research poised to help unlock the potential of the programmable network for more secure future 5G infrastructure.

At Google Cloud, we are working closely with the telecom ecosystem to help enable 5G transformation, accelerated by the power of cloud computing. We are pleased to support the Open Networking Foundation’s work to extend the availability of 5G and edge capabilities via an open source platform.” 

Shailesh Shukla, VP and GM, Networking, Google Cloud

Cornell is deploying Aether on campus to bring private 5G/LTE connectivity services with edge cloud capabilities into our research facilities.  We expect private 5G/LTE with connected edge cloud to become an important and integral part of our research infrastructure for many research and operational groups on the campus.  We also see the value of interconnecting a nation-wide leading infrastructure with Stanford, Princeton and ONF for collaborative research among university researchers across the country.”

David Lifka, Vice President for Information Technologies and CIO, Cornell University

Princeton University is deploying Aether on campus in the Computer Science Department in order to support the Pronto research agenda and offer it as an experimental infrastructure for other research groups. This deployment will enable private 5G/LTE connectivity and edge cloud services and will complement Princeton’s existing P4 enabled infrastructure on campus. We plan to also explore how some of our mission critical production use cases can be supported on a private 5G Connected Edge Cloud.”

Jay Dominick, Vice President & CIO, Princeton University

Ciena is pleased to be an early collaborator on the ONF’s Aether project.  We have an Aether site running in our 5G lab in Montreal, and we are excited by the prospect of helping enterprises leverage the 5G and edge cloud capabilities of Aether to help build transformative solutions.”

Stephen Alexander, Senior Vice President and Chief Technology Officer, Ciena

 “Intel is an active participant of the ONF’s innovative Aether project to advance the development of 5G and edge cloud solutions on high volume servers. ONF has been leading the industry with advanced open source implementations in the areas of disaggregated Mobile Core, e.g. the Open Mobile Evolved Core (OMEC), and we look forward to continuing to innovate by applying proven principles of disaggregation, open source and AI/ML with Aether, the Enterprise 5G/LTE Edge-Cloud-as-a-Service platform. As open source, Aether will help accelerate the availability of innovative edge applications. Aether will be optimized to leverage powerful performance, AI/ML, and security enhancements, which are essential for 5G and available in Intel® Xeon® Scalable Processors, network adapters and switching technologies, including Data-Plane Development Kit (DPDK), Intel® Software Guard Extensions (Intel SGX), and Intel® Tofino™ Programmable Ethernet Switch.”

Pranav Mehta, Vice President of Systems and Software Research, Intel Labs

Learn More

The Aether ecosystem is open to researchers and other potential partners who wish to build upon Aether, and we welcome inquiries regarding collaboration.  You can learn more at the Aether website.

About the Open Networking Foundation:

The Open Networking Foundation (ONF) is an operator led consortium spearheading disruptive network transformation. Now the recognized leader for open source solutions for operators, the ONF first launched in 2011 as the standard bearer for Software Defined Networking (SDN). Led by its operator partners AT&T, China Unicom, Deutsche Telekom, Google, NTT Group and Türk Telekom, the ONF is driving vast transformation across the operator space. For further information visit http://www.opennetworking.org