by Gary Mintchell | Feb 26, 2019 | Internet of Things, Manufacturing IT, Networking, Technology
The world is in Barcelona at the Mobile World Conference (except for me). But that’s OK, I’m seeing plenty of news. Much of it relates to the Edge. And as 5G heats up, expect that to emphasize compute at the edge even further. (Talk of 6G is best left for politicians who by and large are not technical…)
This news comes from Hewlett Packard Enterprise (HPE) where VP and GM Tom Bradicich has been using Twitter to tease this week’s announcement. HPE Edgeline EL8000 Converged Edge System designed to help communication service providers (CSP) capitalize on data-intensive, low-latency services for media delivery, connected mobility, and smart cities. The system enables CSPs to process vast amounts of data in real time directly at the edge, based on open standards to boost flexibility and reduce costs. HPE also announced collaborations with Samsung and Tech Mahindra to accelerate CSPs 5G adoption, leveraging the HPE Edgeline EL8000 Converged Edge System to deploy the next generation of edge-centric virtual 5G applications.
IDC forecasts that more than 150 billion devices will be connected across the globe by 2025, most of which will be creating data in real time. As a result, IDC predicts real-time data to represent nearly 30 percent of the Global Datasphere by 2025. Estimated to be 33 zettabytes in 2018, IDC forecasts the Global Datasphere to grow to 175 zettabytes by 2025.
To deliver new services that tap into this massive growth of real-time data, CSPs must transform their telecommunications network edge towards standard IT systems and software-defined architectures, such as virtual radio access networks (vRAN) and virtual cable modem termination systems (vCMTS). The open-standards-based HPE Edgeline EL8000 Converged Edge System was therefore developed as a cost effective replacement for CSPs’ current proprietary edge systems, with enhanced performance and versatility for data-intensive real-time digital services. Additionally, the HPE Edgeline EL8000 Converged Edge System’s unique design delivers high performance and ultra-low latency for the most demanding use cases, including media streaming, IoT, artificial intelligence, and video analytics, in a compact and ruggedized form factor, equipped with edge-optimized serviceability and remote systems management.
“CSPs have come a long way in virtualizing their networks. As this continues, the distribution of converged communications and compute capacity throughout the network will accelerate lower costs and improve service”, said Dr. Tom Bradicich, Vice President and General Manager, Converged Servers, Edge and IoT Systems, HPE. “The HPE Edgeline EL8000 Converged Edge System delivers the capabilities of closed proprietary systems and more, but on an open-standards platform, combined with proven data-center class IT.”
The EL8000 delivers the capabilities of closed proprietary systems but on an open-standards platform
Designed for the real-life challenges
The massive growth of data volumes requires that CSPs deploy high-performance edge systems in their cell sites, often in remote and harsh environments. Moreover, this infrastructure must support many workload and quality-of-service requirements for which tailored slices of the network are employed. The HPE Edgeline EL8000 Converged Edge System delivers an combination of capabilities to meet these challenges, including:
- Compact and ruggedized design optimized for harsh cell-site locations – Exceeding the requirements of industry standards NEBS and ASHRAE class 3 and 4, the system is resistant against hazardous environmental influences like heat, shock and vibration, as well as failover, supporting continuous operation between 0 and 55 degrees Celsius. The system can run rack mounted or stand-alone in any space available, with either a front-to-back and back-to-front cooling design.
- Low-latency, high-performance system design powers data-intensive applications at the edge – The single-socket design, equipped with high-end Intel® Xeon® Scalable Processors, reduces latency and energy consumption. System components can be combined, scaled and hot-swapped to meet changing demands, supporting, among others, NVIDIA® Tesla® GPUs, FPGAs from Intel and Xilinx, NICs from Intel or Mellanox, up to 1.5TB of memory and 16TB of storage.
- Modular blade and chassis options for use-case flexibility – With a range of depth and width options for blades and chassis, the system can be flexibly configured and scaled to meet new or changing use-case requirements. The flexible design allows CSPs to extend small- and micro-cell deployments, ensuring that cellular coverage can keep pace with increasing numbers of connected devices.
- One-click provisioning and remote systems management ensures continuous availability and performance in far-flung cell-sites – HPE’s proven HPE iLO 5 technology and the newly developed chassis manager software enable remote provisioning, ongoing system health monitoring, updates, and management of HPE Edgeline EL8000 Converged Edge Systems across thousands of cell sites, from cell towers to oil rigs, without needing IT expertise on site.
“Collaboration between HPE and Intel has resulted in this versatile platform for network transformation at the edge,” said Sandra L. Rivera, Senior Vice President and General Manager, Network Platforms Group, Intel. “Powered by Intel Xeon Scalable processors and based on open standards, the HPE Edgeline EL8000 Converged Edge System will enable high performance, flexible and intelligent networks that are required to deliver high bandwidth and low latency for edge and 5G services.”
Converged communications
HPE and Samsung Electronics Corporation (SEC) are collaborating to provide a joint edge-to-core vRAN commercial solution based on Samsung’s radio network technologies and system integration services and the HPE Edgeline EL8000 Converged Edge System.
“Samsung and HPE combine their strengths in radio networks, edge systems, and telecommunications infrastructure to drive the change towards a standard-IT based and software-defined network edge,” said Wonil Roh, Vice President, Head of Technology Strategy at Samsung Network Business. “The HPE Edgeline EL8000 Converged Edge System will play a key role in Samsung’s challenge to evolve our customers’ networks with 5G vRAN demanding intense low-latency.”
While some CSPs aim to deploy 5G from 2020 onwards, others may not be able to do so for a few years, potentially leaving entire regions without 5G coverage. As part of this interim process CSPs are turning to multi-access edge computing (MEC) software, which delivers many of the benefits of 5G, but using 4G LTE infrastructure. For this reason, HPE is collaborating with Tech Mahindra, a global leader in MEC software, to deliver MEC solutions based on the HPE Edgeline EL8000 Converged Edge System.
“Our collaboration with HPE and the introduction of the HPE Edgeline EL8000 Converged Edge System is a major step for driving a fast and smooth transformation towards open standards at the edge in the Telco and Comms marketplace,” said Karthikeyan Natarajan, Global Head, Engineering, IoT & Enterprise Mobility, Tech Mahindra. “As a leader in Telco and Comms software and services, Tech Mahindra sees HPE as ideally positioned to help us deliver significantly improved user experiences, particularly through the often-uneven transformation from 4G to 5G.”
Availability
The HPE Edgeline EL8000 Converged Edge System will be available worldwide from June 2019.
by Gary Mintchell | Feb 20, 2019 | Automation, Operator Interface, Workforce
My thesis holds that the proper development and deployment of technology empowers workers to better perform their tasks. The keywords from my interview with Webalo at the ARC Industry Forum in Orlando were “empower” and “tool”.
The conversations centered on the company’s launch of Webalo 5.0, the latest version of its no-code, frontline workforce app generation platform. Its User First approach automatically generates and personalizes apps from enterprise data sources, such those from IBM, Microsoft, Oracle, and SAP as well as industrial data sources such as AVEVA, GE, Rockwell, and Siemens.
Webalo enables frontline workers through real-time access to actionable analytics, alerts, and notifications, as well as desktop and native mobile bi-directional interaction through intelligently managed workflows.
“Though the overwhelming majority of companies understand that frontline worker autonomy would boost their competitiveness, less than 30% of companies have been able to launch frontline workforce digital transformation projects because of the time, cost and complexity of traditional software development approaches,”said Webalo CEO Peter Price. “Webalo 5.0 automates the digital transformation of the frontline workforce at a fraction of the time, cost and effort of these traditional approaches, providing frontline workerswithreal-time, actionable,personalizedvisibility into their daily tasks and activities.”
Webalo 5.0’s specific features include:
- Tighter integration with industrial data sources such as Historian databases and Manufacturing Execution Systems(MES).
- Powerful “Connect & Deploy”–a no-code app delivery capabilitythat providesend users with the ability to easily generate new applications in an ad hoc, drag and drop manner, directly from their Webalo Desktop Client.
- Actionable visualizations are now defined at the individual user level, providing frontline workers with the flexibility to create their own custom views of apps and share them with their co-workers.
- Enhanced workflow management empowersfrontline workers in a more intelligent way,with multiple visualizations of the same task using different parameters.
- Automatically-generated tasks and actionable visualizations to operate over MES asset hierarchies and Historian tags that makes the data more actionable and visible to all stakeholders.
- Contextualized dashboards that provide embedded asset hierarchy, selectable timeframes and custom user inputs.
- User-managed editors to create and modify trend charts,with out-of-the-box Historian services, allowing frontline workers to modify the way they request and display Historian tag values by selecting a Historian sampling mode from a drop-down menu, and then configuring the options that appear for that node.
- PDF report generation providing a new way of sharing data interactively with co-workers.Webalo 5.0 is now available.
by Gary Mintchell | Feb 19, 2019 | Manufacturing IT, Security
If HMI SCADA absorbed about 40% of my ARC Industry Forum appointments, then industrial cybersecurity took up another 40%. Not all of them were the usual networking solutions, either.
This one, for example, comes from Honeywell. It announced the latest release of Secure Media Exchange (SMX), a cybersecurity solution to protect industrial operators against new and emerging Universal Serial Bus (USB) threats. SMX now includes patent pending capabilities to protect against a broad range of malicious USB device attacks, which disrupt operations through misuse of legitimate USB functions or unauthorized device actions.
These advanced protections complement additional SMX enhancements to malware detection, utilizing machine learning and artificial intelligence (AI) to improve detection by up to 40 percent above traditional anti-virus solutions according to a Honeywell study. Together, these updates to the SMX platform deliver comprehensive, enterprise-wide USB protection, visibility and control to meet the demanding physical requirements of industrial environments.
USB devices include flash drives and charging cables, as well as many other USB-attached devices. They represent a primary attack vector into industrial control system (ICS) environments, and existing security controls typically focus on the detection of malware on these USBs.
While important, research shows an emerging trend toward new categories of USB threats that manipulate the capabilities of the device standard to circumvent traditional security controls and directly attack ICS. Categorically, these malicious USB device attacks represent 75 percent of today’s known USB attack types, a clear indication of the shift toward new attack methodologies. Because these attacks can weaponize common USB peripherals — like keyboards, speakers — effective protection requires sophisticated device validation and authorization.
“Malicious USB attacks are increasingly sinister in their ability to emulate, exploit and manipulate USB devices, often causing damage and operational outages,” said Sam Wilson, global product marketing manager, Honeywell Industrial Cybersecurity. “Honeywell is the first to deliver a powerful industrial cybersecurity solution to protect against malicious USB device attacks, which represent the majority of USB threat types and advanced malware. And as USB usage increases and devices proliferate, human verification of device actions will continue to play an important role.”
SMX protection includes Honeywell’s Trusted Response User Substantiation Technology (TRUST), which introduces a human validation and authentication step to ensure that USB devices are what they claim to be. TRUST helps prevent unwanted or suspicious devices from introducing new threats into the industrial control environment. In the case of USB storage devices, additional layers of advanced malware detection technology are used to further protect against malware, including machine learning and AI to improve detection of increasingly complex malware, including zero days and evasive malware.
SMX helps customers make changes across people, process, and technology that will improve their industrial cybersecurity maturity. It trains USB users to look for potential issues as they plug in, while reinforcing plant check-in and check-out processes for plant managers. As a technical control, SMX continuous threat protection and its latest enhancements ensure that customers can check USBs anywhere to scale industrial cybersecurity with ease.
The latest SMX technology release includes a host of additional features including:
- New Centralized Management: provides unmatched visibility of USB devices entering industrial control environments and centralized threat management across all SMX sites, for time-saving security management and simple-to-view insights unique to the customer’s environment.
- New ICS Shield Integration: provides additional visibility into USB activity on protected end nodes, closing the loop between centralized management services and distributed protections inside the ICS, without violating industry best practices of zone segmentation.
- Expanded SMX offering: provides multiple form factors to meet specific industrial needs, including portable SMX ST models for busy operational staff, and fully ruggedized models that meet industrial use cases including hazardous environments, military standard conditions and gloves-on worker situations.
by Gary Mintchell | Feb 12, 2019 | Automation, Industrial Computers, Internet of Things
Programmers of machine control in the US still stick with the old Ladder Diagram editor, so Opto 22 adds it to its groov EPIC controller. This is sort of the outlier of the things I learned at last weeks’s ARC Industry Forum in Orlando. Most of my interviews were either cyber security or HMI/SCADA it seems. I had wall-to-wall meetings and then travel. So, I’m just catching up on thoughts.
Somewhere around 25-30 years ago I could program (not proficiently, but turn out work anyway) in BASIC, C, C++, Java, Pascal. Then I ran into Ladder Logic. Why would anyone do this, I exclaimed! In the US all this time later, it’s Ladder or nothing in much of the country. Maybe the millennials can move this forward???
Recognizing this fact of life, the prototypical flow chart programming company, Opto 22 has added a free software upgrade with standard IEC 61131-3 programming methods.
Opto says, “Adding these new programming options to the existing flowchart and custom user-written options in groov EPIC gives control engineers the ability to program using a variety of languages they already know, while taking advantage of the EPIC’s extended capabilities for automation and industrial internet of things (IIoT) applications. All IEC 61131-3 standard languages are supported by groov EPIC, including Function Block Diagram (FBD), Structured Text (ST), Sequential Function Charts (SFC), and Ladder Diagram (LD).”
Engineers can mix and match several software tools to build control and IIoT solutions on one unified platform. Plus companies can continue to leverage existing employee knowledge in IEC 61131-3 programming methods, including decades-old ladder logic.
The PC-based CODESYS® Development System V3 is used to create and compile IEC 61131-3 programs for download to a pre-installed CODESYS Runtime running on groov EPIC. The CODESYS Development System is available at no charge from the CODESYS Store. The CODESYS Runtime on groov EPIC is enabled by a free software license available from Opto 22.
“As the world’s leading manufacturer of independent IEC 61131-3 software,” stated Markus Bachmann, President of the U.S. subsidiary of the CODESYS Group, “we are excited that CODESYS has been chosen to boost Opto 22’s groov EPIC to the next level in industrial automation products, integrating state-of-the-art industrial control with new IIoT and Industry 4.0 applications.”
In addition to IEC 61131-3, groov EPIC can also be programmed using Opto 22’s native PAC Control. Field-proven, flowchart-based PAC Control with optional scripting offers 400+ plain English commands for analog process and digital sequential control, complex math, conditional branching, string handling, and other complex functions.
Other programming options include using software languages supported on the Linux operating system through secure shell. This access—along with toolchains and interpreters for Java, C/C++, Python, JavaScript/Node.js and more—allows developers to create custom applications. In addition, groov EPIC includes Node-RED as another programming option. Node-RED uses a flow-based development environment optimized for edge data processing and communications.
Integrated HMI
groov EPIC integrates the easy-to-use HMI software groov View with its control programs. Once an IEC-61131-3, PAC Control, or custom software application is developed, the control program’s tags and I/O are available for building a groov View HMI. Data from other systems and equipment on premises, at remote locations, and in the cloud can also be included in the HMI. The drag-drop-tag HMI construction is quick, security is built in, and trending and user notifications are included.
Authorized users can view this HMI to see data and control processes on the integral, industrial-grade color touchscreen display on the front of the EPIC processor. They can also view the HMI on an external HDMI monitor, and from any web browser or mobile device.
Free Product Upgrade
To take advantage of this new programming option, current groov EPIC owners can simply install a free upgrade. As with all quarterly upgrades to groov EPIC since its introduction in February 2018, this upgrade requires only a software download. Unlike all other industrial automation products and platforms, groov EPIC is improved quarterly based on user feedback, with no need to replace existing hardware. These software upgrades provide significant performance improvements and protect user hardware investments, all at little or no cost. The groov EPIC system can change with you as your application grows or changes.
groov EPIC System
Based on Opto 22’s 45 years of experience as an automation manufacturer, the groov EPIC system merges tough industrial hardware with open protocols and standards to provide an ideal system for both automation and IIoT applications. Built to withstand conditions at the edge of networks in factories and remote locations, EPIC is approved for use by UL in hazardous locations and is ATEX compliant. EPIC can be used to collect, process, view and exchange data where it is produced, and this data can then be securely shared among databases, cloud services, PLC systems and other components. In recognition of its unique capabilities, groov EPIC won the 2019 Control Engineering Engineers’ Choice Award in the Industrial Internet of Things Connectivity category.
by Gary Mintchell | Jan 30, 2019 | Automation, News, Technology
Once I was involved in the design, build, and installation of automated assembly machines. I have a feel for how much time and money could be saved through simulation of industrial automation systems. Further, I’ve observed Rockwell Automation’s attempts at partnership to bring simulation to fruition.
After many false starts, it has acquired a company—Emulate3D. The company’s products sit between CAD and controls design enabling a visual model of the system (the website shows conveyor and material handling systems, not the inner workings of a machine). It can integrate controls and look for interferences allowing engineers to “test” machine design before cutting iron.
I have not seen a demo, yet, but in theory this is a great advance for Rockwell’s customers.
“We are excited about the opportunities that Emulate3D’s software offers our customers,” said Fran Wlodarczyk, Rockwell Automation senior vice president for its architecture and software segment. “They will have the ability to improve their time to market and operational productivity through digital machine prototyping and virtual commissioning. It also marks another investment by Rockwell Automation to bring the Connected Enterprise to life.”
“As a former Rockwell Automation Encompass partner, we established great working relationships with Rockwell Automation and its customers,” said Ian McGregor, Emulate3D global sales and marketing director. “We look forward to building on those relationships under our new ownership. Rockwell Automation’s installed base and our engineering software provides a great opportunity to better address customer needs in today’s rapidly changing, technologically-advanced manufacturing environment.”
Rockwell Automation will add Emulate3D’s technology to its digital design portfolio to deliver solutions to automotive, logistics, material handling, and other industrial applications. Software will be sold as Emulate3D by Rockwell Automation, as part of Rockwell Automation’s FactoryTalk DesignSuite.
by Gary Mintchell | Jan 23, 2019 | Automation, News, Security
Discussing industrial technology while ignoring cybersecurity is impossible these days. I just saw a survey that contends CEOs are more worried about cybersecurity than recession.
Note—I have been traveling for meetings and finally got my schedule together to post something. I’m also compiling my schedule for the annual ARC Advisory Group Industry Forum in a couple of weeks. If you’re going, I’d love to meet you. Send a note or a text. Maybe we can have coffee.
Schneider Electric Partners with Nozomi Networks
Schneider Electric has signed a global partnership agreement with Nozomi Networks to collaborate with Nozomi to provide customers in the industrial manufacturing and critical infrastructure segments advanced anomaly detection, vulnerability assessment, and other cybersecurity solutions and services, helping them to control, prevent and mitigate risks to their operations and business performance.
“The industry-wide transformation taking place today enables our customers to improve their business performance in ways they never imagined, but it requires them to expand connectivity across their operations, so they can extract, contextualize and apply new levels of rich data,” said Nathalie Marcotte, senior vice president, Industry Services and Cybersecurity, Schneider Electric. “However, extending connectivity also extends the attack surface for would-be cyber criminals. Therefore, cybersecurity can no longer be an afterthought. There’s too much at stake, financially and operationally. By adding Nozomi Networks to our family of partners, we strengthen our ability to help customers understand and eliminate risks and threats to their operations and assets, while reducing potential impact on their business success.”
The partnership enables Schneider Electric to respond more aggressively to immediate demand for effective, operational technology cybersecurity services, solutions and expertise in oil and gas, power, building automation and other industrial sectors. Schneider Electric will offer Nozomi Networks’ advanced solutions for industrial control system cyber resiliency and real-time operational visibility to customers worldwide. Schneider Electric will combine its EcoStruxure IIoT process automation and industrial control solutions with Nozomi’s SCADAguardian platform for real-time operations visibility, including:
- Advanced ICS Cybersecurity Solutions: The bundled solution will deliver the deep network visibility and OT cybersecurity industry operators require in one, comprehensive and highly scalable solution.
- Nozomi Networks SCADAguardian solution provides accurate asset discovery, superior threat detection and flexible and scalable deployment options to Schneider Electric customers.
- Nozomi Networks Certified Consultants: Schneider Electric consultants around the world will continue to be trained as certified Nozomi Networks engineers, scaling to support clients throughout their cybersecurity solution implementation, and providing expert OT threat hunting and forensic analysis.
- SCADAguardian Live in Schneider Electric Sites: Schneider Electric customers can experience Nozomi Networks’ real-time operational visibility and cybersecurity solutions via live threat scenarios running in Schneider Electric sites around the world.
EcoStruxure is Schneider Electric’s open, interoperable, IoT-enabled system architecture and platform.
“Years of multi-industry experience discerning the complexities of industrial control system networks, continuous innovation and expertise in artificial intelligence and machine learning have made Nozomi Networks SCADAguardian the most comprehensive, scalable and mature product in its category,” said Edgard Capdevielle, chief executive officer, Nozomi Networks. “Our partnership with Schneider Electric accelerates our joint efforts to further protect global infrastructure while helping to improve the safety, efficiency, reliability and profitability of the world’s most critical operations.”
“The digital enterprise requires a holistic security approach that not only provides safeguards, but continually assesses, manages and monitors business and operating systems, which Nozomi Networks’ solutions do seamlessly,” Marcotte said. “Addressing cybersecurity head on can’t be limited to a single company, segment or region. That is why we are committed to being open, transparent and collaborative when it comes to helping global industry prevent and respond to cyberattacks. As this partnership shows, we will continue to collaborate with industry leaders who have the technology, expertise and unique skills required to secure and protect our customers’ people, production and profits.”
Mocana Integrates with Unified Automation’s High Performance OPC UA SDK
Simplifies Replacement of OpenSSL with Mocana’s FIPS 140-2 Validated Cryptographic Engine
Mocana announced the integration of Mocana TrustPoint, the company’s embedded cybersecurity software, with Unified Automation’s High Performance OPC Unified Architecture (UA) Software Development Kit (SDK). This integration enables industrial manufacturers and operators to easily replace OpenSSL, an open source crypto library, with Mocana’s proven cybersecurity software solution that is FIPS 140-2 validated and compliant with leading industrial cybersecurity standards.
“Mocana’s embedded cybersecurity solutions are used by the largest industrial companies for mission critical systems,” said Uwe Steinkrauss, Executive Director at Unified Automation. “We’re committed to partnering with Mocana to provide the OPC UA community with solutions that are secure and compliant with industry standards.”
OPC UA is an open machine-to-machine communication platform for industrial automation developed by the OPC Foundation. The OPC UA standard enables industrial control system (ICS) devices across multiple platforms to communicate using a services-oriented architecture (SOA) including enhanced publish / subscribe capabilities. The standard is broadly used across many industries including pharmaceutical, oil and gas, building automation, industrial robotics, security, manufacturing, process control, and transportation.
By default, most OPC UA SDKs have been designed to use OpenSSL, open source security software, to handle security functions such as authentication and encryption. Besides the large footprint hindering implementation on the smallest embedded devices, OpenSSL has been shown to have thousands of vulnerabilities, a hard to maintain complex code base, and slow vulnerability remediation times. Additionally, the latest NIST 140-2 standards cannot be met by the current version of OpenSSL. As a result, industrial companies are migrating away from OpenSSL to meet cybersecurity compliance standards.
Mocana’s integration with Unified Automation’s OPC UA SDKs makes it easy to replace OpenSSL with Mocana’s FIPS 140-2 validated cryptographic engine and comprehensive device security lifecycle management platform. Mocana provides an OpenSSL Connector, a shim that transparently intercepts the device application’s OpenSSL API calls, changes the arguments, and passes them onto Mocana’s cryptographic engine without requiring any application code changes.
“Unified Automation has deep expertise with OPC UA and was instrumental in developing the OPC UA stacks, in particular the ANSI C stack,” said Srinivas Kumar, Vice President of Engineering at Mocana. “We are committed to making it easy to enable the highest level of security and device integrity for OPC UA-enabled industrial devices.”
Mocana’s proven device security solution facilitates compliance with cybersecurity standards, such as the NIST FIPS 140-2, IEC 62443, NIST 800-63, and CIP-007. Mocana and Unified Automation are members of the OPC Foundation.
