Your partner in testing the Internet of Things
OCTOBER 2016 VOLUME 3 IOTDESIGN.EMBEDDED-COMPUTING.COM
Internet of Things applications for smart homes, connected cars, smart cities, smart utilities, wearable devices and smart industries are becoming ubiquitous. Rohde & Schwarz supports manufacturers and suppliers with T&M solutions for developing and producing wireless M2M communications systems for the Internet of Things.
OCTOBER 2016 VOLUME 3 IOTDESIGN.EMBEDDED-COMPUTING.COM
IOT INSIDER
PG 7 AI for the embedded IoT
❙ Worldwide network of development and service locations ❙ World leader in T&M solutions for technologies such as Wi-Fi, Bluetooth®, GSM and LTE ❙ Member of international standardization bodies
AVNET
Intel® Quark™ Microcontroller Developer Kit D2000 PG 41
AVNET
Texas Instruments SimpleLink™ Multi-standard CC2650 SensorTag™ Kit Reference Design PG 45
www.rohde-schwarz.com/ad/IoT
IEI TECHNOLOGY USA CORP TANK-860-QGW PG 38
SIERRA MONITOR
2016 Design pG 29
Guide
pG 29
AVNET
WIND RIVER SYSTEMS, INC. AVNET
NXP® Freedom Development Platform for Kinetis® KW2x MCU PG 43
The IoT Needs Fog Computing PG 23
Why Device Management Matters PG 2
FieldPoP Cloud FS-QS-10XX PG 46
Industrial IoT Starter Kit featuring IBM Watson IoT™ Platform PG 35
™
AVNET
Microsoft® Windows® 10 IoT Platform Solutions PG 44
AN INTEL COMPANY
AWS, Microchip DELIVER trust anchor for end-to-end IoT security PG 8
Secure firmware updates for low-power MCUs The IoT Doesn’t Need PoCs PG 20
PG 16
SPEAKOUT
ADVERTORIAL
Device Management in the Internet of Things Why It Matters and How to Achieve It Data may be the hero of the Internet of Things (IoT) story, but the real workhorses are the devices at the edge of the IoT system. They’ve been deployed to generate and transmit data to a centralized platform, or to perform an automated task that in turn generates data. The performance of the system as a whole often hinges on the health of these devices. If a device, sensor, embedded agent, or gateway begins faltering, the consequences can range from minor disruption to dire.
REMOTE CONTROL FOR THE DEVICE LIFECYCLE From the initial design stage, device manufacturers and system developers need to take into account a device’s entire operating lifecycle, from the time it is deployed until it is decommissioned. Over that time, several distinct but interrelated issues need to be addressed: Commissioning and provisioning: Once devices are deployed and connected, operators must activate and provision them. This can mean literally going from device to device with a thumb drive and loading applications or performing upgrades manually. System operators need the means to configure, provision, and manage field devices remotely. Security: Hackers often target endpoint devices as a means of gaining entry to the system as a whole. Security breaches at the device level can have severe consequences, including steep financial losses, damage to credibility and trust, or even endangerment of human life. Securing devices is particularly problematic because they are vulnerable to both physical tampering and networkborne threats. Monitoring and management: System operators need tools to monitor the health and performance of devices remotely and check for security vulnerabilities. They also need to be able to send “instructions” to devices to fix a problem or change a function, often based on data that has been received from those same devices. This requires a two-way or “round-trip” communication capability, in which responses to the devices can be automated. Integration: IoT systems that generate and deliver data from field devices need a point of integration with enterprise systems that can aggregate, analyze, and act upon that data.
ENTERPRISE IT SECURE CONNECTIVITY CRM ERP SERVICE CLOUD
MARKETING CLOUD
Updates and upgrades: Devices in enterprise applications may be expected to operate and perform for years. The software running on them likely will require constant updating, bug fixes, and security patches. They will also require periodic software upgrades, both to avoid performance degradation and to take advantage of software improvements that will bring greater speed, capacity, and efficiency. Once an upgrade or a new application has been developed, operators need the means to deploy it quickly to many devices at a time. Decommissioning: Developers need to plan for the end of the device’s life at the design stage. Operators need to be able to securely remove a device from service, ensuring that it is truly “dead” and does not expose a vulnerability that intruders could exploit.
THE ANSWER IN THE CLOUD Device management should be part of an IoT strategy from inception. But trying to build capabilities for device management and two-way communication increases the cost and complexity of development, and slows time-to-deployment. A more practical solution is to leverage technology designed specifically for IoT device deployment and management. Wind River® Helix™ Device Cloud makes this possible by enabling operators to safely and securely monitor, manage, service, and update devices in the field. Device Cloud automatically collects and integrates data from hundreds or thousands of disparate devices, machines, and systems, enabling operators to track device status and content, share data among engineers, and proactively determine when updates are needed.
™
1-800-545-WIND WWW.WINDRIVER.COM
AN INTEL COMPANY
DESIGN-IN EMBEDDED SOLUTIONS Simplify your IoT deployment with the Advantech Gateway Starter Kit
This powerful and complete IoT gateway starter kit empowers your IoT project with a reliable platform and open gateway technologies. The package includes a ready-to-run fanless automation system (Intel® Celeron® J1900 platform and Windows® 7 Embedded), IoT platform software, development kit and technical support service. Also included is Microsoft® Azure® service integration. Get your IoT Gateway Starter Kit: Buy.Advantech.com/go/IoTGateway
Building Blocks for Embedded Applications
Industrial Digital Signage Solutions
• 2.5” Pico-ITX - 5.25” embedded SBC form factors • Rich I/O & wide temp options (-40~85°C)
• Ranging from 6.5”-32” LCD displays • Available in high bright, resistive & PCAP options
1-888-576-9668 | Buy.Advantech.com | We Manufacture it > You Click It > We Ship It
Our partners:
October 2016 | Volume 3
CONTENTS
opsy.st/IoTDesign
FEATURES
@iot_guide
COVER
8 AWS, Microchip deliver trust anchor for end-to-end IoT security By Brandon Lewis, Technology Editor
The 2016 IoT Design Guide uncovers the latest technologies and techniques available to designers of connected systems, including secure firmware updates, cloud authentication, and fog computing. Dozens of development tools and solutions can also be found in the IoT Design Resource Guide, beginning on page 29.
12 Advances in sensing, connectivity, and control fuel IIoT designs By Wiren Perera, ON Semiconductor
WEB EXTRAS Silicon Labs acquires Micrium in bid to provide complete IoT development solutions – Embedded Computing Design
12 16 Secure firmware update considerations for ultra-low power MCUs
By Rory Dear, Technical Contributor http://bit.ly/SmartHomeCandC
By Bhargavi Nisarga and Luis Reynoso, Texas Instruments
Connected car HERE now, autonomous driving coming later
By David Smith, MultiTech Systems
By Majeed Ahmed, Automotive Contributor http://bit.ly/ConnectedCarHERE
23 The IoT needs fog computing
Z-Wave opens up as smart home connectivity battle closes in
By Angelo Corsaro, PrismTech
26 CIA and TPM to secure the IoT?
By Guenther Fischer, Wibu-Systems AG
http://bit.ly/SiliconLabs_Micrium
Smart home hindered by ease of configuration, cost
20 The IoT doesn’t need PoCs
By Rich Nass, Embedded Computing Design Brand Director, and Brandon Lewis, Technology Editor
20
By Brandon Lewis, Technology Editor http://bit.ly/ZWaveSmartHome
29 2016 Design Guide
Check these boxes before deploying IoT devices
By Donald Schleede, Digi International http://bit.ly/IoTBoxChecking
Dev Kits Industrial IoT Platform MCUs and MPUs RTOS and Tools, Security Sensors Smart Home Wireless, Cloud
COLUMN 7 4
IOT INSIDER – AI for the embedded IoT By Brandon Lewis, Technology Editor IoT Design Guide 2016
Published by:
26 2016 OpenSystems Media® © 2016 Embedded Computing Design All registered brands and trademarks within Embedded Computing Design magazine are the property of their respective owners. iPad is a trademark of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. ISSN: Print 1542-6408 Online: 1542-6459 enviroink.indd 1
10/1/08 10:44:38 AM
www.iotdesign.embedded-computing.com
Video Surveillance with High Capacity Storage & Max I/O
City Surveillance
Banking and Finance Critical Infrastructure
Hospitals
Retail & Commercial
X10DRX Motherboard 11x PCI-E Slots (10 x8 & 1 x4)
SSG-6048R-E1CR60N 4U 60x3.5”Drive Bays
Transportation
SC846XE2C 4U 24x 3.5”Drive Bays w/BBP
SSG-6038R-E1CR16N 3U 16x3.5”Drive Bays
SYS-6048R-TXR 4U 5x 3.5”Drive Bays
SSG-6028R-E1CR24N 2U 24x3.5”Drive Bays
SYS-6038-TXR 3U 8x 3.5”Drive Bays
SYS-5029S-TN2 Mini Tower 4x3.5”Drive Bays
SYS-2028R-TXR 2U 16x 2.5”Drive Bays
SYS-E200-9B Compact Box System
Low Power Intel® Quark™, Intel® Atom™ Intel®, Core™ processor families, and High Performance Intel® Xeon® processors Performance Data Analytics
Video Surveillance with Max I/O
Media Transcoding Storage Expansion
Intel Inside®. Powerful Productivity Outside.
Digital Video Solutions Remote Management OOB
Learn more at www.supermicro.com/embedded Intel, the Intel logo, Xeon, and Xeon Inside are trademarks or registered trademarks of Intel Corporation in the U.S. and/or other countries.
Analog Video Solutions 03_Q3_SM_USP_082316_MasterFile
Security Fast Data Encryption
Advertiser Index PAGE ADVERTISER ACCES I/O Products, Inc. – PCI Express Mini Card & mPCIe Embedded I/O Solutions 3 Advantech Embedded Group – Design-In Embedded Solutions 15 American Portwell Technology – Empowering the Connected World Cover 2 Avnet – IBM Watson – Industrial IoT Starter Kit featuring IBM Watson IoT Platform Cover 2 Avnet – Intel – Quark Microcontroller Developer Kit D2000 Cover 1 Avnet – Texas Instruments – SimpleLink Multi-standard CC2650 SensorTag Kit Reference Design Cover 2 Avnet – Microsoft Windows 10 – IoT Platform Solutions Cover 1 Avnet – NXP Freedom Development Platform for Kinetis KW2x MCU 22 Elma Electronic – Protecting the Core – Equipment Cabinets that Keep Traffic Moving 47 Embedded World – It’s a Smarter World Cover 1 IEI Technology USA Corp – TANK-860-QGW 11 MEN Micro Elektronik GmbH – Reliable Embedded Computing for a World in Motion 28 Microchip Technology, Inc. – Revolutionary End-Node Solutions 48 Rohde & Schwarz GmbH – Your Patner in Testing the Internet of Things Cover 2 Sierra Monitor – FieldPoP Cloud FS-QS-10XX 5 Supermicro – Video Surveillance with High Capacity Storage & Max I/O 19 Toradex – Embedded to Perfection for the Internet of Things Cover 1 Wind River Systems, Inc. – Why Device Management Matters 2 Wind River Systems, Inc. – Why Device Management Matters 18
EMBEDDED COMPUTING BRAND DIRECTOR Rich Nass rnass@opensystemsmedia.com EMBEDDED COMPUTING EDITORIAL DIRECTOR Curt Schwaderer cschwaderer@opensystemsmedia.com TECHNOLOGY EDITOR Brandon Lewis blewis@opensystemsmedia.com CONTENT ASSISTANT Jamie Leland jleland@opensystemsmedia.com TECHNICAL CONTRIBUTOR Rory Dear rdear@opensystemsmedia.com DIRECTOR OF E-CAST LEAD GENERATION AND AUDIENCE ENGAGEMENT Joy Gilmore jgilmore@opensystemsmedia.com
WEB DEVELOPER Paul Nelson pnelson@opensystemsmedia.com
CREATIVE DIRECTOR Steph Sweet ssweet@opensystemsmedia.com
SENIOR WEB DEVELOPER Konrad Witte kwitte@opensystemsmedia.com
DIGITAL MEDIA MANAGER Rachel Wallace rwallace@opensystemsmedia.com
CONTRIBUTING DESIGNER Joann Toth jtoth@opensystemsmedia.com
SALES
SALES MANAGER Tom Varcie tvarcie@opensystemsmedia.com (586) 415-6500
STRATEGIC ACCOUNT MANAGER Rebecca Barker rbarker@opensystemsmedia.com (281) 724-8021 STRATEGIC ACCOUNT MANAGER Bill Barron bbarron@opensystemsmedia.com (516) 376-9838 STRATEGIC ACCOUNT MANAGER Eric Henry ehenry@opensystemsmedia.com (541) 760-5361 STRATEGIC ACCOUNT MANAGER Kathleen Wackowski kwackowski@opensystemsmedia.com (978) 888-7367 SOUTHERN CALIFORNIA REGIONAL SALES MANAGER Len Pettek lpettek@opensystemsmedia.com (805) 231-9582 SOUTHWEST REGIONAL SALES MANAGER Barbara Quinlan bquinlan@opensystemsmedia.com (480) 236-8818 NORTHERN CALIFORNIA REGIONAL SALES MANAGER Twyla Sulesky tsulesky@opensystemsmedia.com (408) 779-0005
ECAST
ASIA-PACIFIC SALES ACCOUNT MANAGER Elvi Lee elvi@aceforum.com.tw EUROPE SALES ACCOUNT MANAGER James Rhoades-Brown james.rhoadesbrown@husonmedia.com
WWW.OPENSYSTEMSMEDIA.COM
How to Bridge IT and OT for Industry 4.0
PUBLISHER Patrick Hopper phopper@opensystemsmedia.com
PRESIDENT Rosemary Kristoff rkristoff@opensystemsmedia.com
Sponsored by: Advantech Date: November 4, 8am ET http://ecast.opensystemsmedia.com/685
EXECUTIVE VICE PRESIDENT John McHale jmchale@opensystemsmedia.com
EXECUTIVE VICE PRESIDENT Rich Nass rnass@opensystemsmedia.com
EVENT Industrial Internet of Things Forum at electronica November 14-17, 2016 Munich, Germany http://electronica.de/trade-fair/events/ forums/industrial-internet-of-things/
Subscribe to IoT Design embedded-computing.com/subscribe 6
IoT Design Guide 2016
ASSISTANT MANAGING EDITOR Lisa Daigle ldaigle@opensystemsmedia.com SENIOR EDITOR Sally Cole scole@opensystemsmedia.com ASSOCIATE EDITOR Mariana Iriarte miriarte@opensystemsmedia.com VITA EDITORIAL DIRECTOR Jerry Gipper jgipper@opensystemsmedia.com PICMG EDITORIAL DIRECTOR Joe Pavlat jpavlat@opensystemsmedia.com MANAGING EDITOR Jennifer Hesse jhesse@opensystemsmedia.com CREATIVE SERVICES DIRECTOR David Diomede ddiomede@opensystemsmedia.com
CREATIVE PROJECTS Chris Rassiccia crassiccia@opensystemsmedia.com
FINANCIAL ASSISTANT Emily Verhoeks everhoeks@opensystemsmedia.com
Get your free digital edition at iotdesign.embedded-computing.com/emag
CHIEF TECHNICAL OFFICER Wayne Kristoff GROUP EDITORIAL DIRECTOR John McHale jmchale@opensystemsmedia.com
SUBSCRIPTION MANAGER subscriptions@opensystemsmedia.com CORPORATE OFFICE 16626 E. Avenue of the Fountains, Ste. 201 • Fountain Hills, AZ 85268 • Tel: (480) 967-5581 SALES AND MARKETING OFFICE 30233 Jefferson • St. Clair Shores, MI 48082
REPRINTS WRIGHT’S MEDIA REPRINT COORDINATOR Wyndell Hamilton whamilton@wrightsmedia.com (281) 419-5725
www.iotdesign.embedded-computing.com
IoT INSIDER
AI for the embedded IoT By Brandon Lewis, Technology Editor blewis@opensystemsmedia.com
The Internet of Things (IoT) has been touted as the next Industrial Revolution, with pervasive connectivity and the insights it can generate offering a new digital lens for viewing and managing the physical world. But in addition to the tangible process efficiencies and quality of life improvements expected from the IoT, it’s also a stepping stone to perhaps the greatest achievement in human history: artificial intelligence (AI). In many ways the technological progression of AI and the IoT are intertwined. IoT will provide the information that fuels our data-driven economy, while AI is the engine that will consume it. Though both paradigms are still in their infancy, each’s success is contingent upon the other’s: The IoT can never reach its potential without a mechanism for autonomously processing large heterogeneous data sets, just as AI is incapable of expanding without being fed massive amounts of data. Like many other IoT-enabling technologies, however, AI research and development has largely been restricted to the IT sector, as the complexity of convolutional neural networks (CNNs), hidden Markov models (HMMs), natural language processing, and other disciplines used in the creation of machine learning algorithms and deep neural networks (DNNs) requires storage and computing resources usually only accessible on a data center scale. Likewise, programming methodologies have been tuned to IT developers, with tools such as R, Python, SQL, Excel, RapidMiner, Hadoop, Spark, and Tableau being the most widely employed by data analysts and computer scientists working in the AI field. This gap between AI and data collection at the physical/digital interchange is a common complication for the IoT, which is just beginning to drive the integration of IT and operational technology (OT). Nonetheless, it’s a gap that must be bridged.
AI for the embedded IoT One of AI’s early excursions into the OT space came with the release of the NVIDIA Jetson TK1 platform in 2014. Based on the Tegra K1 system on chip (SoC) and its 192-core Kepler GPU and quad-core ARM Cortex-A15, the Jetson TK1 brought data center-level compute performance to computer vision, robotics, and automotive applications, but also provided embedded engineers with a development platform for the CUDA Deep Neural Network (cuDNN) library. The cuDNN primitives enabled operations such as activation functions, forward and backward convolution, normalization, and tensor transformations required for DNN training and inferencing, and the combination of this technology with the Jetson TK1’s 10 W power envelope meant www.iotdesign.embedded-computing.com
that deep learning frameworks such as Caffe and Torch could be accessed and executed on smaller OT devices. “IOT WILL PROVIDE THE INFORMATION THAT FUELS OUR DATA-DRIVEN ECONOMY, WHILE AI IS THE ENGINE THAT WILL CONSUME IT.” Today that groundwork has been extended, as the Jetson TK1’s successor, the Jetson TX1 system on module (SoM), contains 256 CUDA cores, an ARM Cortex-A57 CPU, and is capable of 1 TFLOPS performance. Machine learning tools and libraries are also more widely available through the NVIDIA JetPack 2.3, an evolution of the original set of cuDNN libraries that better serves OT developers by packaging the CUDA Toolkit 8 development environment for building GPU-based applications in C and C++; camera and Video4Linux2 (V4L2) APIs; the TensorRT inferencing engine; and cuDNN 5.1, which now supports recurrent neural networks (RNNs) and long short-term memory (LSTM) networks. An NVIDIA benchmark shows that optimizations in the Jetson TX1 and JetPack 2.3 can permit up to 20 times better energy efficiency than CPUs running comparable deep learning workloads, while still maintaining an 8-10 W power draw on the TX1 under typical workloads.
Never stop learning As the IoT produces data for the AI revolution, the need to monitor the progression of machine learning technologies has also become apparent. This not only ensures that intelligent systems endowed with learning capabilities properly pursue the objectives of their education, but also that human developers properly refine the underlying frameworks and libraries upon which machine learning is based to meet desired end goals. For this purpose, Cornell Computer Science PhD Jason Yosinski created the Deep Visualization Toolbox, an open-source project that allows users to observe the various layers of a DNN to infer how machine learning platforms compute answers to complex problems. A video demonstration of the Deep Visualization Toolbox running on the Jetson TX1 developer kit can be viewed in the web version of this article at http://bit.ly/AIforIoT, and for those of you fortunate enough to be visiting CES in 2017, NVIDIA typically showcases deep learning technologies at its automotive booth in North Hall. It’s just the beginning, but an IoT inflection point is occurring at the intersection of IT and embedded. That inflection point is AI. IoT Design Guide 2016
7
Special Feature
AWS, Microchip deliver trust anchor for end-to-end IoT security By Brandon Lewis, Technology Editor
Digital certificates, such as X.509 used by the transport layer security (TLS) protocol, are ingrained in almost every aspect of our digital lives. Whether sending a secure e-mail, checking a bank account balance, or performing any other action that requires an encrypted online connection, these certificates authenticate the identity of parties involved in the electronic exchange of information to prevent, for example, man-in-the-middle attacks whereby a malicious actor impersonates one entity and potentially alters or misrepresents the content being exchanged. Certification authorities (CAs) sign digital certificates as proof that they have validated a root certificate containing an entity’s public key, which is mathematically associated with a unique private key that remains secret as part of an entity’s asymmetric public/ private key pair (Figures 1A and 1B). This key exchange and verification mechanism between user and CA instills confidence in any recipient of the digital certificate that its sender is in fact who they attest to be. However, outside of the enterprise/IT community, digital certificates have primarily been used to validate servers only. Client authentication is typically not implemented in most applications because it requires certificate provisioning for large sets of heterogeneous end users, which complicates the management of a public key infrastructure (PKI). But with the Internet of Things (IoT) introducing billions of clients that not only retrieve information from the cloud but also send data to it, the requirement for mutual authentication – or the immediate two-way authentication of both clients and servers – has steadily increased to ensure overall system integrity.
AWS, mutual authentication, and Just-In-Time Registration With the release of the AWS IoT platform last year, Amazon Web Services (AWS) introduced mutual authentication to the IoT space. As mentioned, mutual authentication
8
IoT Design Guide 2016
technology helps verify the integrity of all parties in a system of systems architecture, but also introduces problems related to certificate provisioning for client-side devices. In response, AWS released a service this April called “Use Your Own Certificate,” which allows original equipment manufacturers (OEMs) to register digital certificates signed by a third-party CA with the AWS IoT platform using an API. The Use Your Own Certificate feature implies that the key exchange required for the creation of a digital certificate can occur independent of a client connection with AWS IoT servers, and perhaps even before the device itself is connected to the Internet, introducing a www.iotdesign.embedded-computing.com
User
Certification Authority
Digital Certificate Public Key
Private Key Public Key User Identification
Build Certificate for User
Verify User Identification
Request to Certification Authority
User Identification Return to User
FIGURE 1A
FIGURE 1B
(1) Certification Request (name + public key)
Certification Authority (CA) (2) Message (signed with CA’s private key)
Alice
(3) Alice sends certificate to Bob (providing access to Alice’s public key)
FIGURE 1A AND 1B
Certification Authority Identification
Bob
(4) Verify CA Signature
As shown in Figure 1A, digital certificates are generated by certificate authorities (CAs) who sign off on the public key of entities attempting to establish secure online connections (Figure 1B).
new possibility for OEMs: Unique cryptographic keys can be generated for each device during production, signed by a CA as part of an offline digital certificate verification process, and then loaded into the AWS IoT platform to await a service request from systems containing the corresponding key pairs. This process also lays the groundwork for the latest capability in the AWS IoT portfolio, Just-In-Time Registration (JITR), announced in August. JITR is somewhat of a turning point for the IoT in that, as the term implies, devices can automatically connect to and be recognized by the AWS IoT cloud the first time they request service from the platform. This type of immediate, autonomous onboarding of devices with cloud services is critical given the projected number of IoT connections, but is contingent upon the devices connecting being pre-equipped with unique, trusted www.iotdesign.embedded-computing.com
private keys in order to enable services such as the Use Your Own Certificate API and to prevent impersonation attacks (Figure 2). It also requires that devices be equipped with the correct server configurations and policies to help facilitate the onboarding process, which must also be kept secure.
IoT Device #NN
IoT OEM AWS Account
IoT Device Certificates
1st TLS Mutual Authentication with AWS IoT
Device #NN
AWS IoT automatically registers the Device Certificate in the account
FIGURE 2
Just-in-time registration (JITR) allows devices to connect with AWS IoT servers the first time they attempt a service connection, but requires that the Use Your Own Certificate API be leveraged first to upload device certificates into AWS IoT. IoT Design Guide 2016
9
Special Feature
Diffie-Hellman (ECDH) key agreement protocol it employs enables the internal generation and storage of private keys. These keys remain protected through the life of the device due to tamper-resistant architectural features of the chip, including internally encrypted memory, isolated power rails, a memory and logic shield, internal clock generation, and a lack of probe points that protect against real-world threats such as emissions analysis, microprobe, power cycling, and timing attacks. This secure storage space can also be used to house pre-configured AWS server policies, resulting in a device that contains all of the information needed for digital certificate authentication and onboarding required by JITR.
”THE ECC508A IS NOTEWORTHY IN THE FRAMEWORK
FIGURE 3 The ECC508A is a 2 mm x 3 mm tamper-resistant CryptoAuthentication device based on elliptic curve Diffie-Hellman (ECDH) cryptography algorithms that provide hardware-based cryptographic key generation, storage, and countermeasures.
The challenge of device manufacturers is to ensure that these keys and policies remain secret and secure from the time a device is manufactured, through the onboarding process, and even after a product reaches end of life (EOL). Previously this has been attempted through the installation of hardware security modules (HSMs) in secure rooms at factories, periodic factory security audits, and time box protocols that attempt to define an acceptable onboarding period for devices. Unfortunately, these methods tend to be either expensive or inexact, and also don’t account for threats that could compromise systems deployed in the field, such as physical tampering.
OF AWS IOT’S MUTUAL AUTHENTICATION, USE YOUR OWN CERTIFICATE, AND JITR CAPABILITIES IN THAT THE ELLIPTIC CURVE DIFFIE-HELLMAN KEY AGREEMENT PROTOCOL IT EMPLOYS ENABLES THE INTERNAL GENERATION AND STORAGE OF PRIVATE KEYS.”
As seen in wolfSSL’s wolfCrypt benchmark of an embedded SSL/TLS stack running on the ECC508A, the hardware-based crypto acceleration of the chip also offloads encryption tasks from a host processor, resulting in improved overall system performance (Figure 4).
ECC508A and AWS IoT: The process As discussed previously, private keys are mathematically correlated with the public keys required for the creation of digital certificates. Therefore the ECC508A becomes the root of trust for any device that equips it. In the context of a mutually authenticated AWS IoT deployment leveraging the ECC508A, Microchip can act as the CA, both generating and signing device certificates in parallel as part of the certificate chain verification process for an IoT OEM.
Hardware-based elliptic curve cryptography anchors trust in IoT 2016 has also seen significant news from the other side of the IoT technology spectrum, as semiconductor vendor Microchip acquired competitor Atmel for approximately $3.6 billion earlier this year. Among other technologies, the purchase netted Microchip access to Atmel’s portfolio of security ICs, including elliptic curve cryptography-based (ECC-based) CryptoAuthentication devices such as the ECC508A (Figure 3). The ECC508A is noteworthy in the framework of AWS IoT’s mutual authentication, Use Your Own Certificate, and JITR capabilities in that the elliptic curve
10
IoT Design Guide 2016
FIGURE 4
The wolfCrypt ECC benchmark shown here illustrates performance metrics of a TLS transaction running the lightweight (20 Kb – 100 Kb) wolfSSL embedded SSL/TLS library on the ECC508A hardware-based crypto accelerator versus in software. The average TLS establishment time for the ECC508A is 2.342 seconds, compared to 13.422 seconds in software, good enough for a 5.73x improvement. Graph courtesy wolfSSL. www.iotdesign.embedded-computing.com
The OEM would then load the resulting digital certificates into their AWS IoT account through the Use Your Own Certificate API, where they would remain until an incoming TLS request from a device containing the partnered ECC508A key pair triggers the JITR process.
Reliable Embedded Computing for a World in Motion.
The procedure, from key generation through cloud onboarding, requires a one-time setup, shown in Figure 5. As keys are generated in a secure Microchip facility and the key management infrastructure is already in place, OEMs are able to access robust security and automatic cloud authentication by adding a single component to their bill of materials (BoM).
Dropping anchor on IoT security Security is essential to the continued rollout of IoT in every market, and discrete solutions that allow device makers to separate security from business functions and value adds will enable more innovative products in the future. An ECC508A evaluation kit is available for interested parties through Microchip and distributors such as DigiKey and Mouser, with trials and tutorials of AWS IoT accessible at aws.amazon.com/iot. Root CA
Root of Trust One Time Event: Provide Signed Intermediate CA
IoT OEM IoT OEM AWS Account Customer Specific Production Signers
OEM CA One Time Event:
Massively Parallel Production:
Generate and Sign individual Device Certificates
Sign Microchip Customer Specific Production Signers with OEM Intermediate CA
Customer Specific Production Signers
One Time Event:
Load Microchip Customer Specific Production Signer Certificates to AWS Account
FIGURE 5
With the ECC508A acting as the root of trust, Microchip can act as a third-party CA, signing device certificates in an offline verification process and providing them to an original equipment manufacturer (OEM) for upload to an AWS IoT account.
» Safe computers for rail, road and air, up to SIL 4/DAL-A » Modular box and panel PCs for industry and transportation » Powerful system solutions on CompactPCI®/PlusIO/Serial » Robust, standard Computeron-Modules (COMs) » Fast time-to-market with built-to-order box PCs & half „ 19 systems » Market-specific Ethernet switches and fieldbus interfaces
FIGURE 6
The ECC508A AT88CKECC-AWS-XSTK evaluation kit is available for developers of secure, connected applications for $249.
www.iotdesign.embedded-computing.com
www.menmicro.com IoT Design Guide 2016
11
Edge
Advances in sensing, connectivity, and control fuel IIoT designs By Wiren Perera
The Industrial Internet of Things (IIoT) promises to deliver a step change in efficiency and a leap towards autonomy for industrial automation and other sectors, such as security and surveillance and building management. The prospect of self-monitoring, self-managing factories and manufacturing processes is no longer beyond the distant horizon. The ability to remotely identify, monitor, and control every individual device in a manufacturing process network with minimal or no human intervention offers opportunities that were beyond comprehension just a decade ago – even in the eyes of engineers working at the very forefront of industrial manufacturing technology. The key drivers of the IIoT are more measurement of an expanding number of parameters, fast and extensive analysis of and reactions to data, and accelerated enhancements to processes. Successful IIoT design and management can mean continuously optimized efficiency, reduced operating costs, and more resilient selflearning processes. At the fulcrum of this are a number of semiconductor technologies on offer and in development at some of the world’s top electronic component manufacturers.
Vision-based sensing and energy harvesting Sensors are at the heart of the IIoT, gathering more and more data. But to measure more, we need to sense more – more parameters, more accurately, and more often. Overlaying software on established technologies can bring incremental gains, but to make the necessary advances we need to add more parameters with accuracy, as each additional parameter can make a system smarter. Sensor technology that measures “traditional” parameters such as temperature, light, position, level, humidity, and pressure, continues to advance. But despite becoming smaller, more cost-effective, and often embedded, each sensor is dedicated and, hence, limited in its functionality and versatility. Vision-based sensing enables a new paradigm. Corollary to the concept of “a picture is worth a thousand words,” once a machine can “see,” much more is possible much faster.
12
IoT Design Guide 2016
With vision sensing, programmability brings flexibility, enabling a single vision system to sense missing or misplaced components and other process variables. The trend towards vision-based sensing – both still and video – will make future systems more intelligent, flexible, and ultimately more valuable. Current advances in machine vision, in many situations, can provide better sight than the human eye. Coupled with the reduction in risks associated with human error, it enables a new degree of adaptability and speed for reconfigurable production processes. This could be anything from optimization based on realtime events to the reconfiguration of a system that may allow multiple products to be made on a single line. They only require a simple change from one control www.iotdesign.embedded-computing.com
ON Semiconductor www.onsemi.com
TWITTER @ONSemi
www.linkedin.com/company/ on-semiconductor
www.facebook.com/ onsemiconductor
GOOGLE PLUS
www.plus.google.com/ +onsemi
YOU TUBE
www.youtube.com/user/ ONSemiconductor
program to the next and the system is ready to run. This has obvious cost, time, and labor benefits and reduces the risks associated with error. However, the distributed nature of the IIoT and the requirement to place multiple sensors at various points of measurement presents another challenge: the reliable delivery of power.
FIGURE 1
ON Semiconductor’s Smart Passive Sensor family are wireless energy harvesting sensors that can function autonomously in space-constrained environments.
FIGURE 2
IT/OT integration will yield benefits to industrial automation companies through the concatenation of distributed personnel and assets.
Successful sensors, especially those utilized in IIoT designs, have four basic attributes: they need to be self-powered, collect data, broadcast their status, and have the ability to connect. Wireless sensors with the ability to harvest energy (i.e., self-powered) are essential if the IIoT is to advance and realize its potential. Wireless energy harvesting solutions such as ON Semiconductor’s Smart Passive Sensors are an example of technology that can meet these requirements (Figure 1). These devices can be deployed in hard-to-access, space- constrained environments with no direct power source, allowing them to function autonomously.
Instant access to data Sensors gather data, and then post-processing and analytics generate valuable information, along with the ability to control factories and processes. The processing of large, sustained flows of data associated with real-time sensing for the IIoT is reliant on the cloud. This analysis requires platforms that can store large data sets across distributed clusters; often combining and processing data from many geographically dispersed sources. In global organizations, for example, a problem in a Chinese smart factory can trigger an almost instantaneous process improvement in a similar factory located somewhere else in the world. Advances in secure communications and authentication also allow mobile devices to connect to these networks, bringing opportunities for instantaneous access to information. Flexible access can then drive value into the business and its relationships with the outside world. In www.iotdesign.embedded-computing.com
fact, this IT/operational technology (OT) integration, as shown in Figure 2, has the potential to bring the greatest benefits to a broad range of industrial automation applications.
Combining sensing, connectivity, and actuation Many industrial control systems are very sophisticated and require accurate or careful, often rapid, positioning. This could mean anything from the speed and direction of a cooling fan, to a motor or servo that adjusts a valve position, or a stepper motor for linear or angular positioning in a precision task. Alongside the rapid development of sensing for the IIoT, the actuators and their controllers that provide the physical reactions to gathered, analyzed data are seeing similar advancements. However, integrated manufacturing processes require a broad range of sensing technologies be combined with connectivity and actuation, which creates design and expertise challenges. Fully integrated hardware and software development platforms that combine these elements are crucial to help speed and ease the customization of specific functions for adoption into end products. Modularity makes these platforms extensible to new IoT/IIoT functions and devices that are based on new advances, allowing more rapid adoption (Figure 3, page 14). Open-source support is also important, since a broad ecosystem and interoperability are crucial for the IoT’s success. IoT Design Guide 2016
13
Edge Sensors, data processing, and actuators are all significant building blocks of an IIoT application. However, without a means to communicate, share data, and transmit, receive and execute instructions, the IIoT cannot function. Considering the IIoT’s unique requirements, not all standards and protocols are satisfactory. The technologies suitable for smartphone personal area networks (PANs) or single-supplier standards are unlikely to be successful. Instead, it’s important for IIoT
platforms to demonstrate flexibility by supporting a broad array of standards, including Thread, SIGFOX, EnOcean, M-Bus, KNX, ZigBee, and proprietary protocols. The adoption of a softwaredefined radio (SDR) approach allows a single platform to support multiple protocols, which will be a requirement for platforms designed support multiple applications:
õõ
FIGURE 3
ON Semiconductor’s IoT Development Kit for Smart Passive sensors allows the movement of sensor data to the cloud for applications development.
õõ
NEWSLETTER
The Internet of Things has reached the top of nearly every buzz chart, but it still faces some tough real-world questions. IoT Design Weekly goes beyond the hype to provide practical coverage on Development Kits, MCUs and MPUs, Sensors, Operating Systems and Tools, Security, Wireless, Cloud, Industrial, Smart Home, the Connected Car, and more.
SUBSCRIBE TO IOT DESIGN WEEKLY AT: WWW.IOTDESIGN.EMBEDDED-COMPUTING.COM
14
IoT Design Guide 2016
ZigBee and Thread are complementary 802.15.4 standards, and a liaison relationship between the two industry organizations should help drive broad adoption of these protocols within smart home applications. Thread is an IP-based (IPv6) networking protocol built on open standards for low-power mesh networks that can easily and securely connect hundreds of devices to each other and directly to the cloud. Security and interoperability are two of Thread’s key value-added capabilities. Conversely, SIGFOX enables wide-area networks (WANs) that provide relatively low bandwidth communications with fixed or mobile smart objects or sensors deployed over large areas. Example applications for this protocol include the nationwide tracking of shipping containers or vehicles, and communication with geographically spread assets such as smart-city equipment or oil pumps and pipelines.
Technology convergence for the IIoT At the core of achieving the IIoT’s true potential will be the effective interplay and connection of sensing, computing, and control technologies in robust, energy-efficient implementations. Every facet of technology is evolving towards this goal, with both discrete solutions and integrated development platforms that are enabling embedded and IoT design engineers to transform yesterday’s vision of automated, self-managing industry into today’s reality. Wiren Perera is Senior Director of IoT Strategy and Business Development at ON Semiconductor. www.iotdesign.embedded-computing.com
Edge
Secure firmware update considerations for ultra-low power MCUs By Bhargavi Nisarga and Luis Reynoso
In-field firmware updates are an increasingly popular feature in microcontroller-based (MCU-based) applications. These updates enable new firmware images to be downloaded onto a device’s memory, providing an effective way for product manufacturers to offer services and support to products that are already deployed in the field. The Internet of Things (IoT) era is driving increased connectivity in the embedded world, making this one of the most crucial features for today’s connected products – so long as they are secure.
IoT developers often consider faster timeto-market and lower product maintenance costs when deploying firmware update mechanisms, as the capability allows them to stage feature roll-outs, enable/disable features or functionality on devices in the field, fix firmware bugs after a product has been released, reduce the need for expensive technical support, and enable better overall end user experiences. However, if proper security measures are not in place, this feature may be misused and the consequences of a successful exploitation can be disastrous, ranging from intellectual property (IP) theft and product cloning all the way to unauthorized control of the deployed system. For example, a successful exploitation of firmware update mechanisms that do not support verifying a new firmware image’s authenticity in a hospital drug pump can lead to a hacker tampering with the dosages of drugs delivered to patients.
Firmware updates and their vulnerabilities Figure 1 shows a typical firmware update process. The steps include: 1. The product manufacturer creates and loads an initial firmware image into the device in a trusted environment.
16
IoT Design Guide 2016
2. The product is deployed with the initial firmware into the field. 3. When a firmware update is required, the product manufacturer creates a new firmware image. 4. The manufacturer sends the new firmware image to the end user/ technician or to the product directly through an untrusted communication channel. 5. The new firmware is loaded onto the device in the field. In Figure 1 potential security threats are apparent during the “transport” phase when new firmware is transferred via an untrusted communication channel, or during the “firmware loading” phase when the new firmware is downloaded onto the device in the field. The new firmware image being downloaded to the device corresponds to the IP of the product manufacturer and the target asset. Threats to this asset include: 1. Reverse engineering of the firmware binary image into assembly or a higher level engineering language to analyze its functionality and contents.
2. Product cloning where a firmware image from the product manufacturer is loaded onto a device that is not authorized. 3. Alteration of the firmware distributed by the product manufacturer. 4. Loading an unauthorized firmware image onto the device, which may correspond to an older firmware version from the product manufacturer with known bugs or code created by an unauthorized party, or firmware not intended for the specific device (firmware downgrading). 5. Interrupting the firmware update process such that the firmware is only partially updated, resulting in a device being unavailable for service. It is evident that the aforementioned threats can have disastrous consequences for the product manufacturer, service provider, and end user, thus indicating an intense need for embedded designers to strongly consider measures that increase the overall security of the firmware update mechanism. www.iotdesign.embedded-computing.com
Texas Instruments www.ti.com
@TXInstruments
www.linkedin.com/company/1397
Secure firmware update considerations for design engineers Figure 2 shows an example representation of network-connected systems. In this case, the new firmware image is transferred either from the product manufacturer
www..facebook.com/texasinstruments
(e.g., a new feature roll-out or firmware bug fix) or the service provider (e.g., to enable/disable features or services in a product) to the end nodes over local or wide area networks (LANs/WANs), and may involve authentication from end user applications (e.g., via mobile devices and web applications) to perform the firmware update. Embedded systems engineers designing firmware update capabilities for IoT systems need to not only understand the assets that need to be protected and the potential threats, but also the capabilities and limitations of their system, especially as they pertain to cost, performance, or power consumption in constrained systems. As a starting point, an effective security solution that incorporates the right combination of crypto graphic algorithms and protocol-level measures must be considered.
FIGURE 1
FIGURE 2
Shown here is a typical firmware update process.
A secure firmware update includes security measures dictated by the interface protocols used for network communications, as well as applicationlevel security that ensures firmware images are secured before data enters the network.
www.iotdesign.embedded-computing.com
Cryptographic algorithms provide a means of protecting the privacy of content while ensuring its authenticity and integrity. Not all cryptographic algorithms are the same, but they are based on four cryptographic primitives that handle one or more components of the confidentiality, integrity, and authenticity (CIA) triad. These primitives are: 1. Encryption and decryption: Encryption is the process by which data (plaintext) is transformed into something random and meaningless (ciphertext), while decryption performs the opposite job. These primitives provide both confidentiality and authenticity, and are used to prevent the reverse engineering of firmware. 2. One-way functions: Functions such as hash are mathematical algorithms that are easy to calculate in one direction but difficult in the other. They are used to obtain a digital “fingerprint” that ensures the integrity of firmware before it is transported into the field. IoT Design Guide 2016
17
Edge 3. Digital signatures: Used to detect if a message was altered after it was signed, thus providing not only integrity but also authentication. These make use of public-key cryptography to generate a signature that can only be properly decrypted using the manufacturer’s public key. 4. Message authentication code (MAC): Similar to a digital signature except that it uses symmetric keys to encrypt and decrypt a hash generated by the manufacturer. If the hash value decrypted by the receiver matches the hash value calculated for the message, then the message is valid. In this way, MACs provide both authenticity and integrity. Some factors that influence the selection of cryptographic algorithms include performance requirements, the security needs of the system, memory footprint, energy consumption, and reliability and acceptance of the algorithm by the security
community (such as organizations like the National Institute of Standards and Technology (NIST)). In addition to cryptographic algorithms, protocol-level measures against threats such as firmware downgrading should be considered. As mentioned previously, firmware downgrading is an attack in which an older defective firmware image (encrypted or not) is re-sent to a device in order to revert it to a vulnerable state. A version check of both the firmware and keys can ensure that only new versions are programmed during an update. An attacker can also interrupt a firmware update process using several methods (power loss, physical connection failure, bits flipped during transmission, etc.). This can lead to a device executing an incomplete or invalid firmware image, rendering it useless or in a compromised state. In order to address this scenario, firmware update mechanisms need to ensure that an incomplete or corrupted image is not executed, and if necessary, should revert the system to a valid, previously used image.
Cryptographic bootloaders for connected embedded systems Firmware updates are typically handled by the device bootloader. A bootloader is a piece of code that resides on device memory and has the ability to reprogram the application memory space. However, finding or creating an embedded bootloader with the security required for network-connected systems can be challenging. For example, a system may need the ability to update cryptographic keys, so cryptographic functions and a bootloader protocol should support upgrading keys and increased network security during the firmware update process. The bootloader protocol should also accommodate verifying firmware update versions and packet tracking to check if all packets of a specific firmware update image were received. As discussed, the selection of a crypto graphic algorithm is critical because it not only sets the level of security of the system, but it also impacts its performance,
18
IoT Design Guide 2016
www.iotdesign.embedded-computing.com
FIGURE 3
MSP430FR5969 MCUs integrate a CryptoBootloader, as well as MPU/MPU-IPE modules and an AES-256 security co-processor.
memory footprint, and power consumption. With this in mind, AES-CCM represents an optimal solution for embedded bootloaders. AES-CCM is a cryptographic bootloader (Crypto-Bootloader) built on two cryptographic primitives: AES Counter Mode (AES-CTR) for encryption and cipher block chaining message
www.iotdesign.embedded-computing.com
authentication code (CBC-MAC) for integrity and authenticity verification. Due to the low overhead provided by AES-CCM, it provides a perfect balance between increased security and low memory footprint, high throughput, and efficient power consumption.
Crypto-Bootloader solution implemented on MSP430FR5969 devices encapsulates most of the security features and considerations outlined here (Figure 3).
The selection of an MCU implementing the bootloader should not be overlooked, either. Designers should consider MCUs with features like hardware encryption engines, a memory protection unit (MPU), low-power peripherals, and memory technologies that allow fast read/write cycles for increased throughput. The MSP430FR5969 MCU from Texas Instruments is an example of such an MCU that integrates an AES-256 co-processor to accelerate encryption algorithms, MPU and MPU-IP encapsulation (MPU-IPE) modules to enable increased protection and encapsulation of memory regions, as well as up to 64 KB of FRAM memory for high performance and ultra-low power consumption. The
In summary, increasingly network embedded products are creating the potential for advanced security threats, making in-field firmware updates more vulnerable to remote attacks and exploitations. Therefore, it is important for embedded designers to consider securing their firmware update mechanisms through solutions that provide the right level of security while balancing the cost, power, and performance constraints of IoT products.
Securing firmware for the Internet of Things
Bhargavi Nisarga is a Systems Engineer at Texas Instruments. Luis Reynoso is a Systems Applications Engineer at Texas Instruments.
IoT Design Guide 2016
19
Gateway
The IoT doesn’t need PoCs By David Smith
I have heard complaints from several Internet of Things (IoT) sales and business leaders about how proofs-of-concept (PoCs) are slowing them down. In some cases, they are just frustrated with how often they are told, “We need to do a PoC,” by a development team in response to a request to begin a new product or offering development. In other cases, they are frustrated with how the tools used for PoCs – development kits or Maker-ware devices like Arduino and Raspberry Pi – prevent them and their customers from deploying scalable solutions once the concept is proven. Here’s the thing: The IoT doesn’t need PoCs. I made this statement the other day in a product development team meeting and received looks of shock and disbelief. The company with whom I was working has customers asking for help solving a specific problem and we had a multi-disciplinary team reviewing the architecture for a solution. The looks I got said, “How can we begin a product development without a PoC?” The answer is easy when you consider the definition of a PoC. According to Wikipedia, “A proof of concept is a realization of a certain method or idea to demonstrate its feasibility, or a demonstration in principle, whose purpose is to verify that some concept or theory has the potential of being used. A proof of concept is usually small and may or may not be complete.” “Feasibility” is the key word here. Feasibility is the role of technology in the Innovation Venn diagram (Figure 1). Is the product technically feasible? Can we even make innovation function? For the most part, after nearly 15 cycles of Moore’s law and two generations of the Internet, this means, “Does the product violate the laws of physics?” Today, particularly in the IoT ecosystem, anything is feasible. Further, one could argue that if the product is a pure software or Internet play, it is by definition feasible.
20
IoT Design Guide 2016
The harder questions for new products today are the other two parts of the Innovation Venn: Is the product
Desirability (User)
Feasibility (Technology)
FIGURE 1
Viability (Business)
The Innovation Venn diagram encompases the feasibility, viability, and desirability of a product, of which viability and desirability are now the most important.
www.iotdesign.embedded-computing.com
MultiTech Systems www.multitech.com
“... WHEN A PRODUCT
PROOF-OF-CONCEPTS
DEVELOPMENT IS STARTED
• Can we make this work under any conditions?
WITH A POC AND USES MAKER TOOLS, THE DEVELOPMENT
address technology:
• Can we even sense this phenomena? • What new material or physiological understanding do we need?
PROCESS COMES TO HALT
PROTOTYPES
AFTER THE PROOF. THERE
• Will the user like this
IS NO CERTIFICATION PATH, NO MANUFACTURING SUPPLY CHAIN, AND NO ABILITY TO MEET USER EXPERIENCE CONSTRAINTS ...”
desirable? If so, at what price? Is the business viable? These are the tough questions facing new offerings today. There’s the rub. A PoC does nothing to address user desirability or business viability. A PoC only addresses technology. “You’ve just renamed the PoC as a prototype,” you say. But there’s a big difference between the two. In a PoC the developer is not constrained by manufacturing, costs, or user acceptance. The issue is simple: Can I make this offering work? Maker tools are excellent for this. This is one of the reasons, by the way, that when one looks for Maker products, most of the suppliers are targeting educational organizations. Education is about one example; one proof that something works; one PoC. A prototype, however, is the first iteration of the new product. A prototype is built to a product requirements document (PRD), and that PRD has manufacturing supply chain constraints, certification constraints, user experience needs, and cost expectations. One-off tools like Arduino or Raspberry Pi were not designed for these constraints. So when a product development is started with a PoC and uses Maker tools, the www.iotdesign.embedded-computing.com
TECHNOLOGY (Feasible)
address cross-overs: product experience? • Will the user pay enough for the business to work? • Can we afford the technology in the offering?
USER
(Desirable)
BUSINESS
PILOTS
(Viable)
address the sweet spot:
• Will adoption achieve business success?
• Are business model assumptions validated? • Will the users pay for the offering in an ongoing fashion?
FIGURE 2
The role of PoCs, prototypes, and pilots in the product development process.
EMOTIONAL INNOVATION • Brands • Marketing • Relationships
BUSINESS (Viability)
EXPERIENCE INNOVATION
DESIGN THINKING PEOPLE
(Desirability)
FUNCTIONAL INNOVATION
FIGURE 3
PROCESS INNOVATION TECHNOLOGY (Feasibiity)
Proof-of-innovation is replacing traditional notions of PoCs.
development process comes to halt after the proof. There is no certification path, no manufacturing supply chain, and no ability to meet user experience constraints – particularly where form factor is critical. The IoT has put a slightly different spin on the product development process because of the addition of an ongoing, user-supported experience. Business models depend upon ongoing revenue, so innovators have to address this need during development. This is the role of the pilot. The pilot puts the product, in a sales-ready format, into the hands of enough users, in context, to measure their adoption of, sustained use of, and willingness to pay for the product. Figure 2 outlines the roles of PoCs, prototypes, and pilots in the product development process. The fastest progression for product development for the IoT is PoC → Prototype(s) → Pilot → Product. The good news is that good suppliers of the IoT technology stack know that their offerings have to work in production, have to scale, and have to pass rigorous testing. IoT Design Guide 2016
21
Gateway They also know that they have to help product development teams move through prototyping to pilots quickly. The prototypes can get early user feedback and allow forecasts of costs. But the sweet spot of innovation is where users want the new product and are willing to pay a price that sustains the business. In the IoT, sustaining the business is complicated by recurring expense and revenue. This is where the pilot comes in. The pilot validates the product and the business model.
Sometimes small changes make a big difference. Switching your organization’s thinking from proof-of-concept to proofof-innovation is one of those changes.
PoCs are not bad, but they are not often necessary in business today. Perhaps the best example of this is a place where PoCs are the lifeblood of the company: Google X. Their mission is to make moon shots, learn from failure, and solve grand problems with approaches no one else is willing to try. If your mission is similar, then PoCs are great. If you are under pressure to grow and generate new forms of revenue using digital technology, beware the PoC.
1. Examples of the offering exist in either the lab or with competitors – Note that the example can be in other applications or markets. For example, self-driving cars moved immediately to prototypes because auto-piloted airplanes and drones provided the proof that the technology works for autonomous vehicle operations. 2. No new hardware is needed – If your new offering depends upon the integration or is a software application of data, then you are not doing a PoC. Your technology is feasible, it just may not be desirable or viable. 3. None of the questions to be answered by the PoC effort involve the laws of physics.
Three ways to tell you are wasting time with a PoC
Three things that make a good pilot 1. You have a sales-ready user experience – An IoT pilot not only has to measure user adoption, it also has to measure churn. Too much churn will defeat the business. To measure these characteristics with confidence across a statistically significant number of users, the product must have a sales-ready user experience. 2. The product is re-certification tested – Since the pilot product is not in fact sold, it does not have to be marked UL, CE, FCC, etc. But it better be ready to mark. As soon as the pilot validates adoption, churn, and price, the sales team is going want to see products shipping so you can’t go back and do another spin. Be ready. 3. The supply chain is solid and meets cost expectations – The pilot will measure user adoption at price so if it is successful, production will begin. Production will have to deliver on that price, so the supply chain must be solid. David Smith is Vice President of Engineering and Innovation at MultiTech Systems.
22
IoT Design Guide 2016
www.iotdesign.embedded-computing.com
Cloud
The IoT needs fog computing By Angelo Corsaro
As the Internet of Things (IoT) continues its rapid pace of growth, there’s been no shortage of inflated expectations. Platforms promising to ease the development, deployment, and management of IoT systems are now counted in the hundreds. You might believe that all you have to do is pick a platform you like the best, from the vendor you trust the most, and go build your IoT system. Well, the story is not so simple. In reality, nearly all of the IoT platforms available are designed to only support cloud-centric architectures. These platforms centralize the “intelligence” in the cloud and require data to be conveyed from the edge to do anything useful with it. Considering the success of this cloud-centric model in IT (and in some IoT applications like fleet management), you may wonder, what’s the big deal? Simply put, cloud-centric architectures aren’t applicable to a large class of IoT applications. Most notably, cloud-centric architectures fall short in supporting Industrial IoT (IIoT) systems and struggle with more demanding Consumer IoT (CIoT) applications. The scariest part is that the situation will only get worse with the predicted increase in the number of connected things. But there are some things more fundamental limiting cloud-centric architectures’ applicability for IoT systems.
õõ
Connectivity – Cloud-centric architectures assume that sufficient connectivity exists from the things to the cloud. This is necessary for collecting the data from the edge and for pushing insight or control actions from the cloud to the edge. Yet, connectivity
www.iotdesign.embedded-computing.com
õõ
õõ
is hard to guarantee for several IoT/IIoT applications, such as smart autonomous consumer and agricultural vehicles. As you can imagine, connectivity may be taken for granted in metropolitan areas, but not so much in rural areas. Bandwidth – Cloud-centric computing assumes that sufficient bandwidth exists to ingest the data from the edge into the data center. The challenge here is that several IIoT applications produce incredible volumes of data. For instance, a factory can easily produce a terabyte of data per day, and these numbers will only grow with the continued digitalization of factories. Latency – There’s a large class of IIoT systems for which the latency required to send data to the cloud, make decisions, and eventually send data toward the edge to act on these decisions may be completely incompatible with the dynamics of the underlying system. A key difference between IT and IoT/IIoT is that the latter deals with physical entities. As such, the reaction time must be compatible with the dynamics of the physical entity or process with which the application interacts. Failing to react with the proper latency can lead to system instability, infrastructure damage, or even put human operators at risk. IoT Design Guide 2016
23
Cloud
õõ
õõ
Cost – In the age of smartphones and very cheap data plans, most people assume that the cost of connectivity is negligible. The reality is quite different in IIoT due to either bandwidth requirements or connectivity points. While in consumer applications the individual person (the consumer) pays for connectivity, in most IoT/IIoT applications (such as smart grids) it’s the operator who foots the bill. As a result, cost is usually carefully accounted for as it has an impact on operating expense and consequently on operational costs and margins. Security – Finally, even assuming that all the above-listed issues are addressed, a large class of IoT/IIoT applications are not comfortable with, or are incapable due to regulation, of pushing their data to a cloud.
Unless you can guarantee that the connectivity, bandwidth, latency, cost, and security requirements of your application are compatible with a cloud-centric architecture, you need a different paradigm, and 99.9 percent of the IoT platforms available on the market are not of much use. Fog computing is emerging as the main paradigm to address the connectivity, bandwidth, latency, cost, and security challenges imposed by cloud-centric architectures. The main idea behind fog computing is to provide elastic compute, storage, and communication close to the things so that data needn’t be sent all the way to the cloud, or at least not all data and not all the time. And the infrastructure is designed ground-up to deal with cyber-physical systems (CPS) as opposed to IT systems. In other words, the infrastructure is designed to consider the constraints imposed by the interactions with the physical world in terms of latency, determinism, load balancing, and fault-tolerance.
Defining fog computing Two trends that are at the core of the IIoT revolution are softwarization and digital twins. Softwarization is a trend that is disrupting several industries. Its mantra is the replacement of specialized hardware implementations, such as a programmable logic controller (PLC) on an industrial floor, with software running in a virtualized environment. Digital twins, as the name hints, are a digital representation (computerized model) of a physical entity (such as a compressor or a turbine) that is animated through the live data coming from its physical brother or sister. Digital twins have several applications, such as monitoring, diagnostics, and prognostics. Additionally, Digital twins provide useful insights to R&D teams for improving next-generation designs, as well as continuously ameliorating the fidelity of their models. As softwarization transforms specialized hardware into software, it creates an opportunity for convergence and consolidation. If we take as an example soft PLCs (i.e., softwarized PLCs), all of a sudden they can be deployed on commodity hardware in a virtualized environment and decoupled from the I/O logic that can remain closer to the source of data. As a side note,
24
IoT Design Guide 2016
the general idea of softwarization applied to the factory floor is often referred to as software-defined machines or softwaredefined automation.
“UNLESS YOU CAN GUARANTEE THAT THE CONNECTIVITY, BANDWIDTH, LATENCY, COST, AND SECURITY REQUIREMENTS OF YOUR APPLICATION ARE COMPATIBLE WITH A CLOUD-CENTRIC ARCHITECTURE, YOU NEED A DIFFERENT PARADIGM ...”
As a result of softwarization and digital twins, there is an opportunity for modernizing the factory floor, consolidating its hardware, and improving availability, productivity, manageability, resilience to failure, and innovation agility. In essence, as a result of softwarization, there is the opportunity to manage these systems as a data center. As softwarization is a trend that is impacting a large class of industries, it is worth highlighting that the transformations described above, along with its benefits, are not just limited to industrial automation. But there is a catch: the large majority of these systems, whether in the industrial, transportation, or medical domains, are subject to the performance constraints previously discussed. These systems interact with the physical world and, as such, they need to react at the pace imposed by the physical entity with which they interact. As a consequence, while traditional cloud infrastructure would be functionally perfect to address these use cases, it turns out to be inadequate as it is typically not designed with these non-functional requirements in mind and is often too heavyweight. Cloud infrastructures were designed for IT systems in which a delay in the response time may create a bored or upset customer, but will not cause a robot arm to smash against a wall, another machine, or worse. Now it should be clear that fog computing is not just about applying distributed computing to the edge. Fog computing is about providing an infrastructure that, while virtualizing elastic compute, storage, and communication, is able to address the non-functional properties characteristic of these domains. Fog computing makes it possible to provision and manage softwarized hardware (e.g. a soft PLC, digital twins, analytics, and anything else that may need to run on the system) while ensuring the proper non-functional requirements and bringing all the benefits listed above in terms of convergence, manageability, availability, agility, and efficiency improvement. Fog computing provides a flexible infrastructure to provision, deploy, monitor, and manage software at the edge. This should clarify how just deploying some logic on an edge gateway isn’t fog computing, and neither is fog computing traditional distributed computing. www.iotdesign.embedded-computing.com
PrismTech
www.prismtech.com
@prismtech
www.linkedin.com/company/prismtech
Fluid computing: Unifying cloud, fog, and mist computing What is mist computing? As the name implies, mist is closer to the ground than fog, which in turn is closer to the ground than the cloud. But beside the meteorological analogies, what does this really mean? As you’ve probably guessed, this means that mist computing is about bringing elastic compute, storage, and communication directly onto the things. Thus, if we continue with the meteorological analogy, cloud infrastructure is high in the data center, fog infrastructure is between the things and the cloud, and mist infrastructure is simply the things. The goals of mist computing essentially are two: 1. Enabling resource harvesting by exploiting the computation, storage, and communication capabilities available on the things 2. Allowing arbitrary computations to be provisioned, deployed, managed, and monitored on the things As you can imagine, things in IoT applications are extremely heterogeneous in terms of platforms, resources, and connectivity. Thus, the main challenge for mist infrastructures is to be sufficiently lightweight to be able to establish a fabric that virtualizes compute, storage, and communication without consuming too many resources. If we look from a distance at a generic IoT/IIoT system, we will realize that from an infrastructural perspective, we will have to deal with data centers that are in a public or private cloud, edge infrastructure, and the actual things. IoT/IIoT systems will need to exploit resources that span these three tiers and provision, deploy, monitor, and manage applications and services across the tiers. On the other hand, if we look at the technological landscape, there is a complete fragmentation between the technologies used for cloud computing, fog computing, and the emerging mist computing. This fragmentation makes it difficult to establish a unified end-to-end perspective of the system, and it makes it practically impossible to treat the system as a uniform and virtualized compute, storage, and communication fabric. At this point the question is, “What can we do about it?” The first step toward addressing a problem is recognizing it. To this end, that means raising awareness about the challenges that this fragmentation may induce. The second step is to establish a vision of how the problem can be solved so that the industry can internalize it and, eventually, address it. Let’s focus for a moment on what would make sense for the user of an IoT/IIoT platform as opposed to the technical details of whether cloud, fog, or mist is the right answer. From a high-level perspective, why should a designer of an IoT/IIoT application care whether he or she will be using cloud, fog, or mist computing paradigms? The only thing that really matters is that the platform provides a way to provision, www.iotdesign.embedded-computing.com
www..facebook.com/prismtech
manage, and monitor applications in such a way that applications can meet their functional and non-functional requirements. The functional and non-functional requirements drive the allocation of applications on things, fog, or cloud layers – but anything else is just a detail, isn’t it? Fluid computing is an architectural principle based on the abstraction of the topological details of the computational infrastructure. Fluid architectures provide an end-to-end fabric that can be used to seamlessly provision, deploy, manage and monitor applications, regardless of whether the underlying resource is provided by the cloud infrastructure, the fog infrastructure, or by things. Fluid computing unifies under a single abstraction of cloud, fog, and mist computing. In other words, cloud, fog, and mist computing can be seen as application of fluid computing in a specific, bounded context. As the IoT/IIoT market evolves, expect a convergence of cloud, fog, and mist computing platforms toward a fluid computing platform. This convergence will be necessary, if not essential, to accelerate the adoption of IoT. Angelo Corsaro, PhD, is Chief Technology Officer of ADLINK and PrismTech.
EVENT
Industrial Internet of Things Forum 2016 Presented by electronica in cooperation with Embedded Computing Design In this forum we will discuss the hardware and software issues surrounding the IIoT and how they can be applied to your specific application. Presenters are experts in their field and will include coverage of wireless technologies, the current crop of microprocessors, and how industrial real-time operating systems can be used to implement security protocols to keep your data safe.
GO TO:
http://electronica.de/trade-fair/events/ forums/industrial-internet-of-things/
IoT Design Guide 2016
25
Market Spotlight: Security
CIA and TPM to secure the IoT? By Guenther Fischer
CIA, TPM and IoT: You might ask what these three acronyms have in common and how they relate to each other. To make a long story short, it is all about security, trust, and reliability.
The abbreviation CIA in this context does not mean the Central Intelligence Agency. It is an abbreviation for Confidentiality, Integrity, and Authenticity. The so-called CIA principle is a simple, but widely used, security model covering three key tenets that should be guaranteed by all secure systems.
õõ
õõ
Confidentiality is intended in the sense of hiding information from people not authorized to view it. It is perhaps the most obvious aspect of the CIA model when it comes to security. At the same time, it is also the one most under attack. Cryptographic symmetric and asymmetric encryption methods are examples of means to ensure confidentiality when transmitting data from one computer system to another. Integrity, on the other hand, represents the certainty that data is accurate and not changed on its journey from the original sender to the intended receiver. A common security attack, often called a man-in-the-middle attack, intercepts data and makes changes to it, before passing it on to the intended receiver. Cryptographic digital signature methods are one way to attest the integrity of code and data.
26
IoT Design Guide
õõ
In addition, authenticity is needed to address the concern about genuine information. In other words, you want to make sure the information you receive actually comes from the source that claims to be its genuine origin. Cryptographic digital certificates are used to prove the authenticity of the issuer.
Now that we understand why CIA is important for a secure system, let’s move to the third acronym: IoT. After many years of being an overhyped marketing term, the so-called Internet of Things (IoT) is starting to become mature and real. Mark Weiser created the term “ubiquitous computing” first in his famous Scientific American article “The Computer for the 21st Century”, published September 1991. His thinking was so ahead of his time that it seemed like science fiction to most of his readers. In 2016, his vision has become reality. Ubiquitous computing (or ubicomp for short) became today’s – perhaps overhyped – IoT. Weiser started his article, “The most profound technologies are those that disappear. They weave themselves into the fabric of www.embedded-computing.com/topics/iot
Wibu-Systems AG www.wibu.com
@WibuSystems
www.linkedin.com/company/ wibu-systems-ag
everyday life until they are indistinguishable from it.” He predicted that computing devices would become commonplace and part of all aspects of life, and he was right. Just consider, for example, the consumer gadgets like fitness bands, smart watches, smart phones, or navigation systems that send and receive data all day long. Or, consider the home, which is connected to a power grid where a smart meter allows the energy provider to effectively calculate the resources needed to cover the demand of all households. Interconnected computing devices are everywhere nowadays.
YOU TUBE
www.youtube.com/user/WibuSystemsAG
WASHINGTON POST
guenther.fischer@wibu.com
“‘Car hacking’ just got real: In experiment, hackers disable SUV on busy highway” is a recent headline by Michael Miller of the Washington Post.
“ATTACKERS OFTEN USE REVERSE ENGINEERING TECHNIQUES TO IDENTIFY SOFTWARE VULNERABILITIES, WHICH THEY CAN EXPLOIT TO CREATE COUNTERFEIT
ABC NEWS
David Morgan of ABC News described an attack on air traffic control systems in August.
PRODUCTS, STEAL SENSITIVE DATA, OR TAMPER WITH THE DEVICE FOR SABOTAGE AND ESPIONAGE PURPOSES. THIS CAN LEAD TO SERIOUS AND DANGEROUS HACKS ...”
Shifting focus to industrial applications, today’s business IoT applications are developed together, with devices and services coming from various sectors of industry: information technology, automation, and production technology, aerospace, maritime, and naval systems, railways, car manufacturers and their suppliers, energy providers, agricultural, medical technology, and building automation. All of those share characteristics, including long life in the field: reliability and robustness in harsh environments and reliable, long-term availability. IoT systems rely on public networks, but public networks are not secure environments. While IoT creates new capabilities and services, allows greater efficiencies, increases flexibility, and enables the customization of single production units, it also opens up previously closed systems and allows attackers to get access to those systems from the outside world.
Yahoo’s Dylan Stableford wrote on the concerns of a connected heart for former Vice President Dick Cheney.
NETWORK WORLD
YAHOO
Brandon Butler of Network World overviews last year’s theft of secret RSA keys in the Amazon cloud.
Attackers often use reverse engineering techniques to identify software vulnerabilities, which they can exploit to create counterfeit products, steal sensitive data, or tamper with the device for sabotage and espionage purposes. This can lead to serious and dangerous hacks, as recent attacks on safetycritical automotive, aerospace, and medical components have shown. This brings us back to the CIA principle we started with. The only way to avoid situations like those listed above is to apply www.iotdesign.embedded-computing.com
MOTHERBOARD
Motherboard contributor Joshua Kopstein illuminates the possibilities of data theft for non-connected systems. IoT Design Guide 2016
27
Market Spotlight: Security the CIA security model to the world of IoT devices. As we have learned, CIA is built around cryprograhic operations. Today’s modern cryprography leverages standard crypto protocols. The Dutch cryptographer Auguste Kerckhoffs stated a maxim in the 19th century that would become known as Kerckhoffs’ principle: A cryptosystem should be secure even if everything about the system, except for the key, is public knowledge. I repeat, everything is public knowledge except for the key, which is needed to encrypt and decrypt the content, either directly or in a derived form. So, how do you store a key in a secure manner? This brings me to the second acronym: TPM, the Trusted Platform Module. In the world of cryptography, there is a ton of other acronyms referring to the various protocols and methods that are used to ensure the CIA principle. To name just a few of them, you have DES, AES for symmetric cryptography and RSA, ECC for asymmetric cryptography. The list of acronyms goes on and on. The really important part, however, is that the algorithms themselves are typically not secret; they are publicly available, just as Kerckhoffs’ principle demands it. The only part that really needs to be kept secret is the key itself. This sounds simple, but it is pretty hard to achieve. To keep the key secret, you need a secure place like a safe, which we will call a secure element, to securely store the key. A TPM (Trusted Platform Module) is such a secure element, and it offers a lot more, including the crypto protocols.
In a nutshell, a TPM is a specialized and dedicated device that offers crypto operations and secure storage for secret keys, all in one. This allows you to store the key in a secure place and, even more importantly, it allows the key to stay there, so it never leaves its secure location. All important crypto operations are done inside of the TPM itself, and only the results are exposed. This prevents the key from getting compromised. In case you want to know why it is important to have this dedicated functionality separated in a dedicated device, I recommend you to read the following two articles. These should make it obvious how important it is to have a dedicated, secure element like a TPM inside a computing device to make it secure, trustable, and reliable. So how can incidents like these be prevented? Use technology that creates secured code and licenses that can be bound to a secure element in the target system, ensuring that the code and the licensed features can only be used on an individual system. License creation and deployment can be integrated into existing business processes, such as ERP systems or e-commerce platforms. This mechanism opens up new business models, such as feature-on-demand upselling and time-based or pay-per-use licenses for the IoT and other intelligent devices. The result is improved security from attacks, malware, theft, and other malfeasance for code and IP. Guenther Fischer is a Senior Licensing and Protection Consultant at Wibu-Systems. His specialty is cybersecurity applied to the IoT world.
EXECUTIVE SPEAKOUT
revolutionary end-node solutions
WWW.MICROCHIP.COM/NEWLORA7235
By Dave Richkas, Microchip Product Line Manager
The RN2483 and RN2903 are revolutionary end-node solutions that enable extremely long-range (up to 15 km), bidirectional communication with years of battery life for Internet of Things (IoT), Machine-to-Machine (M2M), smart city and industrial applications. The RN2483 is a fully certified LoRa® technology modem for the European 433/868 MHz bands, and the RN2903 modem is for the 915 MHz North American band. Both modems come with the LoRaWAN™ Class A protocol stack, so they can easily connect with the rapidly expanding infrastructure driven by the LoRa Alliance to create Low-Power Wide-Area Networks (LPWANs), both as privately managed scalable deployments or telecom-operated public networks with nationwide coverage. Due to the long range of LoRa technology, these modems are able to operate without repeaters, reducing the total cost of ownership. Additionally, both the RN2483 and RN2903 are fully certified which saves significant certification costs and reduces time to market.
28
IoT Design Guide 2016
www.iotdesign.embedded-computing.com
Page Advertiser
IoT Design Guide
Profile Index Category
31-32
ADLINK Technology, Inc. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Industrial
33
Advantech Embedded Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Industrial
34
ATP Electronics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Industrial
35
Avnet – IBM Watson . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Industrial
41
Avnet – Intel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MCUs & MPUs
44
Avnet – Microsoft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wireless, Cloud
43
Avnet – NXP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Smart Home
45
Avnet – Texas Instruments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wireless, Cloud
36
congatec inc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Industrial
32
Elma Electronic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Industrial
37
EMAC, Inc. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Industrial
38
IEI Technology USA Corp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Industrial
42
Lynx Software Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . RTOS & Tools, Security
30 NVIDIA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Dev Kits 42
Rohde & Schwarz GmbH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Sensors
46
Sierra Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wireless, Cloud
29
Skelmir LLC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IoT Platform
39
Wind River Systems, Inc. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Industrial
40
WinSystems, Inc. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Industrial
IoT Platform ®
Smart Home
Energy and Smart Cities
Vehicle & Fleet Management
Factory Automation
®
CEE-J® Virtual Machines, the ideal IoT Solution Platform Our scalable, efficient and fast performing CEE-J VMs matched with our more than 18 years of embedded engineering experience offer big advantages in building cost-effective, competitive solutions and driving subscriber revenue for our customers. Deployed worldwide in over 100 million embedded devices, CEE-J and the Skelmir team are a proven choice. We work with development teams to quickly add and customize APIs and optimize specific functions in the VM for their specific use cases and demanding IoT projects. Whether you’re building a proprietary or standards-based IoT solution in Java or OSGi, contact us for a free evaluation to experience the value our family of VM technologies and experienced engineering support can bring.
Skelmir LLC
ww.skelmir.com www.iotdesign.embedded-computing.com
Agriculture Automation
Security
Everyday things and more...
Building Management Telemedicine and Healthcare
FEATURES
ĄĄ Optimized performance (plus JIT options) and scalable memory
footprint for IoT hardware platforms (ARM, MIPS, x86, & PPC)
ĄĄ Manage critical hardware resources in a dynamic IoT environment
with Skelmir’s unique resource management APIs
ĄĄ Looking for OSGi? The VM is pre-integrated with leading OSGi
solutions reducing time to market, AND the cost of getting there
ĄĄ Flexible licensing, including world class support & free evaluations
sales@skelmir.com
iotdesign.embedded-computing.com/p365023
www.linkedin.com/company/skelmir-llc
+1 617.625.1551
IoT Design Guide 2015
29
IoT Design Guide
Dev Kits
NVIDIA® Jetson™ TX1 NVIDIA® has pioneered visual computing – the art and science of computer graphics – for more than 20 years. Now we’re bringing that experience to developers everywhere with the NVIDIA Jetson™ TX1 module. Get supercomputing power for your IoT applications through an embedded platform well-suited for both cloud and edge computing needs. NVIDIA Jetson TX1 harnesses the power of deep learning to drive breakthrough advances in artificial intelligence, video analytics, robotics, and more. NVIDIA Jetson TX1 | Supercomputer on a Module • Unmatched performance under 10W • Advanced tech for autonomous machines • Smaller than a credit card
FEATURES
Full-Featured Development Platform for Artificial Intelligence and Autonomous Machines
ĄĄ
NVIDIA Maxwell GPU with 256 NVIDIA CUDA Cores
ĄĄ
Quad-core ARM Cortex-A57 MPCore Processor
ĄĄ
4 GB LPDDR4 Memory
ĄĄ
16 GB eMMC 5.1 Flash Storage, SDIO, SATA
ĄĄ
Connects to 802.11ac Wi-Fi and Bluetooth-Enabled
The NVIDIA Jetson TX1 Developer Kit is a full-featured embedded platform for artificial intelligence and autonomous machines designed for edge-to-cloud computing. It’s ideal for IoT design professionals looking to develop and test highly advanced autonomous devices. Our credit card-sized Jetson TX1 module enables developers to harness the power of deep learning to create the next-generation of autonomous machines and intelligent devices. Its small footprint and low power consumption is geared for deployment onboard embedded systems with constrained size, weight, and power (SWaP), making it perfect for a wide range of IoT applications. This tiny supercomputer can solve some of the world’s biggest problems – ones that require intelligent machines. As the first embedded computer designed to process deep neural networks, the Jetson TX1 delivers 1 teraflops of performance and requires less than 10W of power. All of the hardware is supported through a comprehensive developer platform that includes the JetPack SDK, libraries, developer tools, design collateral, developer forum, training, tutorials and more. Deploy Deep Learning in IoT Applications
Jetson TX1 Module Specifications:
Devices ĄĄ
1 Gigabit Ethernet
ĄĄ
4K Video Encode/Decode
ĄĄ
Up to 6 Cameras MIPI CSI-2
ĄĄ
Measures 50mm x 87mm
ĄĄ
400 Pin Board-to-Board Connector Interface
ĄĄ
3x UART, 3x SPI, 4x I2C, 4x I2S, GPIOs
NVIDIA JetPack is a comprehensive SDK that includes system software, developer tools, libraries and APIs for AI/deep learning in autonomous machines and intelligent devices. JetPack makes it possible to deploy high-performance deep learning solutions to low power systems such as video analytics appliances, smart city infrastructure, robots, drones, and other embedded systems. Leverage the power of artificial intelligence, deep learning, and autonomous machines to take your IoT applications and deployments to new heights. The NVIDIA Jetson TX1 brings supercomputing power to an embedded platform that’s small and energy-efficient enough to solve the toughest problems wherever they are. Learn more about the Jetson TX1 Developer Kit and module on the NVIDIA Embedded Computing site, and start building a smarter Internet of Things today.
NVIDIA®
www.nvidia.com/object/embedded-systems.html
30
IoT Design Guide 2015
iotdesign.embedded-computing.com/p373802
embedded@nvidia.com @NVIDIATegra www.linkedin.com/company/nvidia
www.iotdesign.embedded-computing.com
Intelligent IoT Gateway Starter Kit The ADLINK Intelligent IoT Gateway Starter Kit provides a complete loT connection solution for reduced development time and quick deployment for every application environment. The loT Gateway Starter Kit includes ADLINK’s MXE-202i intelligent loT gateway, based on Intel® Atom™ E3826 processors, ADLINK’s EdgePro loT device & sensor management application, one light sensor and corresponding siren output, Modbus TCP module and accessories, utilizing industrial open standard protocols with security functions powered by Intel® loT Gateway Technology. The ADLINK EdgePro loT device & sensor management application was designed for compatibility with Intel® loT Gateway Technology, which integrates the Wind River Intelligent Device Platform® (lDP) XT and McAfee® Embedded Control to provide complete, pre-validated communication and security. EdgePro enables device and sensor management for plug-in(s) for field protocols including ZigBee (Home Automation Profile) and commonly adopted fieldbus Modbus TCP for industrial automation, all easily configured with sensors or 1/0 nodes. Interaction across devices/sensors is accomplished by an Event Execution Engine. A user-friendly web-based dashboard allows remote monitoring of status and actuator control, with RESTFul web-service APIs. In addition, EdgePro enables simple configuration of reliable and secure connectivity with Amazon Web Services (AWS) and Windows Azure Cloud. The ADLINK MXE-202i gateway’s sturdy aluminum housing withstands industrial grade EMI/EMS to an EN 61000-6-4, 61000-6-2 specification, and is fully operable under harsh conditions. The MXE202i provides two GbE LAN, two COM, two USB 2.0 and one USB 3.0 host ports, four optional isolated Dl and four isolated DO dual mini PCie slots with one mSATA support and USIM socket support communication with connections such as Wi-Fi, Bluetooth, and 3G cellular, to ensure interoperability between systems and maximize industrial connectivity for a wide variety of application requirements.
FEATURES Provides a complete IoT connection solution for accelerated IoT application development ĄĄ Easy configuration with user-friendly administrator interface and dashboards ĄĄ Built-in ADLINK SEMA & SEMA Cloud remote management solution ĄĄ Intelligent IoT Gateway Starter Kit packing list includes: • MXE-202i with dual-core Intel® Atom™ SoC processor E3826 IoT gateway on Wind River® IDP XT 2.0 + 8GB SD card • Preloaded ADLINK EdgePro IoT device & sensor management application • 40W AC/DC adapter • WiFi/BT kit (pre-installed) • ZigBee/802.15.4 module USB adapter, Zigbee wireless light sensor & wireless siren • Modbus RTU module • Rotary control, LED array & Ethernet cable ĄĄ
SEMA® & SEMA Cloud® The MXE-202i includes ADLINK's proprietary SEMA application for quick setup of remote device management through SEMA Cloud, enabling monitoring and collection of system health and status information. By combining SEMA intelligent middleware with cloud connectivity, ADLINK enables edge-to-cloud-to-end application capabilities without additional design requirements. Pushing data to the cloud enables operators to verify, monitor, and control system performance from a single, central location – improving reliability and reducing management costs.
SEMA Cloud is comprised of a cloud server architecture hosting the SEMA Cloud IoT Service, which can be administered by a webbased Management Portal and is provided to customers as a platform as a service (PaaS). It includes gateway software with an IoT stack on top of SEMA middleware, enabling embedded devices to connect securely to the cloud using state-of-the-art encryption technologies without additional design requirements. iotdesign.embedded-computing.com/p373785
ADLINK Technology
www.adlinktech.com www.iotdesign.embedded-computing.com
info@adlinktech.com www.linkedin.com/company/adlink-technology
800-966-5200 ADLINKTech_USA
IoT Design Guide 2015
31
IoT Design Guide
Industrial
IoT Design Guide
Industrial
IMT-BT Industrial Tablet The IMT-BT is an industrial, rugged mobile tablet, integrating the dualcore Intel® Celeron® processor N2807 for high performance computing power. Built-in WLAN or optional WWAN connectivity enables the IMT-BT to easily access information from a wide variety of industrial and commercial settings. An IP65 rating and 1.5 meter drop resistance (with optional rubber housing) support significantly ruggedized construction to withstand the most demanding environments. The IMT-BT holds its own next to consumer tablets, with a 10.1" capacitive touchscreen and built-in megapixel cameras on the front and rear. The display is protected by ultra-strong Gorilla Glass, making it virtually impervious to damage, able to flex when dropped without shattering or scratching. The IMT-BT supports 802.11 a/b/g/n/ac for maximum wireless speed. The data-only modem accommodates optional high-speed 3.5G HSPA+ or 4G LTE cellular connections. In office or outside, WLAN and WWAN connectivity support speedy reception and processing, and sunlight readability allows easy viewing in the field. The tablet is also equipped with an NFC reader/writer and supports recognition of RFID tags (13.56 MHz). A SAM (Secure Access Module) is standard, enabling communication of encrypted data for applications requiring higher levels of security.
ADLINK Technology
www.adlinktech.com
FEATURES ĄĄ Dual-core Intel® Celeron® N2807 SoC @ 1.58GHz ĄĄ Operating Systems: Windows Embedded 8.1 & Android 4.4.2 ĄĄ 10.1 sunlight readable display, capacitive touchscreen; GPS,
E-compass, G-sensor
ĄĄ Wireless Connectivity: WLAN: IEEE 802.11 a/b/g/n/ac; WPAN:
Bluetooth 4.0; WWAN (optional): 3.5G HSPA+, 4G LTE ĄĄ Data Capture: HF 13.56MHz NFC RFID, SAM encryption supported ĄĄ IP65 rating and 1.5m drop resistance (with optional protective rubber housing) ĄĄ Optional Accessories: protective rubber housing, vehicle dock and office dock iotdesign.embedded-computing.com/p373779
info@adlinktech.com
www.linkedin.com/company/adlink-technology
800-966-5200 @ADLINKTech_usa
Industrial
Guardbox 33 Shape, size and aesthetic appeal are keen considerations in electronic packaging for equipment supporting IoT applications. Our Guardbox 33 custom and standard enclosures come in three standard widths and overall six sizes to meet many different requirements. The product family represents just one example of many electronic equipment enclosures designed and built by Elma over the last 30 years. These vibrationresistant cases feature rugged construction, ease of assembly and they enable ease of serviceability. The compact case is ideally suited for test and measurement instruments, as well as drive modules for control systems and many other uses. Choose from custom designed front and rear panels for your exact connector requirements plus beveled edges for a clean finished look and then set your OEM product apart with your own logo. We apply a wide variety of finishing methods including anodized digital printing, silk screening and laser etching in low to high volume runs. You may choose to work with our team of experienced designers for a new look or we can work to print from your existing design. Regardless of where your IoT application takes you, chances are Elma has an enclosure ready to meet the requirement.
Elma Electronic, Inc. www.elma.com
32
IoT Design Guide 2015
FEATURES ĄĄ Sturdy two piece extruded aluminum construction ĄĄ EMC gasketing options ĄĄ Durable finish for lasting protection and aesthetic appeal ĄĄ Optional mounting feet and handles for lab applications and easy
transport
ĄĄ Mounting for standard and custom board sizes ĄĄ Custom designs for your OEM product offering ĄĄ Light weight designs for weight sensitive installations
sales@elma.com
iotdesign.embedded-computing.com/p373788
510-656-3400
https://www.linkedin.com/company/elma-electronic
@elma_electronic
www.iotdesign.embedded-computing.com
Advantech IoT Gateway – ARK-1123H-3S53 This powerful and complete IoT gateway starter kit empowers your IoT project with a reliable platform and open gateway technologies. The package includes a ready-to-run fanless automation system (Intel® Celeron® J1900 platform and Windows® 7 Embedded), IoT platform software, development kit, and technical support service. Also included is Microsoft® Azure® service integration. With the Advantech IoT Gateway Starter Kit, you can build your own IoT applications quickly and efficiently. For Industrial Equipment Manufacturing • Connect your things to enable data acquisition, device management, and analytic intelligence that create new business value. For System Integrators • Enable your projects to integrate all devices and systems quickly and efficiently to work together in a reliable platform. For IoT Developers • Empower your applications to create innovations and practices that discover more business opportunities. Pre-Integrated Software Capability WISE-PaaS/RMM Device Management • Remote monitor and control (Power, KVM) • Devices/Groups/Map view device management • Device event history Data Flow Logic Designer • IBM® Node-RED flow design tool • Drag and drop plug-in nodes • Integrated WISE-PaaS/RMM function nodes Data Storage • Relational DB (PostgreSQL) for device and account management • NoSQL DB (Mongo DB) for big sensor data • Redundant server to provide data and service Dashboard Builder • Supports Google Maps, gauge, spark line, and c • Multiple format data source supported • Supports Websocket data stream and JSON content
FEATURES ĄĄ ĄĄ
ĄĄ
ĄĄ
ĄĄ
ĄĄ ĄĄ
Data Acquisition & Transition WISE-Agent Included in WISE-PaaS/RMM, WISE-Agent software framework enables seamless connectivity from across pervasive sensor devices, data flow, and IoT cloud, such as Microsoft Azure. WISE-Agent SDK includes data handler, protocol connector, and device monitoring for communication security. Data Handler • WISE-Agent’s dynamic data collection module • Plug the needed handler into different usage scenarios • Provides handler sample code for RS-232/485, Modbus-TCP/RTU, GPS Protocol Connector • IoT standard M2M protocol, such as MQTT • Small code footprint • Publish-Subscribe structure to provide one-to-many message sharing Device Monitoring • Hardware monitoring: CPU temperature, fan speed, voltage • Software monitoring: CPU/memory usage and process status • Distributed threshold-based detection and alerts
ĄĄ
ĄĄ
Built-in Intel® Celeron® J1900 Quad Core 2.0GHz SoC Supports up to 8GB DDR3L memory and 2.5" SATA and mSATA slot Anti-Vibration Certification: IEC 60068-2-64, Shock Protection Certification: IEC 60068-2-27. Dimensions: palm-sized 5.27" x 1.7" x 3.71" (133.8 x 43.1 x 94.2 mm) Wireless expansion capability via Mini PCIe x 1 and has Gigabit Ethernet x 2 Supports a wide operating temperature from -20 to 70 °C Pre-integrated remote monitoring and device management software for control and security. Supports up to 1,000 device connections. Supports RESTful API web service & WISE Agent framework for cross-platform connectivity and integration, which utilizes standard IoT Protocol, MQTT. Technical Support: 3 hours of online consulting and IoT Developer Forum for FAQ and software design tools. Online forum: When you join the IoT Developer forum, you will receive the latest versions of software resources and video training courses.
Simplify your IoT deployment with the Advantech Gateway Starter Kit.
Advantech
http://buy.advantech.com www.iotdesign.embedded-computing.com
Buy@Advantech.com
For additional IoT gateways and solutions visit us at Buy.advantech.om/go/IoTGateway iotdesign.embedded-computing.com/p373587
https://www.linkedin.com/company/162304
888-576-9668 Advantech_USA
IoT Design Guide 2015
33
IoT Design Guide
Industrial
IoT Design Guide
Industrial
www.atpinc.com SATA III SSDs for Industry 4.0 Solutions Key Differentiation – Synergy Adopting state-of-the-art technologies, ATP integrates hardware, firmware, and software together with stringent validation processes to achieve “1 + 1 > 2” and accomplish “Preventing, Reporting, Analyzing” mechanisms.
Why ATP SATA III SSDs? More than Quality! “Synergy” is greater than the simple sum of individual effects to accomplish customers’ real demands
Analysis Using data logging on abnormal events to effectively trace/analyze and identify root causes for further product fine-tuning and feature enhancements.
• Industrial grade reliability, longevity, and service • Robust error handling and reporting mechanism
Prevention Combining ATP’s advanced technologies with in-depth understanding of NAND Flash know-how to address practical application issues, such as unstable power supply, small file size programming, and frequent reads.
Validation Based on customers’ host system working environment, use behaviors, and workloads, ATP offers tailored testing criteria and rigorous testing scripts to fulfill customers’ requirements.
Report SMART Tool with pre-defined errors, and a unique firmware algorithm are used as early warning mechanisms for customers’ real-time responses.
00 https://www.linkedin.com/company/atp-electronics https://www.youtube.com/c/atpincelectronics https://plus.google.com/+Atpincelectronics iotdesign.embedded-computing.com/p373786
ATP Electronics, Inc. www.atpinc.com
34
IoT Design Guide 2015
sales@atpinc.com 408-732-5000
www.iotdesign.embedded-computing.com
Industrial IoT Starter Kit The Avnet MicroZed Industrial IoT Starter Kit supports designers’ edge-to-cloud development of Internetconnected solutions and includes all the necessary building blocks for developing a production-ready, IoT-enabled, industrial processing system. The platform FEATURES is based on Avnet’s MicroZed™ system-on-module ĄĄ Cloud enabled (SoM) with Zynq®-7000 All Programmable SoC from • Exchange data securely with applications on IBM Bluemix via IBM Watson IoT Platform Xilinx and pluggable sensor solutions from Maxim Integrated and ST Microelectronics. The kit integrates ĄĄ Production ready, MicroZed 7010 SOM • Based on Xilinx Zynq-7000 SoC with IBM Watson IoT™ Platform on top of a custom– Dual ARM© Cortex™-A9 processing system – FPGA logic configured, certified image of the Wind River® Pulsar™ ĄĄ Expandable development platform Linux operating system. The provided out-of-box • R3 Arduino-compatible shield expansion slot • Two 2x6 peripheral module expansion slots example design uses a standard MQTT messaging • Additional user header providing access to SPI, I2C, protocol to communicate with Watson IoT, which UART, and GPIO on MicroZed enables registered, secure connection to additional ĄĄ Pluggable sensor options • ST Microelectronics motion MEMS and environmental cloud services and applications, including the IBM sensor shield Bluemix® portfolio. Bluemix provides a rich palette of – Connects to shield site • Six I2C based sensor solutions composable services to rapidly enhance IoT solutions • 3-axis accelerometer + 3-axis gyroscope with cognitive capabilities. • 3-axis magnetometer
• Humidity and temperature • Pressure • Maxim Integrated thermocouple-to-digital peripheral module – Connects to 2x6 peripheral module – SPI-based interface – Able to measure temperatures from -270°C to +1800°C – Includes K-type thermocouple
See more at: products.avnet.com/ema/iot/ibm ĄĄ
ĄĄ
Linux enabled • Runs Wind River Pulsar Linux • Eases application development • Certified binary image Connectivity • 10/100/1000 Ethernet Port • Optional WILINK8 WiFi/BLE add-on iotdesign.embedded-computing.com/p373796
Avnet, Inc.
http://products.avnet.com www.iotdesign.embedded-computing.com
technical.support@avnet.com ĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄ www.twitter.com/avnetdesignwire 480-643-2000 www.linkedin.com/company/avnet-electronics-marketing
IoT Design Guide 2015
35
IoT Design Guide
Industrial
IoT Design Guide
Industrial
IoT Gateway congatec introduces a flexible IoT gateway platform that is application ready and easily customizable for rapid field deployment. The IoT gateway offers extreme levels of flexibility in terms of processing performance and software integration, is able to host up to 8 wireless antennas that can be connected to 3 mini PCI Express slots and 6 internal USB based slots for wireless and wired connectivity modules. Customized system designs are also possible upon request. OEMs utilizing the IoT gateway benefit from a pre-configured, precertified IoT gateway that can easily connect a wide range of heterogeneous sensors and systems to cloud-based services. Target uses include Industrial Internet of Things (IIoT) applications such as smart cities, connected homes and vehicles, digital signage systems and other IoT applications. The wireless connectivity of the IoT gateway is extremely scalable: 6 internal USB ports and 3 mini PCIe slots are available and able to support LTE 3GPP modems, 2x WI-FI, 2x LAN with PoE and PROFINET features, low power BlueTooth (BTLE) and 6LoWPAN. Other low power wide area networks including LORA, 3GPP, LTE-MTC, Sigfox or UNB can be supported upon customer request. In order to deliver optimal and rapid IoT gateway designs, the hardware platform was developed to support scalable computing performance utilizing Qseven modules, which range from the NXP single-core i.MX6 processor up to a quad core Intel® Pentium® CPU. The gateway also supports the upcoming next generation of Intel® Atom™ processors for deployment in emerging IoT gateway and edge computing application scenarios, up to and including high availability fog computing systems. The large and fast growing IoT market is well served by congatec’s traditional embedded computer boards and module products, but OEMs are increasingly demanding IoT gateways that are complete, application-ready platforms. To meet this growing need, the IoT gateway was designed as a highly flexible and configurable gateway that can be optimized to meet a wide variety of specific application demands. As well as the engineering and production of optimized IoT solutions, congatec‘s embedded design and manufacturing service also includes certification services, an increasingly essential element of deploying wireless technologies and edge devices that connect to carrier grade infrastructures.
congatec
www.congatec.us
36
IoT Design Guide 2015
FEATURES ĄĄ
ĄĄ
ĄĄ
ĄĄ
ĄĄ
Scalable computing performance utilizing Qseven modules, which range from the NXP single-core i.MX6 processor up to a quad core Intel® Pentium® CPU Mount up to 8 antennas supporting multiple wireless standards in parallel, while enhancing signal quality by utilizing antenna diversity 6 internal USB ports and 3 mini PCIe slots are available and able to support LTE 3GPP modems, 2x WI-FI, 2x LAN with PoE and PROFINET features, low power BlueTooth (BTLE) and 6LoWPAN The embedded board support packages cover all major operating systems – including Windows 10 IoT – to enable easier software integration The congatec feature set enables secure boot, management of Multi-Master I²C Bus, Multi Stage Watchdog, non-volatile User Data Storage, Manufacturing and Board Information, Board Statistics, as well as Power Loss Control
sales-us@congatec.com www.linkedin.com/company/congatec-ag
iotdesign.embedded-computing.com/p373787
858-457-2600 twitter.com/congatecAG
www.iotdesign.embedded-computing.com
MitiPy™ Low Power Industrial IoT The MitiPy™ Industrial IoT microcontroller was created to simplify connecting devices and machines to the multitude of systems you find in the Industrial environment. EMAC Inc. has created an easy to use, cost effective industrial board that can be implemented anywhere from the factory floor to an offsite remote location. The MitiPy™ IoT board provides inputs for sensor integration, legacy serial communication, mesh networking, cell modem, Wi-Fi and Bluetooth communication. The MitiPy™ runs MicroPython, offering the perfect blend of power and flexibility. The MitiPy is a perfect fit for OEMs manufacturers and machine builders looking to add Industrial IoT functionality to new and existing product lines. OEM & Qty pricing available on request.
FEATURES ĄĄ STM32F407IGH6 ARM Cortex-M4 168 MHz ĄĄ 192 KB of SRAM, Up to 1MB of Flash ĄĄĄĄ 16x GPIO (8x External & 8x High Drive), 4x Serial Ports, 2x USB,
SDIO, A/D, SPI, I2C & CAN
ĄĄ 1x 100 BaseT Ethernet (Standard), POE (Optional) ĄĄ Industrial Temperature of -40° - +85° C ĄĄ Optional Wifi, Bluetooth, Cell Modem w/GPS, 6LoWPAN iotdesign.embedded-computing.com/p373789
EMAC, Inc.
http://www.emacinc.com/products/pc_compatible_sbcs/IOT-F407M
info@emacinc.com
618-529-4525
https://www.linkedin.com/company/emac-inc-
Industrial
SoM-iMX6U UltraLite ARM System on Module Designed and manufactured in the USA, the SoM-iMX6U is an ultra-low power ARM System on Module (SoM) designed to plug into an EMAC carrier board that contains all the connectors and I/O required or Customer designed for a system. The SoM-iMX6U is based on the Freescale/NXP i.MX6 UltraLite Cortex-A7 processor. A SoM is a small embedded module that contains the core of a microprocessor system. The SoM-iMX6U is an industrial temperature, ultra-low power 528 MHz module with 4GB of eMMC Flash, 8MB of serial data flash, and 512MB of LP DDR2 RAM. The module has 10/100 BaseT Ethernet, 4x serial ports, GPIO & A/D. The recommended development/carrier board is the SoM-150 carrier board. Pricing as low as $65.
EMAC, Inc.
FEATURES ĄĄ Freescale/NXP i.MX6 UltraLite (MCIMX6G1) Cortex A7 528Mhz ĄĄĄĄ 512 MB of LP DDR2 RAM, 4 GB of eMMC Flash, 8MB of Serial
Data Flash
ĄĄ 1x 10/100 BaseT Ethernet 1x SPI, 1x I2C, 1x I2S & 1x CAN ĄĄĄĄ 22x GPIO, 2x USB 2.0 High Speed Host, 1x USB 2.0 High
Speed OTG (Host Device) ports, 4x serial ports ĄĄ Industrial Temperature -40° to + 85° C ĄĄ APM ~5mA Sleep
http://www.emacinc.com/products/system_on_module/SoM-IMX6U www.iotdesign.embedded-computing.com
iotdesign.embedded-computing.com/p373790
info@emacinc.com
618-529-4525
https://www.linkedin.com/company/emac-incIoT Design Guide 2015
37
IoT Design Guide
Industrial
IoT Design Guide
Industrial
TANK-860-QGW
FEATURES
IEI’s new generation smart fan-less embedded
ĄĄ
Three-in-one virtualized application
computer has an ultra-rugged design that allows
ĄĄ
Remote monitoring & multi-server management
ĄĄ
Data center and backup
TANK-860-QGW supports the QTS Gateway
ĄĄ
Data security
operating system allowing you to easily monitor
ĄĄ
Surveillance station
the system status. Diverse application programs
ĄĄ
myQNAPcloud – Exceed LAN restrictions for
stable operation even in the worst environments; it is not only quiet but also safe. The
easy remote updates
can also be downloaded to satisfy different application needs.
ĄĄ
Create your IIoT solution with QTS Gateway
iotdesign.embedded-computing.com/p373801
IEI Technology USA Corp ieiworld.com
38
IoT Design Guide 2015
marketing@usa.ieiworld.com
909-595-2819
www.linkedin.com/company/iei-technology-corp/
@ieiworld
www.iotdesign.embedded-computing.com
™
AN INTEL COMPANY
Wind River® Helix™ Device Cloud
FEATURES
The Answer to Your Device Lifecycle Management Challenges
ĄĄ
With the proliferation of connected devices in the Internet of Things (IoT), the ability to deploy, monitor, manage, service, update, and decommission those devices is essential. Wind River® Helix™ Device Cloud makes it possible. An IoT device management platform, Device Cloud connects machines and devices, manages and collects machine-generated data, and enables you to quickly and securely improve operational efficiencies. With Device Cloud, build device management capabilities right into your IoT infrastructure to meet the challenges associated with device lifecycle management and reduce the complexities of building and operating large-scale device deployments. Your organization can lower development costs, accelerate deployment timelines, and free resources up to work on features specific to your business needs. Device Cloud solves the problem of connecting and managing devices remotely. It automatically collects and integrates data from hundreds or thousands of disparate devices, machines, and systems, enabling your operators to track device status and content, share data, and proactively determine when updates are needed.
Keep mission-critical IoT devices fully operational, with immediate notification of issues
ĄĄ
Secure two-way connectivity to enable remote diagnostics and remotely repair devices
ĄĄ
Upgrade new devices when first activated in the field and push new updates out as released
ĄĄ
Manage the inventory of device configurations and software to stay on top of all field assets
ĄĄ
Integrate with other enterprise systems to monitor and share device status
iotdesign.embedded-computing.com/p373803
Wind River
www.windriver.com www.iotdesign.embedded-computing.com
marketing@windriver.com Wind River
800-545-WIND @windriver
IoT Design Guide 2015
39
IoT Design Guide
Industrial
IoT Design Guide
Industrial
SBC35-C398Q – Quad-Core Single Board Computer
WinSystems’ SBC35-C398Q quad-core single board computer combines high performance with a rich mix of industrial I/O. The Freescale i.MX 6Q processor’s integrated power management provides excellent efficiency and allows operation from -40° to +85°C without active cooling. It is designed for demanding graphical applications in security, transportation, medical, and digital signage. The SBC35-C398 series is positioned perfectly for data acquisition functions for rugged industrial IoT applications.
FEATURES ĄĄ
Freescale® i.MX 6Q Cortex A9 Industrial ARM CPU @ 800 MHz
ĄĄ
Gigabit Ethernet with IEEE-1588™
ĄĄ
Six USB 2.0 ports and one USB On-The-Go Port
ĄĄ
Two CAN Bus ports, Five High Speed Serial ports
ĄĄ
24 lines GPIO tolerant up to 30 VDC
ĄĄ
Wide range DC or Power over Ethernet (PoE) PD Power Input
ĄĄ
MiniPCIe and IO60 expansion iotdesign.embedded-computing.com/p373794 sales@winsystems.com 817-274-7553
WinSystems, Inc.
http://www.winsystems.com/product/sbc35-c398q-2-0/
Industrial
SYS-405D – Rugged Industrial Computer with Expansion
The SYS-405D is a rugged, industrial system capable of operating at extended temperatures without requiring a fan or heat-pipe. The SYS-405D is based on the dual-core Intel® Atom™ E3827 processor and protected by a rugged enclosure. The SYS-405D includes dual Ethernet, dual MiniPCIe, USB 3.0, serial ports with RS-232/422/485 and two independent displays via DisplayPort, and/or Analog VGA. The flexible expansion options enable the SYS-405 series to perform data acquisition functions and edge processing for demanding industrial IoT applications.
FEATURES ĄĄ
Intel® Dual-Core Processor (Bay Trail) Atom E3827
ĄĄ
Two 10/100/1000 Ethernet (Intel I210)
ĄĄ
Two serial ports (RS-232/422/485)
ĄĄ
Four USB ports (1x USB 3.0 and 3x USB 2.0)
ĄĄ
Bus Expansion – Two MiniPCIe (one with mSATA)
ĄĄ
Bus Expansion – IO60 (SPI, I2C, PWM and UART)
ĄĄ
Wide range +10 to +50V DC input iotdesign.embedded-computing.com/p373795
WinSystems, Inc.
http://www.winsystems.com/product/sys-405d/
40
IoT Design Guide 2015
sales@winsystems.com 817-274-7553
www.iotdesign.embedded-computing.com
Intel® Quark™ Microcontroller Developer Kit D2000 The Intel® Quark™ Microcontroller Developer Kit D2000 consists of a small form-factor board which contains among other things flash storage, a 6-axis compass/ accelerometer with temperature sensor, an Arduino-Uno compatible shield interface and a booster-pack compatible shield interface. A USB connection enables programming and debugging (JTAG) of the development
FEATURES ĄĄ
platform. The software tool chain for the development platform is provided by Intel® System Studio for microcontrollers, which is an Eclipse-based* IDE for develop-
ĄĄ
ing, optimizing and debugging applications. Features include the GNU compiler collection (GCC), Intel® Integrated Performance Primitives for microcontrollers, the board support package for the Intel® Quark™
ĄĄ
Microcontroller Software Interface (Intel® QMSI) and sample applications. ĄĄ
See more at: products.avnet.com/ema/iot/intel
Integrated Security Features Extends excellent security to the device with softwareand hardware-based features to help protect your data. Bring Intelligence to the Edge The kit works with other Intel-based systems and simplifies integration of edge products into end-to-end Internet of Things (IoT) architectures. Faster Time to Market Simplifies design and reduces bill of materials (BOM) by minimizing external components required on the platform. Tremendous Flexibility Uses a single DC power source with an operating range of 2.0 to 3.3 volts, and supports serial interfaces typically seen on sensors, wireless modules, flash devices, and EEPROMs.
iotdesign.embedded-computing.com/p373797
Avnet, Inc.
http://products.avnet.com www.iotdesign.embedded-computing.com
technical.support@avnet.com ĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄ www.twitter.com/avnetdesignwire 480-643-2000 www.linkedin.com/company/avnet-electronics-marketing
IoT Design Guide 2015
41
IoT Design Guide
MCUs and MPUs
IoT Design Guide
RTOS and Tools, Security
LynxSecure Separation Kernel Hypervisor LynxSecure is an embedded high performance Separation Kernel Hypervisor. LynxSecure provides bare-metal virtualization and robust partitioning capabilities to support the most stringent security and safety requirements found in military, avionics, automotive, medical, and industrial systems. LynxSecure features a portable and customizable architecture that gives OEM developers the transparency and control over computing platforms to build real-time, robust, high availability solutions and deploy over a vast selection of computing platforms. Originally designed and developed to meet the exacting security needs of the Department of Defense (DoD) and deterministic requirements of the avionics community, LynxSecure provides the ability to concurrently run general purpose and real-time operating systems on a single computing platform. LynxSecure is packaged with development and configuration tools that offer real-time and granular control over hardware platform resources for managing guest OS resource allocation, execution scheduling, and intercommunication. With support for multi-process, multithreaded, and multi-core environments, LynxSecure easily scales from small embedded systems to large enterprise deployments.
Lynx Software Technologies www.lynx.com
FEATURES ĄĄ
Full Guest OS Virtualization
ĄĄ
Trusted Application Protection
ĄĄ
Multi-channel Network Isolation
ĄĄ
Safety & Security Application Partitioning
ĄĄ
Multi-core Processing
ĄĄ
Real-time Execution Control
ĄĄ
High Assurance Safety & Security Certification Design Artifact Support iotdesign.embedded-computing.com/p373781
inside@lynx.com
408-979-3900
www.linkedin.com/company/lynxsoftwaretechnologies
@lynxsoftware Sensors
Rohde & Schwarz: Your partner in IoT testing The Internet of Things (IoT) is quickly becoming an invisible – and indispensable – part of everyday life. Information passing between electronic devices without human intervention ranges from health and fitness data at the personal level to monitoring the performance and reliability of large motors in factories. Because IoT devices function independent of human monitoring, performance expectations must be extremely high. Reliability, quality of experience (QoE), longtime availability and flawless wireless connectivity are all critically important.
FEATURES
Testing end-to-end communications behavior of machine-to-machine (M2M) devices through the entire product lifecycle is so important that it has become specialty in itself.
ĄĄ
Smart Homes and Buildings
ĄĄ
Wearables and Smart Fabrics
ĄĄ
Healthcare
As a leader in wireless testing, Rohde & Schwarz has the expertise to bring IoT applications to market as quickly as possible – with the highest quality and performance.
ĄĄ
Telematics
ĄĄ
Smart Cities
ĄĄ
Smart Factories
For more information click here.
Rohde & Schwarz GmbH & Co. KG www.rohde-schwarz.com
42
IoT Design Guide 2015
iotdesign.embedded-computing.com/p373792
customersupport@rohde-schwarz.com Tel: +49 89 4129 12345
www.iotdesign.embedded-computing.com
NXP® Freedom Development Platform for Kinetis® KW2x MCUs The FRDM-KW24D512 is a development platform based on the MKW24D512 Kinetis® W Series microcontroller and is enabled by software support for Thread, ZigBee Pro, 802.15.4 MAC, SMAC and Kinetis Software Development FEATURES Kit (SDK). The FRDM-KW24D512 kit contains two boards, ĄĄ Supports MKW24D512 Kinetis® microcontroller enabling point-to-point out of the box connectivity. (up to 50 MHz Cortex-M4 MCU, 512 KB Flash) Kinetis MKW24D512 MCU is a low-power, compact integrated device consisting of a high-performance 2.4 GHz IEEE 802.15.4 compliant radio transceiver and a powerful ARM® Cortex®-M4 core system with connectivity and precision mixed-signal analog peripherals. FRDM-KW24D512 evaluation boards are designed to work either in standalone mode or as part of the Freedom development platforms for quick application prototyping. They are fully supported by a comprehensive enablement environment.
See more at: products.avnet.com/ema/iot/nxp
ĄĄ ĄĄ
ĄĄ
Full IEEE 802.15.4 compliant wireless node Software support: Thread, ZigBee Pro, 802.15.4 MAC and SMAC, Kinetis Software Development Kit (SDK) Reference design area with small footprint, low-cost RF node: • RF circuitry includes a Balun to convert the differential input/output pin of the MKW24D512 transciever to single-ended for on-board signal routing • Low off-chip component count • Programmable output power from -35 dBm to +8 dBm at the SMA connector, no trap • Receiver sensitivity: -102 dBm, typical
ĄĄ
Integrated PCB inverted F-type antenna and SMA RF port
ĄĄ
Selectable power sources
ĄĄ
32 MHz reference oscillator
ĄĄ
32 kHz clock oscillator
ĄĄ
2.4 GHz frequency operation (ISM Band)
ĄĄ
External serial flast for over-the-air programming (OTAP) support
ĄĄ
Multiple push buttons and LEDs
ĄĄ
OpenSDA debug interface
ĄĄ
Combo sensor, 6-axis sensor with integrated linear accelerometer and magnetometer
iotdesign.embedded-computing.com/p373799
Avnet, Inc.
http://products.avnet.com www.iotdesign.embedded-computing.com
technical.support@avnet.com ĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄ www.twitter.com/avnetdesignwire 480-643-2000 www.linkedin.com/company/avnet-electronics-marketing
IoT Design Guide 2015
43
IoT Design Guide
Smart Home
IoT Design Guide
Wireless, Cloud
Microsoft® Windows® 10 IoT Platform Solutions
windows 10 enterprise
Online Training:
ĄĄ
Ken Marlin, Microsoft® MVP and Technical Manager at Avnet will take you through the steps to get your next Windows® 10 IoT project off the ground. He’ll walk you through the steps to get authorized for embedded products, how to get access to the media and keys, touch base on the licensing options and then take you through the steps to start your first Windows 10 IoT image. From there he’ll dig into some of the lockdown features and discuss the real world situations like security updates and recovery options. We’ll also explore Windows 10 IoT’s enterprise grade security, manageability and cloud connectivity capabilities. Join Ken as he’ll provide you with everything you need to launch your next Windows 10 IoT project.
One Windows Platform: Windows 10 enables the
creation of Universal Windows apps and drivers that can target every Windows 10 device including a wide range of intelligent devices from IoT Gateways to POS devices to Industrial automation systems. With a common device management stack, intelligent devices powered by Windows 10 can be managed with the same tools as your PC’s, Phones and Tablets.
ĄĄ
Secured: Windows 10 provides enterprise grade security
and reliability to ensure your devices and data are protected against today’s modern security threats. Windows 10 also enables you to provide a dedicated device experience for line of business applications.
ĄĄ
Connected: Windows 10 is designed to work well with other
devices, your cloud services and leverage your existing investments. Windows 10 inherent connectivity for device-to-device, sensor-to-device, and device-to-cloud make it an ideal platform for intelligent devices as part of an overall IoT solution.
See more at: products.avnet.com/ema/iot/microsoft
iotdesign.embedded-computing.com/p373798
Avnet, Inc.
http://products.avnet.com
44
IoT Design Guide 2015
technical.support@avnet.com ĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄ www.twitter.com/avnetdesignwire 480-643-2000 www.linkedin.com/company/avnet-electronics-marketing
www.iotdesign.embedded-computing.com
Texas Instruments SimpleLink™ Multi-standard CC2650 SensorTag™ Kit The new SimpleLink™ multi-standard SensorTag kit invites you to realize your Internet of Things (IoT) product idea. Including 10 low-power MEMS sensors in a tiny package, the kit is expandable with DevPacks to make it easy to add your own sensors or actuators. Connect to the cloud with Bluetooth® Low Energy (BLE) and get your sensor data online in three minutes. The FEATURES SensorTag is ready to use in the cloud with an iOS and Android app, with no programming experience required to ĄĄ Support for 10 low-power sensors, including ambient light, digital microphone, magnetic sensor, humidity, get started. pressure, accelerometer, gyroscope, magnetometer, object The new SensorTag is based on the SimpleLink CC2650 ultra-low power wireless microcontroller (MCU), offering 75% lower power consumption than previous BLE products. This allows the SensorTag kit to be battery powered, and offer years of battery life from a single coin cell battery. The BLE SensorTag includes iBeacon technology. This allows your phone to launch applications and customize content based on SensorTag data and physical location.
temperature and ambient temperature
ĄĄ
ĄĄ
ĄĄ
ĄĄ
Ultra-low power, with years of battery life from a single coin cell battery and enabling battery-less applications through the ARM® Cortex®-M3 based ultra-low power SimpleLink CC2650 wireless MCU. Cloud connectivity lets you access and control your SensorTag kit from anywhere Multi-standard support enables ZigBee or 6LoWPAN through a simple firmware upgrade DevPacks allow you to expand the SensorTag to fit your designs
Additionally, the SensorTag kit can be enabled with ZigBee® and 6LoWPAN technology.
See more at: products.avnet.com/ema/iot/ti iotdesign.embedded-computing.com/p373800
Avnet, Inc.
http://products.avnet.com www.iotdesign.embedded-computing.com
technical.support@avnet.com ĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄĄ www.twitter.com/avnetdesignwire 480-643-2000 www.linkedin.com/company/avnet-electronics-marketing
IoT Design Guide 2015
45
IoT Design Guide
Wireless, Cloud
IoT Design Guide
Wireless, Cloud
FieldPoP™ Device Cloud and FieldServer IIoT Gateway Are your products looking to take advantage of the Industrial Internet of Things (IIoT)? Are you looking to gain visibility into where your products are sold and deployed? Do you want to remotely connect to and diagnose your products so that you know what to expect when your support personnel go on-site? Wouldn’t it be even better if you could proactively support and enhance your products and avoid unplanned downtime? Wouldn’t your development engineers like to know how your products are actually being used in the field so that they could design the next generation of killer features? Wouldn’t it be great if your sales people could identify upsell opportunities based on actual customer usage patterns? This is the promise of the IIoT. As Simple as 1-2-3-4
ĄĄ
Consider IIoT-enabling your leading products with the FieldPoP™ device cloud and the FieldServer IIoT gateway from Sierra Monitor Corporation. Incorporating this technology is as simple as 1-2-3-4. 1. Incorporate the FieldServer gateway into your product. The gateway becomes your product’s multi-protocol interface – letting your products plug into an IP network and having them talk the required protocols to connect to other systems and to the cloud. Perhaps you want to add this functionality as an external module, or perhaps this functionality should be designed into your product enclosure. We support either option. 2. Add “data smarts” to your product by leveraging the powerful application engine on the FieldServer gateway. We provide easy-to-use applications on the gateway that display, trend, and log data produced by your products. Need help customizing these applications to your unique product needs? It’s a snap. 3. Click once (on the gateway) and connect to the cloud! All our FieldServer gateways have the ability to register with our FieldPoP device cloud and subsequently be accessed from anywhere – securely. When the gateway connects to the cloud, your products are cloud-connected. Their status information and data are available in the FieldPoP cloud. Want to notify certain people if certain events happen? No problem – FieldPoP can do that for your products. Establish your account on FieldPoP and have access to your entire installed base of IIoT-enabled products at your fingertips. 4. Analyze and act upon the rich trove of data that your products send up to FieldPoP. Pick your favorite applications or application platforms and use the FieldPoP’s REST APIs to access and control your field data. Use the power of analytics to benchmark your performance and discover new opportunities to grow your business.
Sierra Monitor Corporation www.sierramonitor.com
46
IoT Design Guide 2015
FEATURES
ĄĄ
ĄĄ
ĄĄ
ĄĄ
ĄĄ
ĄĄ
ĄĄ
ĄĄ
On-ramp to the IIoT: Transform your industrial devices into smart, cloud-connected devices Secure remote access: Securely access and remotely monitor your entire fleet of registered gateways and their local applications with no firewall dependencies Device management: Manage and connect to all of your and your customer's registered devices from one webbased interface User management: Set up your installation and support team, and your customers with the right security permissions and device assignments Third-party cloud platform integration: Plug into and synchronize with popular cloud platforms to provide field product data for business and analytics applications Notifications: Use cloud-based notification services such as texting and email to bring information to people when they need it and how they need it Software upgrades: Remotely download and install software upgrades and minimize unnecessary field visits Application Engine: Add intelligence to your industrial devices with local applications to produce device data for diagnostics, analysis, and graphical trends Protocol translation: Seamlessly complete any building automation project with our library of 140+ open and proprietary protocol drivers iotdesign.embedded-computing.com/p373793
info@sierramonitor.com www.linkedin.com/company/sierra-monitor-corporation
408-262-6611 @sierramonitor
www.iotdesign.embedded-computing.com
Your partner in testing the Internet of Things Internet of Things applications for smart homes, connected cars, smart cities, smart utilities, wearable devices and smart industries are becoming ubiquitous. Rohde & Schwarz supports manufacturers and suppliers with T&M solutions for developing and producing wireless M2M communications systems for the Internet of Things. ❙ Worldwide network of development and service locations ❙ World leader in T&M solutions for technologies such as Wi-Fi, Bluetooth®, GSM and LTE ❙ Member of international standardization bodies www.rohde-schwarz.com/ad/IoT