RTC Magazine

Putting the Safety in Safety-Critical FPGAs and Flash Bridge System Elements Development Tools Take Aim at the IoT The Magazine of Record for the Embedded Computer Industry

14 18 26

Vol 16 / No 5 / May 2015

Graphical Interfaces Link Users to Small Systems

An RTC Group Publication

POWER PROCESSING POWERING INNOVATION WITH

THE MPC7410

HOST PROCESSOR. Designed to deliver high performance while minimizing power usage, the MPC7410 provides a mature off-the-shelf microprocessing solution that you can count on for now and years to come.

Raytheon.com Connect with us:

© 2015 Raytheon Company. All rights reserved. “Customer Success Is Our Mission” is a registered trademark of Raytheon Company.

CONTENTS

The Magazine of Record for the Embedded Computing Industry

EDITORS REPORT

IoT DEVELOPMENT TOOLS

10

The Cloud Becomes a Service Platform: IoT Development Made Easy by Tom Williams, Editor-in-Chief

TECHNOLOGY CORE SAFETY CRITICAL SYSTEMS

14

30 Embedded’s Gone Cute

by Wayne McGee and Bill Ripley, Creative Electronic Systems

TECHNOLOGY CONNECTED

UNITING SYSTEMS WITH FPGAS AND FLASH

18

DEPARTMENTS 06

EDITORIAL

07

INDUSTRY INSIDER

38

From Fantasy to Engineering: We Build the Real World from Imagination

Latest Developments in the Embedded Marketplace

PRODUCTS & TECHNOLOGY Newest Embedded Technology Used by Industry Leaders

Introduction to Safety Critical System Design

How to Build Reliability into Embedded Systems using eMMC Flash by Dave Hughes, HCC Embedded

22

Modern Avionics Rely on Robust, Flexible FPGA Designs by Stephen Cunha, MEN Micro

TECHNOLOGY IN SYSTEMS TESTING DEVICES FOR THE IOT

26

Simulating Your IoT design; Will Your Large-Scale Deployment Work in Practice? by Jakob Engblom, Wind River

TECHNOLOGY DEVELOPMENT GRAPHICAL USER INTERFACES

30

Embedded’s Gone Cute by Rafael Roquetto, KDAB

34 14

Rugged, Factory-friendly Panel PCs Clear a Path for Industry 4.0 by Walter Steinbeisser , ADLINK Technology

Introduction to Safety Critical System Design RTC Magazine MAY 2015 | 3

RTC MAGAZINE

PUBLISHER President John Reardon, johnr@rtcgroup.com Vice President Aaron Foellmi, aaronf@rtcgroup.com

congatec’s NEW Intel®-based Thin Mini-ITX Motherboards

EDITORIAL Editor-In-Chief Tom Williams, tomw@rtcgroup.com Senior Editor Clarence Peckham, clarencep@rtcgroup.com

conga-IC87 Intel® Core™ conga-IA3 Intel® Atom™SoC

Contributing Editors Colin McCracken and Paul Rosenfeld

ART/PRODUCTION Art Director Jim Bell, jimb@rtcgroup.com Graphic Designer Hugo Ricardo, hugor@rtcgroup.com

www.congatec.us 6262 Ferris Square | San Diego | CA 92121 USA 1 858 457 2600 | sales-us@congatec.com

ADVERTISING/WEB ADVERTISING Western Regional Sales Manager Mike Duran, michaeld@rtcgroup.com (949) 226-2024 Western Regional Sales Manager Mark Dunaway, markd@rtcgroup.com (949) 226-2023 Eastern U.S. and EMEA Sales Manager Ruby Brower, rubyb@rtcgroup.com (949) 226-2004

intelligentsystemssource.com

WE ASSURE YOU HIT A BULLSEYE EVERYTIME...

BILLING Vice President of Finance Cindy Muir, cmuir@rtcgroup.com (949) 226-2021

TO CONTACT RTC MAGAZINE: Home Office The RTC Group, 905 Calle Amanecer, Suite 150, San Clemente, CA 92673 Phone: (949) 226-2000 Fax: (949) 226-2050 Web: www.rtcgroup.com

WITH JUST A COUPLE CLICKS. • See Instructional Videos • Shop Boards Online • Read Articles & More • Request a Quote

4 | RTC Magazine MAY 2015

Editorial Office Tom Williams, Editor-in-Chief 1669 Nelson Road, No. 2, Scotts Valley, CA 95066 Phone: (831) 335-1509 tomw@rtcgroup.com Published by The RTC Group Copyright 2015, The RTC Group. Printed in the United States. All rights reserved. All related graphics are trademarks of The RTC Group. All other brand and product names are the property of their holders.

EDITORIAL

From Fantasy to Engineering: We Build the Real World from Imagination by Tom Williams, Editor-In-Chief

It started with a pair of salt and pepper shakers. A simple pair of stainless steel salt and pepper shakers were bought in a store and used as props for the early medical sensors employed by Dr. “Bones” McCoy in early Star Trek episodes. Bones would pass them over the patient’s body and pronounce a diagnosis. This rapidly led to the more advanced Tricorder and to the computer-based sick bay we are all familiar with. I will claim here that this imaginative vision gave impetus to serious thought among physicians and engineers on how to develop such devices in the real world. We are now witnessing a cascade of electronic medical devices and a living demonstration of how much of the emergence of this world of technology comes from human imagination. So much of what constitutes the world around us has first emerged from human imagination— indeed from human fantasy—and a great deal of that has initially been disparaged by “realists” or by economic interests that feel threatened by potentially disruptive technology. Of course, not all wild ideas are or can be realized, but so many of them travel the course from fantasy to art or film to speculation and experiment facing down denial or even outright opposition to prototype and successful demonstration and on to development, deployment and acceptance. I can even remember arguing with colleagues about whether Java would find its way into embedded systems. They had reasons why it would not, but engineers and programmers were determined to make it so and today it can be found almost everywhere.

Now we have a very serious—serious in terms of offering a 10 million dollar prize—to develop a tricorder, the handheld diagnostic device that also comes from Star Trek. Qualcomm is sponsoring a global competition

6 | RTC Magazine MAY 2015

to develop an instrument capable of diagnosing 13 required core conditions and five required vital signs. The required conditions are: anemia, atrial fibrillation, COPD, diabetes, hepatitis A, leukocytosis, pneumonia, otitis media, sleep apnea, stroke, tuberculosis, urinary tract infection and absence of condition. Contestants then must choose three conditions from an optional list that includes melanoma, osteoporosis and food-borne illness among others. All this must be incorporated in an instrument weighing no more than five pounds. The FDA is participating to offer regulatory input and post-competition review. Final judgement and awards are scheduled for early 2016. In its own statement, Qualcomm states, “. . .the XPRIZE Foundation and the Qualcomm Foundation seek to make 23rd century science fiction a 21st century medical reality that will empower consumers to take control of their own healthcare and improve the quality of life for people everywhere.” Oh, but it doesn’t end there. Now NASA appears to be putting serious effort into investigating the possibility of a warp drive. Warp drive is what the popular press had been calling a mysterious phenomenon that could more properly be called a microwave thruster that appears to generate momentum without pushing against anything else. The “Cannae Drive” demonstrated by chemical engineer Guido Fetta works by bouncing microwaves inside a cavity designed with little wells along the bottom edge. When microwaves are bounced around inside the cavity, they created an imbalanced, upward thrust. A NASA test has revealed a measurable thrust

of 30-50 micronewtons, which while not a lot, seems to go against the laws of classical physics that say there should be no thrust at all. So far, there is no satisfactory explanation for this thrust. There is some speculation that it may involve interaction with “the ghostly cloud” of quantum virtual plasma, the particles and anti-particles that are constantly appearing and disappearing in empty space. Once a phenomenon like this can actually be measured, there will be a push to understand it and once understood, there will be a push to exploit it for extremely fast space travel or the stabilization of satellites that do not need a heavy fuel load. While such a drive, if developed, would not achieve superluminal speeds like the warp drives we have come to be familiar with, it would represent a definite advance—an advance that again was stimulated by fantasy and imagination. The fictional warp drive supposedly works by rapidly bending short chunks of space-time ahead of the ship. We still haven’t figured out how to do that, but don’t write it off just yet. There are more things happening out there. We still are trying to figure out what ultimate shape the Internet of Things will take, whether, as some predict, artificial intelligence could turn on and dominate the human race. We are seeing the emergence of renewable energy, which seems to be gaining the economic upper hand over fossil fuels. We are seeing the increasing acceptance of electric vehicles. There are things cooking in labs all around us that may appear unexpectedly. So dare to dream . . . but then get busy and do the math.

INDUSTRY INSIDER

Wind River and Mathworks Integrate Simulation Technologies for Advanced Model-Based Design Wind River is working with MathWorks to integrate Wind River Simics with MathWorks’ Simulink for improved model-based design workflows. This collaboration creates smarter system verification by enabling testing and co-simulation of combined design and platform models, and helps drive better designs while removing risk from future development, test, and integration. By alleviating these risks, this solution can be particularly valuable to engineering teams developing complex and safety-critical products for industries such as aerospace and defense, automotive, and industrial markets. Model-based design is transforming the way engineers and scientists work by moving design tasks from the lab and field to the desktop. In model-based design, a system model is at the center of the development process, from requirements development through design, implementation, and testing. When software and hardware implementation requirements such as fixed-point and timing behavior are included in model-based design, teams can automatically generate code for embedded deployment and create test benches for system verification, saving time and avoiding the introduction of manually coded errors. As part of an ongoing collaboration with MathWorks, Wind River has integrated Simics with Simulink to support processor-in-the-loop (PIL) testing. Simulink is a block diagram environment for multi-domain simulation and model-based design, and has widespread usage for model-based design in the embedded system market. It supports simulation, automatic code generation, and continuous test and verification of embedded systems. PIL testing checks that code generated from a Simulink controller model using Embedded Coder will run correctly on the actual processor that will be used in the final target system. Prior to PIL testing, control algorithms are typically developed and validated on the host, using a high-precision floating point math and with no concern for the implementation system and any cross development tools such as compilers that can impact on-target behavior. The Simics PIL integration for Simulink is available today for all Simics customers.

Integrity Security Services Chooses Security Innovation as Partner for “Connected Cars” Security Innovation’s Aerolink software has been selected by Integrity Security Services (ISS), a Green Hills Software company, for Vehicle to Everything (V2X) communications security. Aerolink will be incorporated into the ISS Automotive Security Development Toolkits. Aerolink will be the default message security implementation when organizations plan to leverage the superior security and functionality of Integrity Security Services for their V2X application. In addition, Security Innovation has incorporated the ISS native FIPS 140-2 compliant, embedded Cryptographic Library into Aerolink. As a leading provider of software for the automotive industry, ISS sought a partner with deep expertise in the latest protocols and who is well respected in the automotive/V2X industry. ISS joins a growing list of suppliers in the connected car application that partner with Security Innovation to deliver the most secure V2X security solutions.

ZigBee Alliance and Thread Group Collaborate to Aid Development of Connected Home Products

The ZigBee Alliance and the Thread Group have announced they are collaborating to enable the ZigBee Cluster Library to run over Thread networks. By working together, ZigBee and Thread can jointly provide an interoperable solution to help streamline product development and ultimately improve the consumer’s experience in the connected home. The ZigBee Cluster Library standardizes application-level functionality for a wide variety of devices used in smart homes and other markets. Thread is a wireless networking protocol that can support multiple low-bandwidth IP-based application protocols to provide secure and reliable networks, simple connectivity and low power in the home. Both organizations remain committed to their independence while cooperating to benefit their respective members. The ZigBee Alliance is a global association of companies working together to enable reliable, cost-effective, low-power and wirelessly networked monitoring and control products. ZigBee is a wireless standard used to connect a wide variety of everyday devices to improve comfort, security and convenience in homes and businesses. “By agreeing to work together, ZigBee and Thread are taking a big step towards reducing fragmentation in the industry,” said Chris Boross, president of the Thread Group and technical product marketing manager, Nest. “Thread is designed to work with and support many different application layer protocols, and we look forward to working with ZigBee to create a combined solution for the connected home.” Thread enables product developers to create, and consumers to enjoy, products that easily and securely connect to a low-power wireless mesh network, with direct Internet and cloud access for every device. Using proven standards including IPv6 technology with 6LoWPAN and standard 802.15.4 radios as its foundation, Thread gives product developers a reliable low-power, self-healing, and secure network over existing wireless standards. RTC Magazine MAY 2015 | 7

INDUSTRY INSIDER

VITA Standards Organization Ratifies VITA 78 SpaceVPX Systems Standard The VME Industry Trades Association (VITA) has announced that VITA 78 “SpaceVPX Systems” has reached ANSI recognition as ANSI/VITA 78.00-2015. This specification has completed the VITA and ANSI processes reaching full recognition under guidance of the VITA Standards Organization (VSO). ANSI/VITA 78 defines an open standard for creating highperformance fault-tolerant interoperable backplanes and modules to assemble electronic systems for spacecraft and other high availability applications. Such systems will support a wide variety of use cases and potential markets across the aerospace and terrestrial communities. This standard leverages the OpenVPX standards family and the commercial infrastructure that supports these standards. The goal of SpaceVPX Systems is to achieve an acceptable level of fault tolerance while maintaining reasonable compatibility with OpenVPX components, including connector pin assignments. For the purposes of fault tolerance, a module is considered the minimum redundancy element. For high reliability applications, the major fault tolerance requirements are: • Dual-redundant power distribution (bussed) where each distribution is supplied from an independent power source. • Dual-redundant utility plane signal distribution (point-to-point cross-strapped) where each distribution is supplied from an independent system controller to a module that selects between the A and B system controllers for distribution to each of the slots controlled by the module. • Card-level serial management • Card-level reset control • Card-level power control • Matched length, low-skew differential timing/synchronization/ clocks • Fault tolerant Power Supply Select (bussed) • Fault tolerant System Controller Signal selection (bussed) • Dual-redundant data planes (point-to-point cross-strapped) • Dual-Redundant control planes (point-to-point cross-strapped) • Each module is a managed field replaceable unit as defined by VITA 46.11 Copies of the specification are available for purchase at the VITA Online Shop (http://shop.vita.com/).

8 | RTC Magazine MAY 2015

Healthcare, Energy and Environment Top Consumer Priorities for Tech and Innovation Healthcare, renewable energy and the environment should be the top priorities for technology and innovation according to a global study of 3,500 consumers released today by element14, the global online network of more than 325,000 engineers and technology enthusiasts. The study, Engineering a Connected World, also explores consumer interest in and adoption of emerging technologies such as the Internet of Things (IoT), driverless cars, robotics and gesture control. The results of the global consumer research, carried out in the United States, United Kingdom, Australia, China, France, Germany and India, reveal that 59 percent of people identified healthcare as a top priority for technology and innovation, followed by renewable energy (56 percent) and the environment (47 percent). Opinions vary considerably by region, however. For example, education is more of a priority in India than elsewhere, space exploration and aerospace is almost three times more important in China than the rest of the world, and those living in Germany are most interested in advancing entertainment via technology. The study also reveals some specific technologies that consumers would like to see become a reality in 2015, such as universal high speed Internet (68 percent) and flexible or foldable screens (40 percent). Of those surveyed, 37 percent would like to see self-driving cars become a reality this year, and space tourism appeals to 15 percent of those questioned. The study is part of element14’s broader “Engineering a Connected World” initiative which includes a series of global design challenges set to launch over the next 24 months. The challenges will focus on innovation in energy efficiency, food production and medical technology, and in leading them Newark element14 will oversee the development of more than 100 engineering concepts and prototypes. The first “Engineering a Connected World” challenges are already underway. “Enchanted Objects” tasks engineers with re-imagining everyday objects using embedded IoT technology. “Sci Fi Your Pi,” sponsored by Raspberry Pi creator Pi Trading, challenges engineers and enthusiasts to use the Raspberry Pi 2 to design applications inspired by science fiction. New challenges are also planned around vertical farming and smart vehicle technology. Specialist experts from each field have been enlisted to judge entries and mentor finalists, and element14 will provide support in the form of parts, tools, software and advice.

INDUSTRY INSIDER

Altera Joins Industrial Internet Consortium to Influence Global Ecosystem for Internet of Things Altera has announced the company has joined the Industrial Internet Consortium, a collaborative industry organization facilitating development of a global ecosystem for the Internet of Things (IoT). Specifically, Altera is working together with the consortium’s membership on technical roadmaps to build out the Industrial Internet, a network of intelligent devices and sensors between which data can be exchanged via different connectivity protocols to drive productivity enhancements across a wide range of end-market applications. The promise of IoT is that this intelligent connected network will enable companies to create “smart” new business applications that deliver asset and operational optimization and streamline or automate existing processes. FPGAs enable intelligent and flexible iot gateways and analytics acceleration and Altera’s highly customizable FPGA and SoC products offer designers the ability to securely bridge diverse and evolving wired and wireless interface standards across a broad range of IoT applications. FPGA technology also supports the acceleration of data analytics and control functions in both the data center, and locally, at the edge, that are core to emerging IoT application requirements. Altera FPGA, SoC and power products already play a significant role in enabling connectivity in RF wireless systems and machine-to-machine communication networks. In addition, programmable logic is applied extensively in factory automation and smart grid applications, supporting high-performance control and analytics that enhance the efficiency, safety, and security in advanced manufacturing and power systems. FPGAs are also being deployed in next-generation automotive and medical IoT systems, and in smart city applications, such as intelligent lighting and traffic management systems that incorporate high-performance embedded vision and video analytics capabilities. The Industrial Internet Consortium is an open membership organization, with more than 150 members to date, formed to accelerate the development, adoption and widespread use of interconnected machines and devices, intelligent analytics, and people at work. Founded by AT&T, Cisco, General Electric, IBM and Intel in March 2014, the Industrial Internet Consortium catalyzes and coordinates the priorities and enabling technologies of the Industrial Internet.

GE to Help US Air Force Define Future High Performance Embedded Computing Architectures GE’s Intelligent Platforms business has announced that it has been awarded a contract that will see the company undertaking a six month research program to help the United States Air Force define open architectures for future generations of radar processors onboard USAF platforms. The program will be carried out at GE’s HPEC Center of Excellence in Billerica, MA. The study involves the benchmarking and optimization of synthetic aperture radar (SAR) and ground moving target indicator (GMTI) radar modes on multiprocessor high performance embedded computing (HPEC) systems comprising ‘conventional. CPUs and GPUs interconnected by high speed fabric.

Also included in the award is the development of a lab-based processor system that has a clear path to rugged deployment on US Air Force platforms. Such a platform will embrace the open system architecture (OSA) approach based on open and de facto industry standards and interfaces in both hardware and software. GE’s Center of Excellence (CoE) has the primary goal of supporting customer demand for high technology readiness level (TRL) COTS solutions that can shorten time-to-market, minimize cost and help to eliminate program risk, allowing prime contractors, system integrators and OEMs to focus on value-add and create competitive advantage. The Center takes advantage of GE’s COTS Rugged Systems (CRS) capability to support the rapid deployment of systems to the field. The Center also supports the development of custom systems that are configured, tested and integrated with software to meet specific customer needs. Additionally, consulting services are available through the HPEC CoE that can help customers with architecture definition, application development and performance optimization. It can also create application-focused algorithms for use in performance and capability demonstrations which can be provided to customers to assist in their development process. RTC Magazine MAY 2015 | 9

EDITORS REPORT IoT DEVELOPMENT TOOLS

The Cloud Becomes a Service Platform: IoT Development Made Easy Developing applications for the Internet of Things need no longer start from scratch. There is an environment for providing connectivity and associated Cloud services as well as easing development of user applications. by Tom Williams, Editor-in-Chief

As with most new technology advances, the Internet of Things—in terms of both concept and implementation—has had something of the character of the Wild West. That is not a criticism; it is simply and observation and is quite normal. It means that developers and companies are striking out with innovative ideas, system designs and product introductions. Thar’s gold in them thar hills and the quest is on to find it. Eventually, of course, things tend to settle out with successful technical approaches gaining acceptance, business models forming around solid technology models, standards being established—like a cow town being tamed by solid merchants and a new marshal. No one will claim that the IoT is not still in a state of innovative exploration. But at the same time, few will deny that it represents a real value in terms of vast numbers of applications it can address and the opportunity for a huge range of economic opportunity. We now seem to be seeing the arrival of some sets of stable tools and approaches that are designed to help manufacturers and system developers set up and manage IoT environments without the need to start from scratch. They are necessarily based on some preconceived notions in order to shield developers from gritty details, but also try to maintain flexibility given the huge variety of potential application areas. A case in point is the IoT Cloud Platform from Ayla Networks. The Cloud Platform takes the rather generic view of an IoT environment that it consists of a number of connected devices (sensors, actuators and machines with some degree of intelligence) the Cloud with all its data collection, management and storage capabilities and user interfaces in the form of PCs, tablets, smartphones and similar devices. Ayla has created solutions and tools to support all three of these elements with the aim of simplifying the complexity and shortening the time of project development. They take the form of Ayla embedded agents, Cloud services and application libraries. The latter have been recently enhanced with the addition of the Agile Mobile Application Platform aimed at helping developers quickly create 10 | RTC Magazine MAY 2015

Figure 1 The Ayla Cloud Platform includes a whole range of services for connectivity, data management and user/device interfacing. On the one side, users access the Ayla Cloud from customized apps running on smartphones, tablets and desktop machines to access and control devices connected and identified via the Ayla software agents within them.

user apps. Naturally, some aspects of the solution make is specific to Ayla’s environment but there is an effort to also provide maximum flexibility and ease of connectivity.

The Device

On the device end, Ayla has created an embedded agent that runs on IoT devices and/ IoT gateways. The agent is an optimized network stack along with additional protocols including security that can be built into devices to connect them to the Internet and then through to the Ayla Cloud. Ayla has partnered with a number of semiconductor manufacturers such as Broadcom and Marvell to embed their agent in versions of those companies’ Wi-Fi chips. The Broadcom versions, for example, are identified with an “A” at the end of the part number. The aim

is to enable new designs as well as create a path to upgrade existing designs for IoT connectivity. Manufacturers would create their own proprietary application software on their products and incorporate the embedded agent to which the application would connect.

The Cloud

From the perspective of embedded development, even for the IoT, one often gets the impression that the attitude is, “Oh yeah, the Cloud.” But the services that are provided within that misty realm of servers, databases and management tools are vital to the functional success of the system—for manufacturers, managers and users. The Ayla IoT Cloud Fabric, which hosted on Amazon Web Services (AWS) provides a selection of native applications and services designed for use by developers and manufacturers and others designed to enable user applications and interaction—as well as the creation of user applications (Figure 1). As already mentioned, connectivity, including but not limited to Wi-Fi is enabled by the agent, which allows out-of-the box device registration. There is also a LAN connect capability that lets developers link devices directly to the Cloud if they wish or connect them via a gateway that then links to the Cloud. Security includes 128-bit SSL encryption, root key protection and multi-layer authentication. Also contained within the Cloud are numerous services that form the foundations providing user features for application development. There is, for example, a rules engine that can automate device-to-device communication based on almost any selected data input or condition. Basic services such as scheduling and event notification can be called and defined from the user app without the need to program all the underlying details. Scheduling and event management can be customized with the development of the individual application. In addition—important for offering services targeted at the level of the person getting access—there is role-based access control. Access control allows users, and indeed different levels of users access to distinct services and data within an application or among applications. Likewise, the device manufacturers and system managers can be set up with open or controlled access to additional services such as data visualization, audit logging, etc., by means of the user policy manager that further defines roles for customer, dealer (e.g., sales data, customer profiles), installer (device and virtual device identification), manufacturer, etc., with full policy control and visibility.

The User

On the other end of the Cloud is the user and the user application, which accesses the devices through the Cloud either directly (rare) or by means of the Cloud-based services. Until recently, Ayla has provided software libraries with which to start building applications. These, however, left much of the user interface and user experience to be defined from scratch. Now there is the Agile Mobile Applications Platform (AMAP) that jump-starts the development of iOS and Android apps. And it allows apps for

Figure 2 The Agile Mobile Application Platform lets developers set up user interfaces and define their interactions. Shown here is the example of a temperature control. The look and feel can be further customized by the customer or in cooperation with an Ayla qualified partner.

both operating systems to be developed simultaneously. The AMAP is built upon Ayla’s mobile software libraries and provides pre-made, pre-tested software code that supports the primary features that consumers expect from mobile app control of a connected device, such as sign-in, user registration, device setup and control, password recovery, Wi-Fi and Zigbee setup, schedule creation and management, support for push notification and timer setup. Ayla provides the AMAP code in the form of workflows optimized for specific vertical markets, including HVAC (heating, ventilation and air conditioning), major home appliances or lighting. AMAP is scalable to any type of connected device. It provides a framework on top of the application program interfaces (APIs) and mobile libraries that allow IoT devices to connect to the Ayla cloud and to integrate with iOS or Android code. All AMAP code development is done in native Objective C and Java languages, which ensures a high level of quality for manufacturers’ mobile apps. Although Ayla is starting by concentrating on the consumer arena such as appliances and home automation, there is nothing preventing it from expanding to other areas such at industrial control. The same underlying code used to read, set and adjust temperature could as easily be customized by defining the appropriate parameters and designing the fitting user interface such as the RPMs of a machine as opposed to temperature. It’s just a matter of how many properties you have and how you want to manipulate them. The user code sits on top of the libraries, which connect to the Cloud and from there to the devices. Ayla provides a number of starting layouts and schemata, which can also be changed and customized to reflect a given manufacturer’s brand and style (Figure 2). RTC Magazine MAY 2015 | 11

EDITORS REPORT IoT DEVELOPMENT TOOLS In addition to the Cloud (Amazon, etc.) and technology (Broadcom, etc.) partners, Ayla also has teamed with a number of partners who already understand the platform to help customers both in the development of smart, connected devices as well as with the development of mobile connected software. Thus a customer with an innovative business model that involves or even requires access to the IoT has the option to use their own expertise when and where applicable as well as to contract with specialists who can help bring those ideas into reality. The emergence of such software service technologies aimed at the Internet of Things may be a sign of maturation in an

12 | RTC Magazine MAY 2015

industry segment that is moving from the every man for himself model to one of prebuilt components and service specialists who can tailor products for manufacturers to take advantage of IoT connectivity. Ayla Networks Sunnyvale, CA (408) 830-9844 www.aylanetworks.com

Embedded Software Development Tools

Build smaller, faster, and more energy efficient software with SOMNIUM速 DRT SOMNIUM DRT Freescale Kinetis Edition is a complete C/C++ embedded software development environment for Freescale Kinetis MCUs.

SOMNIUM DRT is: Kinetis Design Studio Code Warrior Kinetis SDK Processor Expert

Compatible

No source code changes needed! Enhanced Eclipse features

Best results Easy to use

Benchmarks show 15% faster 40% smaller 20% less energy

Available now

Windows and Linux versions

Download your free trial now from http://ow.ly/M9PrW

TECHNOLOGY CORE SAFETY CRITICAL SYSTEMS

Introduction to Safety Critical System Design

Well beyond reliable, safety-critical systems must do no harm—to themselves, their operators or to bystanders. There are standards, certification procedures and definite designed methodologies that have been developed to enable such systems. by Wayne McGee and Bill Ripley, Creative Electronic Systems

A safety critical system is generally defined as any system whose failure to operate correctly would cause damage, injury or death. This is different from a mission critical system whose failure would result in an aborted mission, but not cause damage, injury or death. For the purposes of this discussion we will use examples for manned and unmanned vehicles. When we discuss safety certification, we will further restrict this to flying vehicles. Safety critical system design starts with knowing the function of the system and the level of criticality should it malfunction or fail. There exist multiple standards for criticality determination. ARP-4761 is typically used for civil and commercial aircraft. MIL14 | RTC Magazine MAY 2015

STD-882 is used for many U.S. Department of Defense projects, but is not well designed for flying platforms. ARP-4761 defines four levels; Catastrophic, Hazardous, Major and Minor. Other methods typically include four levels as well; changing the names they are called to confuse us. One of the more common names, Safety Integrity Level (SIL) is used by a number of standards, but is not used in the area of interest for this discussion. Once the criticality level is determined a plan to develop the system hardware and software can be designed. If the system is used in civil or commercial aircraft, the system will have to be certifiable to the appropriate level for hardware, software or both. The

Figure 1 A DO-254 DAL-C certified control channel

standards most often used for this are DO-178B or C for software and DO-254 for hardware. These standards define one additional level, No Effect. These are referred to as Design Assurance Levels (DAL). Levels A to E refer to these measures with A being Catastrophic and E being No Effect. The planning stage is critical because omissions in subsequent project phases can lead to significant delays and cost overruns in trying to recover. The plan itself will take into consideration civilian or military, certifiable or not and which entities will need to certify flight worthiness if it flies. Regardless of whether certifiability is required or the transportation mode, the design of any system deemed safety critical must follow a rigorous design and verification plan. As the project plan is being developed, specific requirements for both hardware and software must be captured. Safety critical systems rely not only on the ability to product the correct result, but also to produce the correct result within the correct time period. The time to execute algorithms from the different processes in software must be matched with more than sufficient processing power in the hardware for a proper outcome. Similarly, the plan must detail the test methodologies used to validate both the hardware and software designs as well as the documentation required to show compliance with the plan and design requirements. There are a number of tools commercially available to document and capture different phases of safety critical design projects. At the end of each design phase the project review should audit the output to assure that the work has been done in accordance with the plan and meets the requirements and objectives. Hardware and software developments typically run in parallel efforts, but must still be coordinated. We will discuss each effort separately.

where available and/or up-screen the assembly at the board level. Sufficient mechanical consideration is given for the shock and vibration constraints as well. However, most reference designs start out with the very latest components that are available to show off the high performance shiny new processor. That shiny new processor also comes with a brand new operating system port, but may not yet be supported by a safety critical compliant operating system. The military frequently pushes to get the newest, most powerful technology into its systems, but newness and complexity in the civil and commercial world are not conducive to getting the higher DAL levels certified. With the requirements in hand an appropriate system architecture can be synthesized as a part of the conceptual design phase. To achieve the highest DAL levels some degree of redundancy and/or control/monitor architecture could be selected to detect and correct errors from a malfunctioning unit. Generally speaking, the development process must demonstrate not only nominal functioning, but also coverage of failure cases. Even with identical redundant voting systems there is the possibility that a common unforeseen flaw in the microprocessor, operating system or the compiler used to create the application code could cause all of the system to fail simultaneously. This is known as common cause failure. To eliminate this failure mode the voting systems must be based on different microprocessor architectures, use different operating systems and have the code compiled on different compilers. This is known as dissimilar architecture and/or development. Furthermore, to enforce dissimilarity, it is highly recommended that subsystems are developed by different teams, to avoid partial reuse which will, again, possibly lead to introduce common cause failure... Any functionality not essential to the platform shall be excluded. Unnecessary circuitry only complicates proving compliance and certifiability. Furthermore, certification authorities or auditors particularly pay attention to “derived requirements,� i.e., capabilities not covering upper level requirements, but introduced by the developer.

Hardware

Hardware design for a safety critical system requires a different set of processes compared to doing a typical COTS design. The typical COTS design starts with the reference design from the microprocessor supplier, adds a few features and is then put into the chosen form factor such as VME, VPX or VNX. The design is usually done to either use industrial temperature components

Figure 2 A DO-254 DAL-A certified monitor channel

RTC Magazine MAY 2015 | 15

TECHNOLOGY CORE SAFETY CRITICAL SYSTEMS The conceptual design phase is followed by the implementation phase where the planned design becomes a physical system. Component selection for the selected architecture is key to proving that the hardware design has met the safety criteria. Devices chosen for the design must be mature enough to have demonstrated that they are reliable but still have a long life cycle ahead of them. All of the design elements mentioned earlier apply here, but the documentation required to show compliance is a key difference at this stage. The design verification stage for a safety critical design is far more rigorous than a typical COTS design. In addition to the normal functional, boundary scan, mechanical and thermal testing, programmable devices such as ASICs and FPGAs must undergo extensive testing to insure that all combinations of inputs always result in the correct output. At higher DAL levels, this verification process also requires demonstration of independence: the reviewer is not the author; the tester is not the developer, etc. Figure 1 shows an example of a DO-254 DAL-C certified control channel. Figure 2 shows an example of a DO-254 DAL-A certified monitor channel. Note the difference in complexity. Figure 3 shows an example of a DO-178 / DO-254 DAL-C certifiable mission computer based on 3U VPX COTS modules.

Software

Now that we have followed the flow for the compute platform hardware design we will take a similar look at the software side. The overall software plan and functional requirements must be captured just as with the hardware. The processor choices made on the hardware side will influence the operating system selection as not all suppliers support all processors equally. The software conceptual design will need to allocate and partition different tasks according to execution priority and CPU utilization. Care must be taken to insure that there is no contention for

Figure 2 A DO-178 / DO-254 DAL-C certifiable mission computer based on 3U VPX COTS modules

16 | RTC Magazine MAY 2015

common resources or improper inter-task communication. While security is not the subject here, modern concerns with hacking and tampering could render the system unsafe by unauthorized modification. The software must be capable of verifying that it has been properly provisioned and knows which run mode to execute. As with all of the other design phases, evidence of compliance with the plan and requirements must be documented. Traceability requirements for coding make the use of proper tools for coding and verification mandatory. At DAL-C and above every line of code is subjected to inspection to insure it executes properly and performs according to the requirements. Unused functions in libraries shall be removed, as required to demonstrate 100% structural coverage of statements (DAL C) or decisions (DAL B) or MC/DC (DAL A). The software verification phase subjects the code to multiple levels of testing, reviews and analysis at the source code level to insure compliance and traceability. Once the software and hardware have now been tested somewhat separately, it is time to move to the integration phase. During the Integration phase, the software running on the target hardware is subjected to rigorous testing to verify that all functional requirements have been met. In the final project review all documentation and traceability evidences are checked to insure there have been no omissions from the plan. From here, the system and compliance package can be submitted to the next level of integration. In the case of safety certifications for air worthiness, this is obtained by the airframe manufacturer and each certification is stand-alone. That is why the systems are referred to as safety certifiable as opposed to certified. Each new application will require a new certification. As the now certified system enters production, configuration and life cycle management become very important. Any change to an existing system can trigger the need to retest. Supply chain concerns over counterfeit parts create additional concerns over the life of the system. The manufacturing processes must be tightly controlled to insure no accidental substitution of material or other process changes that could affect board or system stability. In conclusion, the engineering and manufacturing processes required to design and manufacture a safety critical or safety certifiable board or system level product differ substantially from those required for a standard COTS design. The detailed planning required at the system level propagating to both the hardware and software make it incredibly difficult to back into a certifiable system design using standard COTS boards. COTS system components that have been designed from the start for safety critical applications are available from multiple venders. Coupled with the appropriate tools and design methodologies, it is possible to design certifiable systems without resorting to completely custom designs. Creative Electronic Systems, Geneva, Switzerland +41 22 884 51 00 www.ces-swap.com

Embedded and IoT Engineering is Hard – Are you Asking the Right Questions?

Building great embedded devices, including for the Internet of Things, is hard. What about security? Will your device meet performance, reliability, and cost requirements? Do you need an operating system, networking, a file system, a UI, or remote management?

transparent and frequent communication, and deliver on time and within budget.

Your technical and business requirements are the start. We provide turnkey solutions or work with your engineers. We execute using agile development methods, with

High Assurance Systems

Call for a no-cost consultation to accelerate getting your brilliant idea to market!

w w w. h i g h a s s u r e . c o m | ( 6 5 0 ) 7 9 9 - 6 6 1 9

Copyright Š 2014 High Assurance Systems, Inc. All rights reserved

TECHNOLOGY CONNECTED UNITING SYSTEMS WITH FPGAS AND FLASH

How to Build Reliability into Embedded Systems using eMMC Flash While NAND Flash has been a popular storage technology for many years, it’s become more complex to design into an embedded system as it reaches higher densities. That’s where eMMC Flash—which has its own integrated NAND controller—can come in handy. by Dave Hughes, HCC Embedded

Supported by a JEDEC standard that defines all the interface requirements, embedded MultiMedia Card (eMMC) flash memory makes the process of integrating flash with embedded controllers more straightforward. While many system-level technical issues remain, we’ll investigate how eMMC Flash offers promise for the application developer to build reliability into the design. We will investigate the advantages of eMMC Flash and how it can be used to make sure your file system and its contents stay intact. eMMC flash was originally developed by Siemens and Sandisk and is now widely used in devices such as smartphones, digital cameras, point of sale terminals, industrial controllers, etc. Since it was designed for embedded systems, it makes integration extremely easy by taking care of some of the more complex flash handling operations. The built-in NAND controller means that it can be connected to any processor with a compatible memory interface such as MMC/SDIO, and it handles block management, wear leveling, and error correction code (ECC) internally.

eMMC for Simplified System Design

One of the main benefits of eMMC is that it presents a simple interface to the application processor, simplifying system design. This also means the developer can choose from a much wider range of embedded processors since the processor only needs a simple interface to use the flash device. This can help increase the flexibility of the design and may provide options to reduce system cost. Normally supplied in small form-factor BGA packaging (Figure 1), eMMC can be easily designed-in but cannot be unplugged in the same way as an SD/MMC card. This means it can be used in a high integrity, fail-safe ‘by design’ system, but this functionality is not provided by the eMMC chip. In order for eMMC to be completely reliable and fail-safe, there must be a system-level design that incorporates a power management 18 | RTC Magazine MAY 2015

Figure 1 BGA-packaged eMMC chips can be mounted on a range of printed circuit boards developed by HCC to further aid the test and validation process for customers.

strategy. Each layer in the system, from application to driver interface, must provide a defined service to the other. This allows the data and file system to guarantee no data loss or a potentially catastrophic file system failure. How Does eMMC Compare to NAND and SD Card Flash? While NAND flash is the leading flash storage technology used for large quantities of data, there are several important things to consider when using it. The error characteristics of each NAND device type are different, such as the number of bad blocks, bad block markers, and ECC requirements. This means the error correction code (ECC) requirement has to be matched to the microcontroller’s NAND controller interface. NAND flash also needs complex management services such as wear-leveling and bad-block management.

Figure 2 A typical file storage system, showing fail-safe eMMC components on the right.

In the case of the SD card, there is no concept of fail-safety or of data commit points where the state of a card can be guaranteed. This is a real problem for fail-safe operation and presents a risk to data and to the file system integrity. Most SD cards are optimized for high speed at the expense of correctly defined behavior in the event of unexpected reset. Also there is no method for differentiating between critical and non-critical operations. One advantage of SD is that it is removable; a benefit for consumer goods but more problematic for industrial applications like data loggers. Removable media can lead to uncertainty of data and also creates contact/vibration issues. eMMC addresses many of these issues, thanks to several features such as a simple block mode interface that hides all the intricacies of the underlying flash from the user while the level of service is given by the manufacturer at the block level. There are different write modes that allow the user to optimize performance depending on whether the data being written is critical or not. Typically file system meta-data is critical and file data is not so critical – but that also depends on the application and the level of fail-safety provided by the file system. There is also a bi-directional parameter exchange that in particular, allows the card to optimize its operations based on the properties of the host system. And finally, eMMC reduces vibration and unplanned removal issues, because it is provided as a solid-state chip integrated on the target board.

required level of service from that media. A system designed to ensure reliability must include a clear understanding of the critical exceptions – such as unexpected reset or power loss – and how each part of the system will meet the requirements of the components using it when this occurs. Simply using a file system that claims fail-safe operation or journaling has no chance of guaranteeing reliable operation without defining these things. eMMC devices can provide a fundamental building block in a reliable or deterministic storage system with clear advantages over other similar technologies. But as with any concept of determinism or reliability, the whole system has to be taken into consideration and the various components validated both individually and in the context of the complete system. A typical file storage system will consist of four layers that need to be consistent; the generic description is shown in (Figure 2) on the left and the fail-safe eMMC components on the right. Some file systems, such as HCC Embedded’s SafeFAT (Figure 3), achieve fail-safety by: 1. Exactly defining what is guaranteed by the fail-safe properties of the file system to the storage application. 2. Exactly defining what is required of the media driver (and its storage medium) to provide that level of service. To validate this, the HCC Embedded system tests and validates that the driver and the media (eMMC) function as required to guarantee the system is genuinely fail-safe.

File Systems and Reliability

It can be a serious quality issue for an embedded system if the file system, or its contents, become corrupt. To establish tests and verification at the design and implementation stage, the designer has to address some fundamental design challenges, including how to handle file operations and directory structures, how to deal with the integrity of data during power loss or unexpected reset, and how to verify correct operation of the flash. Traditionally the handling of file and directory operations is delegated to an embedded file system. An application gets significant benefits from using a file system: the abstraction of the storage media to a set of data files. However, a file system alone cannot guarantee the integrity of data and the file system itself. Whatever method of ensuring fail-safety is used, the system remains dependent on the storage media and must define a

Figure 3 HCC Embedded’s SafeFAT file system tests and validates that the driver and eMMC function as required to guarantee the system is genuinely fail-safe.

RTC Magazine MAY 2015 | 19

Need a new reflective memory solution

PCI Express Multicast Dolphin combines PCI Express multicast with our SISCI API. The combination allows customers to easily implement applications that directly access and utilize PCI Express’ reflective memory functionality. Applications can take advantage of latencies as low as 0.99µs and throughput at 2650 MB/s. Combined with PCI Express peer to peer functionality, FPGAs and GPUs can distribute data to multiple nodes without the use of a CPU.

Learn how PCI Express™ improves your application’s performance 20 | RTC Magazine MAY 2015 www.dolphinics.com

Figure 4 Customers can plug a variety of PCBs, offered by HCC, into a wide range of standard development board sockets such as MMC/SD interfaces, as well as HCC’s eMMC test and verification platform, thereby eliminating the expense of acquiring pre-installed eMMC boards.

Real-life Media Testing Example

In its labs, HCC Embedded has developed an eMMC test rig that allows HCC to run different test suites. These stress tests help to validate the reliability of both the eMMC media driver and the eMMC used. An SD form factor module has been created to mount eMMC devices for easy handling (Figure 4). On each line A software-controlled relay is placed between the SD/MMC interface controller and the eMMC module,. The test software is used to write test patterns to the module and resets are induced on the control and data lines. The stored data is then verified to ensure it is correct and has no indeterminate sectors and no corrupt sectors. This test is then repeated thousands of times. The test cases are varied to test different use patterns such as large reads, random reads, etc. An additional layer of file system test is also applied to try to isolate problems that may be caused by more complex interactions. These tests are not proof in themselves that the system is fail-safe but they do give a high level of confidence that the system handles even extreme failure events deterministically in the way it was designed. As embedded systems approach higher densities, eMMC Flash answers the call for reliable forms of data storage – offering simplified design, lower costs, and increasingly reliable data security. HCC Embedded Austin, TX (512) 318-2419 www.hcc-embedded.com

ADI Engineering customers want access to source code, and they want to develop custom features while managing costs. The SageBIOS™ BSPs featuring coreboot® open source firmware by Sage Electronic Engineering give us what we need to meet all these needs.

Steve Yates

CEO, ADI Engineering

The future of firmware is open.

www.se-eng.com RTC Magazine MAY 2015 | 21

TECHNOLOGY CONNECTED UNITING SYSTEMS WITH FPGAS AND FLASH

Modern Avionics Rely on Robust, Flexible FPGA Designs Thanks to advances in programmable logic, today’s FPGAs can now be used to make high-reliability systems such as those in avionics both flexible and configurable as well as dramatically reduce the chance of errors that could compromise safety. by Stephen Cunha, MEN Micro

A number of innovations and changes are delivering new capabilities to aircraft operations. Modern aircraft are equipped with numerous electronic components. Some of them – like flight control and guidance systems – provide flight critical functions, while others may provide assistance services that are not critical to the plane’s safe operation, but rather reduce the crew’s workload. As the number of capabilities increases, so does the amount of information that needs to be processed and displayed. Aircraft control systems generally consist of a number of sensors to read environmental or inertial data, with avionic subsystems performing certain flight-relevant control functions and outputs, like control actuators that perform rudder or flap movements. There has always been a need to interconnect these components and traditionally, a set of sensors and actuators were connected to form one avionics function. The main data buses used for these purposes were ARINC-429 and MIL-STD 1553.

AFDX in Today’s Avionics

Asynchronous Full Duplex Switched Ethernet (AFDX, designated ARINC-664) has been designed to account for the

Figure 1 The AFDX network topology is much like any switched, full-duplex network with the exception that the network is doubled.

22 | RTC Magazine MAY 2015

growing number of avionic subsystems in modern aircraft and their complex interaction. It resembles a true IP and UDP packet based on switched Ethernet compliant to the IEEE 802.3 industry standard. Based on these well-established standards, the AFDX technology adds protocol extensions to provide reliable packet transport and bounded transport latency to make it suitable for avionic applications. At the application level, ADFX emulates logical point-to-point connections with clear separation of data streams and bandwidth allocation. In fact, a logic path that provides the same properties to an application as an ARINC-429 connection exists in AFDX. In addition, several of these connections are now multiplexed and run through one Ethernet wire, making AFDX a network architecture that significantly reduces the amount of cable runs. (Figure 1). Networks A and B exist to increase the availability of the service, with packets being transferred on both networks. The receiver picks up the packet that arrives first and discards the second. While the real implementation is more complicated; this basic description provides the framework to see how FPGAs function within this system.

Handling Increased Data Complexity

An AFDX network consists of switches and end systems, which are components connected to the network capable of handling all AFDX-related protocol operations. Usually, an end system is part of an avionic or aircraft subsystem, which needs to send or receive data over the AFDX network. Depending on the network hierarchy, one or more switches are located on the data path between two end systems. At the application level, AFDX is intended to replace ARINC-429 connections. With ARINC-429 representing pointto-point or point-to-multipoint connections, it is not surprising, that AFDX has similar characteristics, with the ARINC-429 connections represented by AFDX virtual links (VLs). A single VL may connect exactly two end systems, in which case it represents a point-to-point connection. It may also connect one ‘sending’ end system with multiple ‘reading’ end

Developers no longer need an additional integration module for the protocols to send information between avionics subsystems.

Design Flexibility Benefits Developers

Figure 2 AFDX End Systems Can Use Robust, High-speed FPGA Designs.

systems, in which case it represents a point-to-multipoint (multicast) connection. The advantages lie in the fact that AFDX presents itself as compatible with legacy solutions at the application level and – at the same time – saves a large amount of cable runs by multiplexing many individual VLs onto a single wire connection, utilizing the increased bandwidth of a 100 Mbit/s Ethernet connection. The VL bundle is de-multiplexed at the destination switch and forwarded to the appropriate end systems. An avionics real-time capable network, like AFDX, is not susceptible to the inherent unsafe data transmission methods found in IP, or even TCP, where the route between peer-to-peer connections is not known upfront, and may even change during the session. Also, as found in IP or TCP transmissions, larger packets are fragmented and re-assembled on their way from sender to recipient, and sometimes packets are received out of order. In AFDX, packet fragmentation may occur to allow for packets larger than the MTU at application level, however, the network guarantees all packets to be received in order. In principle, all network parameters are known and constant in AFDX, with the resulting IP layer being a lean implementation, free of fallback and retry algorithms.

Originating on a set of DO-254 compliant SBCs, this FPGA chip showed a larger potential in other safety-critical applications, specifically avionics. The designers at MEN extracted it from the original SBC design, and engineered it to meet AFDX requirements. The resulting FPGA is not only DO-254-compliant, certifiable up to DAL-A, but was developed according to ARINC 664P7-1. Lending itself to the inherent flexibility of the FPGA architecture, the chip meets specific Airbus and Boeing AFDX requirements simultaneously, allowing it to be used in applications for both airplane suppliers—no design changes are needed. In either case, the flash-based architecture and triple-redundant logic provides real-time capabilities and enables single event upset (SEU) resistance.

Failure Considerations

Any safety-relevant system design needs to consider all possible failure modes of the component, their effects at the interface level, and finally, the probability for them to occur during the period of operation. At a high level, AFDX end system failure modes can be split by distinguishing failures occurring in the

2U server with EXTREME power + cooling

FPGA Technology in an AFDX End System

End systems must continuously receive non-redundant packets on both interfaces with full wire speed without packet loss. Traditionally this was carried out on ASIC technology or on pure software implementations of the protocol stack. A hardware implementation in general has advantages, because the logic and its timing are easier to prove, due to the synchronous nature and the true parallelism in execution. And today’s high end FPGAs are fast, large and robust enough to implement the AFDX protocol for handling the requirements of modern avionics systems. Also FPGAs enable advanced design through their flexible configuration. (Figure 2). Current architectures include a customizable chip that enables users to build AFDX-based communication systems independent of a form factor, while providing high data integrity, redundancy and a deterministic quality of service (QoS). This FPGA can be installed directly on the boards of the end system.

XIOS 2U has: • Ten slots (PCIeGen2 x8) in a 2U chassis • 45W per slot with high-volume cooling • 1-2 Xeon processors • 1-4 removable disks See more at edt.com

RTC Magazine MAY 2015 | 23

TECHNOLOGY CONNECTED UNITING SYSTEMS WITH FPGAS AND FLASH FPGA and those being caused by external components, such as the buffer RAM, PCI-Bus or local power supply. They can be grouped into design or configuration errors, and transient errors caused by cosmic particle radiation, or spontaneous hardware failures. Applying DO-254 to the development and verification processes of AFDX systems helps ensure that design errors are avoided. Of course, the FPGA needs to account for design errors and be robust against the occurrence of such errors. But still undetected errors will undoubtedly have adverse effects on safety, and by meeting the objectives of DO-254, design error probability is lower.

Safety and Reliability

Since AFDX provides the main interconnect between the major subsystems of today’s aircraft, it is literally the backbone of the avionics. The integrity of the data travelling along this path, its timely delivery, and the availability of the transport service to the clients that need them, at the time they are needed, are key factors in a truly safe and reliable AFDX-based system. An AFDX end system needs to be robust with respect to its failure rates, specifically defined in this instance as follows: the probability of the failure mode “loss of function” must be very low, usually in the magnitude of less than 10-6 per flight hour. The triple-module redundancy (TMR) architecture in the FPGA is a way to affect this rate. While DO254 addresses design assurance for FPGAs, it is the hardware system and not the individual component that achieves DO-254 certification — an integrated circuit (IC) cannot be DO-254 certified. FPGAs are always considered complex, as they cannot be rigorously tested over all operating conditions and must rely on a disciplined hardware design assurance process for verification. Each system, including any FPGAs and their associated bitstreams, must be tested and validated. All other safety certifications are im-

24 | RTC Magazine MAY 2015

plemented on the hardware. As AFDX End-Systems are deployed in avionics subsystems a line-replaceable units (LRUs), a certification according to DO-254 has to be considered in the design of the FPGA, as well as the process that is established to achieve the design and its verification. While detected errors relate to end system availability, any undetected error within the end system or the AFDX network affects the safety of the nodes attached to it. The probability of

an undetected error to occur at the end system level is usually requested to be less than 10-7 per flight hour and also depends on the assigned design assurance level (DAL) Not only are modern FPGAs enhancing data reliability and transport across multiple avionics subsystems within a network, they are offering a new level of design configuration that translates into significant cost savings over traditional ASIC designs. And with its built-in flexibility and ability to handle large volumes of information, FPGA technology will continue

to contribute to data management in modern networks. Just as avionics have increased in complexity over the past few decades so have FPGAs making them a viable method for integrating disparate network systems within an aircraft while ensuring redundant, robust data transmission. MEN Micro. Blue Bell, PA. (215) 542-9576 www.menmicro.com

RTC PRODUCT GALLERY Solid-state Drives and Industrial Box PC’s

ADLMES-8200 High-Ingress Protection (IP) Modular Enclosure Systems • Modular Sidewall Design Supports Variable PC/104 Stack Heights (2 - 6 Cards) • Three Basic Size Profiles Available To Reduce Time To Market • Quick Turn Front I/O Plate Can Be Easily Customized • IP60 and IP65 Configurations • Wide Range of PC/104 SBCs Ranging From Low Power Atom to 4th Gen Intel Core i7 • Options for MIL-STD 461, and MIL-STD 704/1275

ADL Embedded Solutions, Inc. Phone: (858) 490.0597 Email: sales@adl-usa.com Web: www.adl-usa.com

MH70S Rugged 19” Modular Storage System

• Three versions: high-speed serial I/O, plug-in I/O, conduction-cooled • Reconfigurable Xilinx© Kintex®-7 FPGA with 325k or 410k logic cells • Quad DDR3 SDRAM 128M x 16-bit • 32M x 16-bit parallel flash memory for MicroBlaze™ CPU and FPGA program code storage • 8-lane high-speed serial interface for PCIe Gen 2

MEN Micro’s MH70S is a half 19-inch modular system with up to five HDD/ SSD slot cards, totaling 20 TB. The HDD carriers can be configured in RAID 0, 1 or 5, while the carriers themselves have their own internal RAID 0, 1 and JBOD hardware configuration abilities. Its robust, compact design makes the storage PC ideal for use in trains, buses and industrial environments.

Acromag Phone: (877) 295-7085 FAX: (248) 624-9234 Email: solutions@acromag.com Web: www.acromag.com

MEN Micro Phone: (215) 542-9575 FAX: (215) 542-9577 Email: sales@menmicro.com Web: www.menmicro.com

User-Configurable Kintex®7 FPGA Modules

RTC Magazine MAY 2015 | 25

TECHNOLOGY IN SYSTEMS TESTING DEVICES FOR THE IoT

Simulating Your IoT design; Will Your Large-Scale Deployment Work in Practice? Simulation can be a thorough and efficient way to test an IoT network that physically will consists of large numbers of nodes that communicate wirelessly from device to Cloud. by Jakob Engblom, Wind River

Developing and testing Internet of Things applications and systems are big challenges, simply because the systems are big – they contain a lot of units. It is difficult to get hundreds of nodes into the software development lab for testing, and it is also difficult to provide all those nodes with interesting and realistic inputs. When developing software that will run on hundreds or even thousands of IoT nodes, just how do you test that software in a practical manner? Simulation is a very good answer. The IoT systems that are being built today often follow a three-tiered architecture as shown in Figure 1. There are many small nodes that connect to each other and to gateways using wireless mesh networks, and the gateways then connect to a management server or the Cloud. The small nodes can be sensors like temperature sensors, electricity meters, cameras, light switches, or actuators like thermostats, lights, and door locks. The gateways or concentrators handle the connection to the outside world, and ensure security. The back-end server, which is often in the Cloud, deals with the business and control aspects of the IoT system. To test this type of system, you want to have the wireless nodes spread out over a large area so that not all are in contact with each other, which requires using entire buildings or campuses as the “lab.” Setting up and maintaining such a network is a significant amount of work, with labor costs quickly dwarfing the cost of the nodes themselves. In a simulator, as shown in Figure 1, setting up a large network is really easy. You just write a program to virtually deploy and spread out the nodes over the virtual space you need, and then model the wireless reachability between the nodes. Instead of manually handling hundreds of physical items, you manage a single script or program. Using a simulation solution like Wind River Simics to build this simulation, we simulate the hardware of each node, with processors, memory, timers, LEDs, wireless 26 | RTC Magazine MAY 2015

Figure 1 Simulation of a large network

radio, and everything else that is needed. The simulated nodes run the real operating system and target applications, using the same binaries as would run on the real hardware. The different types of nodes are faithfully simulated, and run within the same simulation setup. Simulating the entire IoT system in this fashion allows you to test all aspects of the software, including things such as the wireless communications stack and how it deals with network problems, the sensing and actuator code and how it works with the environment, and the sleep modes and wake-up intervals on the nodes and how well they conserve power. Other software functions that could be also tested include the reporting function from sensors to gateways and on to server, the middleware that manages network nodes and updates software on the nodes. This includes OTA updates, along with the security of the gateways and the nodes and the scalability of the data management system as the number of nodes goes up.

TECHNOLOGY IN SYSTEMS TESTING DEVICES FOR THE IoT

Figure 2 Scaling up the network provides to ability to simulate large networks

One particular aspect of an IoT system test that is a very good fit for simulation is testing system and software behavior as the system is scaled up. As shown in Figure 2 , simulation provides the ability to build systems of any size – from quite small to very large. This means that the behavior of the system can be tested on a whole range of scales, from small unit tests or subsystem tests, all the way up to the largest setups imaginable. Often, each system scale will reveal different issues in the system. It is not just about the very largest setups, but also about making sure things work efficiently at intermediate system sizes too. Figure 2 also shows simulation of the environment that the IoT system operates in. Each sensor node will typically interface to a simulation of the world surrounding it – so that it has some data to send back to the gateway and server. An IoT node without a world around it is not all that useful. System testing will involve varying the simulated radio network conditions. In a simulator, it is trivial to impose particular signal strengths between any pair of nodes, and to implement rules that randomly drop packets as signal strength goes down. The configuration

can be varied during a test, to check how nodes behave when conditions change, such as when a train passes across the line of sight between two nodes and interrupts radio communications for a short while. Best of all, such tests are precisely controllable and repeatable, unlike in the real world where trying to impose radio conditions is difficult at best. Testing can also scale out horizontally, as shown in Figure 3. It is easy to build many variants of networks to test the software with different ways to deploy the same number of nodes. Different balances between gateways and sensor nodes can be tested, as well as different network topologies. Figure 3 also shows how simulation lets you run many different tests in parallel, which makes the total time to run a set of tests much shorter than if they had to be run serially on hardware. But can it really work in practice to simulate hundreds or thousands of nodes on a single host computer? The answer is yes. IoT sensor nodes typically have a very low duty cycle. The sensors do not sense the world continuously, but rather, wake up regularly to take a sample and report it. Each sample run might take a second or just a few milliseconds, and then the system can be idle for minutes or even hours. This saves power and makes it possible to have nodes deployed in the real world for extended periods of time without having to service them to change batteries. Thus, there is a large amount of idle time in the system, idle time that can be exploited to accelerate the simulation by using hypersimulation. Rather than playing out idle time cycle by cycle, a simulation solution like Simics jumps straight to the next interesting event that would wake up a sleeping node. That means that a system that is mostly idle can be simulated many times faster than real time, which is a property that is exploited in large IoT simulations. I actually did this myself a decade ago, when we ran 1000 IoT nodes on a single-core Windows XP 32-bit host faster than they would have in the real world! At the time, that seemed insane, but today it sounds like business as usual. In the end, physical labs are needed to perform final testing on your system. You have to test what you ship and ship what you test. However, using simulation to augment the physical test lab to cover more test cases and run more test variants is necessary to ensure that quality is maintained and that the system is robust across a wide variety of situations. With simulation, you will be able to build a better IoT system in a better way. Wind River Alameda, CA (510) 748-4100 www.windriver.com

Figure 3 Parallel simulation of different tests

28 | RTC Magazine MAY 2015

Embedded/IoT Solutions Connecting the Intelligent World from Devices to the Cloud Long Life Cycle · High-Efficiency · Compact Form Factor · High Performance · Global Services · IoT

IoT Gateway Solutions

Compact Embedded Server Appliance

Network, Security Appliances

High Performance / IPC Solution

E100-8Q

SYS-5028A-TN4

SYS-5018A-FTN4 (Front I/O)

SYS-6018R-TD (Rear I/O)

Cold Storage

4U Top-Loading 60-Bay Server and 90-Bay Dual Expander JBODs

Front and Rear Views SYS-5018A-AR12L

SC946ED (shown) SC846S

• • • • • • •

Standard Form Factor and High Performance Motherboards Optimized Short-Depth Industrial Rackmount Platforms Energy Efficient Titanum - Gold Level Power Supplies Fully Optimized SuperServers Ready to Deploy Solutions Remote Management by IPMI or Intel® AMT Worldwide Service with Extended Product Life Cycle Support Low Power Intel® Avoton, Rangeley, Quark, Core™ i7/i5/i3 and High Performance Intel® Xeon® Processors E3-1200 v3 product family • Optimized for Embedded Applications

Contact us at www.supermicro.com/embedded © Super Micro Computer, Inc. Specifications subject to change without notice. Intel, the Intel logo, Xeon, and Xeon Inside are trademarks or registered trademarks of Intel Corporation in the U.S. and/or other countries. All other brands and names are the property of their respective owners.

TECHNOLOGY DEVELOPMENT GRAPHICAL USER INTERFACES

Embedded’s Gone Cute

The need for next-gen UIs has finally reached the embedded world. Owing to increasing demand, vendors have been looking for alternative technologies to enable modern user interfaces on their products, and have been finding Qt (pronounced ‘cute’) is the perfect fit. by Rafael Roquetto, KDAB

The presence of somewhat elaborate GUIs on embedded platforms is nothing new. As a matter of fact, you can find embedded GUIs in a variety of devices and appliances—vending machines, tractors, ATMs, machine panels – this list could grow indefinitely. Given the tight coupling between hardware and software in the embedded space, these GUIs are in general implemented using whatever tools and toolkits that have been provided by the hardware manufacturer or its partners. You can imagine that, while the people behind the UI of an airplane infotainment system might make an effort to make their GUI at-

30 | RTC Magazine MAY 2015

tractive to the end-user, eye candy was probably never a concern for those designing UIs for subway control systems, leading to the birth of state-of-the-art soviet style interfaces. After innumerous attempts at introducing touchscreen-based handheld devices, Apple finally nailed it with the introduction of the original iPhone back in 2007. That was the very first embedded device to run that type of modern gesture-based GUI that would pave its way to ubiquity. Several years later, the iPhone multi-touch approach became the default choice for mobile and embedded devices, quickly spreading beyond the

Architecture

Figure 1 Qt architecture

borders of mainstream consumer products, knocking down the iron curtain of the old-school graphical interfaces. A variety of embedded systems manufacturers started to work on implementing modern GUIs into their products, and consequently, the need for means to achieve that arose. There were few alternatives, some proprietary, some originating from the free software world.

As depicted in Figure 1, Qt is made of several orthogonal modules. Many of those modules can be disabled, and several Qt features can be turned off during compile time, minimizing the application footprint. Some are worth an additional explanation. QPA is an acronym for Qt Platform Abstraction. This is the layer that promotes the integration between Qt and the underlying platform. Each platform abstraction is then implemented in the form of a QPA plugin that is loaded at run time. These platform plugins implement a common QPA interface, which allows Qt to query for platform capabilities, request raster and OpenGL surfaces (if supported), deal with and translate native platform events, etc. Thus, porting Qt to a new platform or operating system is mostly a matter of writing a QPA plugin for that platform. There is no need to become acquainted with all the internals of Qt. Since Qt has been already ported to several embedded platforms, including popular ones like Windows CE, embedded Linux (with multiple back ends, from directfb to OpenGL and also Wayland) and even QNX, there are high chances you won’t even need to write your own QPA plugin when deploying Qt to your platform. QtCore is the Qt module that implements core classes and functionality, including event handling and dispatching, as well as classes for, among others, threading support, strings, internationalization, XML handling, text and data streams and template-based containers (QMap, QList, QHash, QlinkedList, QVector, QStack and a dozen more). Like many C++ classes in Qt, these container classes use implicit data sharing and copyon-write to maximize resource usage and performance.

Enter Qt

Among those alternatives is Qt. It is a cross-platform C++ application framework that was born in 1991, initially as a GUI toolkit providing common widgets. Qt has been growing at a steady pace, and is now at its fifth major release. During all those years, Qt has expanded its domain from a GUI widget toolkit to become a general-purpose C++ framework, implementing functionality beyond GUI classes. At the time of this writing, Qt finds itself at version 5.4.1, natively supporting dozens of platforms, including QNX versions 6.5 and 6.6, Linux (X11 and EGL), Windows CE, Windows, Android, iOS and Wayland, among others. As a consequence of its domain growth, Qt has been split in several modules, each implementing a different group of functionalities, a feature that also opens the possibility for vendors to write their own modules to Qt if they wish to. One of them is called Qt Quick. It provides the infrastructure for implementing modern gestured-based and fluid graphical interfaces using both C++ and Qt’s own declarative language called QML. Qt also ships with its own IDE, called QtCreator. But before we dive into that, let’s take a look at how Qt is structured.

Figure 2 Qt demo screenshot

RTC Magazine MAY 2015 | 31

TECHNOLOGY DEVELOPMENT GRAPHICAL USER INTERFACES As stated above, one of QtCore’s jobs is to implement event handling and dispatching. This is worth mentioning, because this is part of a mechanism that is at the heart of Qt: signal and slots. Signals and slots are one of the most important features of Qt. They provide an alternative over the old-school callbacks. Each Qt object (i.e. all classes descending from the QObject class) has the ability of “emitting” signals that can optionally be connected to one or more slots. Slots are simply class methods, the only difference being that they can be “connected” to signals. For instance, the QPushButton class emits a signal conveniently named clicked whenever the button is, well, clicked. We can then proceed to write the following piece of code:  QPushButton *button = new QPushButton(“Click me!”); connect(myButton, &QPushButton::clicked, this, &MyClasss::handleButtonClick); Even though it is possible to write Qt applications without an event loop, in most cases there is at least one event loop running. Here is the typical main file of a Qt application running an event loop: #include <QApplication> #include “mainwindow.h” int main(int argc, char *argv[]) { QApplication app(argc, argv); MainWindow w; w.show(); return app.exec(); // start event loop } On the above piece of code, we use the QApplication class to perform the Qt initialization, including querying and loading available platform plugins, setting up the display, and more. After we’ve created our MainWindow widget, all we have to do is calling QGuiApplication::exec() to start the event loop. The MainWindow will then start receiving events (including

Figure 4 Interfacing with C++

platform events) and reacting to them. Even though we are not showing it here, it is perfectly possible to install an event handler and even inject events on the event loop. QtWidgets: We saw above a class named QPushButton. This class belongs to a module called QtWidgets. This is the original Qt widgets implementation that evolved together with Qt. It is still being mantained, and has been marked as feature complete. Because of the paradigm shift regarding GUIs that happened in recent years, a new approach focused on modern GUIs has been developed, in addition to QtWidgets. It is called QtQuick. QtQuick is the solution provided by Qt to modern GUIs. It uses Qt’s own declarative language, called QML, to describe UIs. QML is itself based on JavaScript, which means that JavaScript code is also allowed. QtQuick is shipped with the QtDeclarative module. Qt offers other modules for a variety of functionality, including, but not limited to, D-BUS, bluetooth, localization, NFC, serial port handling, etc. As mentioned, these modules can be cherry-picked into the final Qt deployment at the developer’s convenience, which can be extremely helpful especially for low-footprint embedded targets.

Declarative is the way to go

Figure 3 QML hierarchy and property binding

32 | RTC Magazine MAY 2015

Together with the advent of modern UIs, the use of declarative languages for implementing them started to gain ground. Big players, such as Microsoft with their Windows Phone platform, Google’s Android, Apple’s iOS, as well as BlackBerry offer declarative frameworks for UI design on their platforms. And as you already know, QtQuick/QML is Qt’s answer to that. Because it was designed with modern UIs in mind, QtQuick makes it a piece of (preferably chocolate) cake to implement transition animations, gestures and all the shiny wobbly things that distinguish these new UIs from their utilitarian forefathers. The screenshot pictured in Figure 2 shows a gesture-enabled application that was written almost entirely

using QML and JavaScript (if you are interested on seeing it in action, it is part of the Qt demo package). The screenshot in Figure 3 shows a very simple example of what QML code looks like. Notice that QML items are part of a hierarchy. In this particular example, there is a Text and a MouseArea item (a MouseArea item responds to mouse events or gestures) inside a Rectangle, that is itself contained in the root Window item. In order to make sure that the rectangle is always adjusted to the window whenever someone resizes it, we need to bind its width and height properties to those of its parent (i.e. the window). Unlike a normal value assignment, bound properties will always update their values according to the properties they are bound to. For our rectangle, it just means that the its width and height follow the parent with and height. Moreover, we use anchors to keep the text centered. Anchors provide an alternative way for specifying an item position. In addition to that, QtQuick also offers layout functionality as yet another alternative for item positioning.

A Cute Front End with a C++ Back End

Despite all the nice features and JavaScript support, it is often the case where you will need to interface with C++ code, maybe to connect to a database or even to talk to the CAN bus. Either way, Qt offers mechanisms to allow for such an integration and, as a side-effect, to help keep the UI layer decoupled from the rest of the system. This is achieved by allowing the C++ to export properties into the QML context—or even exporting an entire alternate context. These properties can naturally be modified at the QML layer (and vice-versa) and even be bound to other properties. This functions as a very thin layer between the QML and C++ codes. The example in Figure 4 exports the “AnimalModel” as a property in the QML context. A ListView

item is then used to render the model. Qt has its own IDE, called QtCreator (Figure 5). While you are free to choose whether you want to use it, QtCreator does provide a bunch of useful functionality that makes our lives easier. Namely, it includes an advanced code editor with auto-completion, syntax highlighting, and a lot of other features, that even includes a vi mode. Apart from the text editor, there is a form editor to be used on QtWidget projects (depicted on the screenshot above), integrated debugger (for C++ and QML), introspection support and a QML designer. It also provides integrated functionality for seamless deployment on targets running embedded Linux, QNX, Blackberry OS, Android and iOS. For version control, it isupports git, baazar and mercurial. Last, but not least, because QtCreator is scriptable and supports plugins, it is easy (and actually common practice among vendors that already adopted Qt) to extend and integrate QtCreator with third-party tools and SDKs. Qt offers a wide range of APIs and functionality, but most importantly: it is proven technology that has been around for more that a decade and continues to evolve, fostered both by the free-software community and by companies like Intel, QNX, Garmin, Ford, KDAB, The QtCompany and many more people and entities that share a mutual interest on keeping Qt bleeding-fast and rock-solid. KDAB Houston, TX (866) 777-5322 www.kdab.com

Figure 5 The QtCreator integrated development environment.

RTC Magazine MAY 2015 | 33

TECHNOLOGY DEVELOPMENT GRAPHICAL USER INTERFACES

Rugged, Factory-friendly Panel PCs Clear a Path for Industry 4.0 Intuitive interfaces advance data capture and access from field to factory floor in often hostile environments. The touch screen Panel PCs that enable these functions must meet demanding standards to remain functional. by Walter Steinbeisser, ADLINK Technology

Figure 1 Efficient interaction through high performance panel PCs is integral to Industry 4.0, as illustrated by ADLINK’s PENTA product line.

The industrial landscape and its production systems are in transformation, becoming smarter, more flexible and connected as part of the Internet of Things (IoT). More than just Internet-enabled, intelligent industrial systems are sharing data in real-time and moving the world closer to Industry 4.0, a concept coined by a Germany-based group of experts in science and industry. Industry 4.0 represents the next industrial revolution, preceded by three disruptive leaps in industrial processing; first came steam power and mechanization through machine tools, next electricity fueled new techniques in mass production, and most recently advances in electronics and IT have accelerated the industry by enabling automation. Efficiency and productivity are essential to this shift, driving advancements in the interfaces used to communicate and interact with smart industrial systems. Answering the need for systems that require capabilities greater than just back-end visualization of an industrial application, highly rugged panel

34 | RTC Magazine MAY 2015

PCs are stepping in as a high performance option – delivering compute power that enables control, efficiency and reliability in a factory-friendly design (Figure 1). Constructed as a complete unit, with motherboard and LCD screen display in a rugged, sealed and fanless housing – these unique systems bring intuitive, easy operation to the most diverse and demanding industrial environments. Innovations in touch technologies mimic the familiar functions of commercial portable devices, while enabling connected, fault-free performance on the factory floor. High compute performance blended with rugged design and construction creates a purpose-built industrial system, helping integrate processes for maximum output, improving cost efficiencies and ensuring uptime. Specific system requirements vary depending on the type of deployment, such as food, pharma or general industrial, yet all require a common foundation of rugged design features and certifications.

Advancements in Touch Technology

Touch technologies are increasingly designed into the latest generation panel PCs used in rugged settings – avoiding knobs and switches that can reduce productivity, as well as accuracy. Intuitive and user-friendly options are based on the familiar touch, swipe and drag motions used with consumer portable devices. Traditional keyboards can still be attached directly, or touching the panel PC surface can essentially create a virtual keyboard to enable simple control of industrial software. Key customer requirements for a touch display interface are abrasion resistance and non-glass surface options. Pressure-sensitive or resistive systems are most commonly found in manufacturing settings; resistive systems react when pressure is applied to the screen, allowing workers to successfully interact with the display wearing thick gloves, and without any scratching to the display surface. This provides a sturdy interface optimized for factory settings where operators are often outfitted with heavy protective gear. As a specific market example, capacitive glass touch screens

Figure 2 ADLINK’s Giant Series panel PCs can be mounted in a flexible and convenient way in any location thanks to a VESA-compatible mounting system.

cannot be used in the food industry for several reasons. In humid environments, liquid production residues and condensation can accumulate on the display. While resistive touch screens can operate without problems even under these conditions, the usability of capacitive touch screens would be severely limited. As mentioned previously, resistive touch panels can be operated even while wearing gloves, which isn’t the case with capacitive displays. Finally, a glass display is something of a taboo for the food industry; should a glass display break, an entire batch of product can no longer be sold due to the possibility of glass fragment contamination. Rugged construction used in resistive screens includes a layer of polyester, eliminating the possibility of product contamination if a system screen is damaged.

Extreme Rugged Design

Panel PC systems must be designed to function properly in a wide range of temperatures, from single-digits up to 50°C. Used in harsh settings, they must be particularly resistant to shock and vibration. Fanless designs are essential, as mechanical components in general, and moving parts in particular, are highly

susceptible to interference and failure due to wear, leading to greater maintenance and repair requirements. For industrial deployment, the panel PC enclosure must be designed to be completely resistant to dust and other contamination in order to prevent malfunctions or even complete system failure. Without proper rugged design, dust can easily accumulate in vent holes; this makes it difficult to clean the devices, since liquid breaching the enclosures can also seriously damage the system. Sealed-system, rugged panel PCs are rated for protection against environmental factors according to the internationally-recognized Ingress Protection (IP) ranking system (Table 1). Panel PCs with a rating of IP69K can perform in ~80C ° (176°F) and handle ca.80-100 bar (1450 PSI) pressure at a distance of 15 cm (5.91 inches). Their connectors are made of stainless steel and are generally bolted rather than snapped into the system. This means they can survive the intense power washing that may be required in certain types of industrial settings. In addition, a pressure-compensating valve is installed in the device, preventing expansion of the unit when the temperature rises. RTC Magazine MAY 2015 | 35

TECHNOLOGY DEVELOPMENT GRAPHICAL USER INTERFACES Reliable High Performance

Incorporating embedded roadmap processors ensures longlife to the system, often deployed with a performance expectation of five years or 50,000 hours; consistency and longevity of design also simplifies software deployment and upgrades across the industrial enterprise. Depending on the end-use environment, these systems may include failsafe automotive HDDs, SSDs or industry-standard CompactFlash cards as bootable storage media, which increases data security and system reliability. In general, more systems are moving from rotating hard disks to solid state drives, again, to avoid the pitfalls of moving parts. Flexible connectivity is imperative; with industrial panel PCs offering multiple Ethernet interfaces to enable both Internet and intranet communications, as well as a WiFi option. To connect additional peripherals such as barcode and 2D/3D scanners, industrial units feature an extensive range of interfaces: USB 2.0, PS/2, Ethernet, serial ports, as well as PCI, PCIe, and Mini-PCIe slots. RS-232 connectors are also still valued commodities to provide a 1:1 physical interface for low level I/O cards. Abrasion-resistant, resistive touch displays offer the most common LCD display resolution of 1280 x 1024 pixels and are available in multiple sizes, from tablets to 19-inch options. These systems are better served with internal rather than external power supplies, part of a gap-free design that ensures a sealed system, resistant to dirt and moisture. Advancements continue and enable some systems with additional features, such as detachable cables. Instead of cutting the cable and replacing an entire system, the unit can readily be removed for servicing as needed. Long-term availability assures that systems and system components can be subsequently ordered in the same configuration over a period of many years. IT administration benefits from this consistency, allowing software images with identical configurations to be deployed on all systems without the need to consider costly individual system specifications. Users can avoid cumbersome and expensive modifications, and also benefit from a unified IT landscape and maintenance strategy by deploying the same system factory-wide. Optimized panel PCs can be operated continuously for more than five years or 50,000 hours without maintenance, expressed as Mean Time Between Failure (MTBF). This is in step with a key principle of factory modernization and Industry 4.0, reducing costs caused by unnecessarily short cycles of repair or ongoing maintenance.

End-to-End Quality Control in Food Processing

Effective deployment of panel PCs is illustrated by Ulmer Fleisch, part of the Müller Group and one of the leading companies in the southern German meat processing industry. “One of the key aspects of food safety is seamless proof of origin for the consumer,” explained Michael Palz, IT Head of Ulmer Fleisch. As a result, continuous tracking of products from initial delivery to meat counter is an essential part of the manufacturing process; Ulmer Fleisch handles this with a range of software 36 | RTC Magazine MAY 2015

First digit: Ingress of solid objects

IP

Second digit: Ingress of liquids

0

No protection

No protection

1

Protected against solid objects over 50mm e.g. hands, large tools

Protected against vertically falling drops of water or condensation

2

Protected against solid objects over 12.5mm e.g. hands, large tools

Protected against falling drops of water, if the case is disposed up to 15 from vertical

3

Protected against solid objects over 2.5mm e.g. wire, small tools

Protected against sprays of water from any direction, even if the case is disposed up to 60 from vertical

4

Protected against solid objects over 1.0mm e.g. wires

Protected against splash water from any direction

5

Limited protection against dust ingress (no harmful deposit)

Protected against low pressure water jets from any direction. Limited ingress permitted

6

Totally protected against dust ingress

Protected against high pressure water jets from any direction. Limited ingress permitted

7

N/A

Protected against short periods of immersion in water

8

N/A

Protected against long, durable periods of immersion in water

9K

N/A

Protected against close-range high pressure, high temperature spray downs

Table 1 An IP classification includes two numbers; the first refers to protection against solid matter like dust and dirt, while the second number references protection against liquids. For example, IP65 systems are completely dust tight and are resistant to being sprayed with water; IP69K rated systems are fully sealed for protection, as well as ease of cleaning with no residual substances able to infiltrate the enclosure.

applications that maintain efficient process control, from quality assurance to logistics to complete traceability along the entire value chain. This online process control solution is accessed via panel PCs by employees from numerous divisions located throughout the company’s offices and processing factory. These systems are subjected to harsh treatment, including daily cleaning with high pressure water jets. An industrial IP69K Panel PC is deployed throughout the facility, with all interfaces (USB, Ethernet and serial connections) facing downwards with integrated screw connectors uniquely matched to each cable. Their connectors are extremely robust and can be quickly attached using an innovative locking mechanism. In this way, cleaning teams can start working without lengthy instructions and also use efficient high pressure or steam cleaning without running the risk of damaging the panel PC systems due to improper cleaning. Should there be any malfunction, a panel PC can be replaced in less than five minutes by a single employee. It’s lightweight and incorporates screw connectors that cannot be mixed up during replacement. Previous solutions

had failed regularly due to moisture and water ingress. Based on a lower rating of IP65, these could withstand only low pressure water and required either extra protection panels or the costly task of separate cleaning. Layout and installation of the display, as well as the implementation of interfaces, was particularly challenging as these areas are vulnerable to water ingress into the system. This must not happen, even under high pressure water stream, as it is necessary to conduct cleaning procedures at least once a day at Ulmer Fleisch. Rather than modify systems to accommodate the demands of the production floor, Ulmer Fleisch opted for IP69K protected systems that could be installed as delivered and offer a MTBF of 50,000 hours. These systems meet Ulmer Fleisch’s requirement for daily cleaning, and can withstand a jet of water that impacts the casing from a distance of 10 cm with 100 bar of pressure, a water flow of 15 L/min and a water temperature of 80°C.

Rugged Systems for Toy Production

Illustrating how panel PCs are integral to shopfloor modernization, industrial panel PCs are used at the Playmobil plant operated by Geobra Brandstätter GmbH & Co. KG. The company is Germany’s largest toy manufacturer, producing 2.6 billion Playmobil figurines since 1974 and employing more than 3,700 people worldwide. In order to meet increasing demands to achieve greater performance from existing software, the management team at Geobra recently implemented an innovative shopfloor IT system based on new panel PCs. Diverse production environments and the particular qualities of Playmobil figurines mandate dependable IT support; in turn, shopfloor terminals are available at many points on the production line to enable critical control and management of work routines. Using a customized data acquisition and information panel (AIP) available to all deployed panel PCs, employees in charge of production planning and manufacturing control, production managers, as well as controllers and business managers, can quickly and conveniently access crucial data anywhere on the shop floor (Figure 2). Accessing AIP data that is tailored to their particular requirements, individual users can make temporary or short-term changes to the production schedule, solve problems in specific production batches, and deal with any other potential complications to be immediately identified. As needed, countermeasures can be taken immediately, including subsequent ordering or re-planning, all in real-time. With connected systems, all data can also be evaluated to improve the enterprise’s strategic planning. The industrial panel PCs used by Geobra are equipped with a completely enclosed and durable metal casing IP65 rating, including connectors and cable passageways. Reading devices for Legic and Mifare transponders can be connected quickly using the IO interfaces designed for industrial use. The Giant D17 features 2x- Gigabit Ethernet, 4x USB 2.0, 5x serial interfaces, as well as a Mini PCle socket, PCIe x1 slot and additional PCl slot

for further expansion. WLAN cards for wireless communication can be integrated in advance upon request. Rotating hard disks are eliminated to remove possible points of failure, and instead the PCs are equipped with heavy-duty compact flash storage media. Fanless and without vent holes, this system utilizes a passive cooling concept which emits the generated heat from the system to the outside via the enclosure. Blending performance and extreme rugged design in a streamlined system is the primary value of panel PC systems. However there is no such thing as a ‘typical deployment.’ Yet high-grade modular designs are providing easy configuration to adapt to market-specific needs, including non-stop performance, flexible connectivity, industry-specific requirements and rugged certifications. Panel PCs are essential to the Industry 4.0 transformation – these all-in-one high performance devices allow manufacturers to capitalize on proven rugged technologies and the Internet of Things (IoT), improving efficiencies at every point on the manufacturing line. ADLINK Technology San Jose, CA (408) 360-0200 www.adlinktech.com

SUBSCRIBE OR ADVERTISE NOW

Full-On Devel Targets Indust opment Suite rial Automation Medical Device s Merge Intelligence with Connectivity The Magazine

of Record for

the Embedded

Computer Indust

ry

Temperature Consid eratio Critical Solid State ns for Storage Vol 16 / No 3

COM Modul Variety and es Grow in Capability

10 24 32

/ MARCH 2015

An RTC Group Publication

RTCMAGAZINE.COM

RTC Magazine MAY 2015 | 37

PRODUCTS & TECHNOLOGY

Media Cloud Server Has Built-in MediaManager Software for High Performance Low profile PCIe Board Integrates 20nm FPGA Technology for 100/40/10 GigE Transcoding A dedicated media server comes with built-in media processConnectivity ing management software, offering 6x the performance of pure software transcoding solutions and reserving more than 80% of CPU capacity for customer applications. Based on dual fourth generation Intel Core i7/i5/i3 processors or Intel Xeon processor E3-1200 V3, the MCS-2040 Media Cloud Server from Adlink Technology targets video applications such as surveillance with video analytics, video conferencing used in remote education & healthcare environments, and IPTV content delivery networks (CDNs) as a transcoding server. The media server market currently offers two distinct options: a general-purpose hardware solution that relies on software for functionality, and a dedicated media server with no added software included. The MCS-2040 offers the high performance and efficiency of a dedicated media server without dominating CPU load availability. Its built-in MediaManager software offers enriched features above those of the Intel Media Software Development Kit (Media SDK) supported by, but not included with, other dedicated media server options. As an application-specific integrated circuit (ASIC) solution, the MCS-2040 helps further speed time-to-market for customers by mitigating technical risks and reducing development time through provided MediaManager software capabilities. The MCS-2040 offers four compute nodes is a 2U 19” form factor. Each node offers two independent systems communicating via Gigabit Ethernet (GigE); dual fourth generation Intel Core i7/i5/i3 processors or Intel Xeon processor E3-1200 V3; 4 DIMMS with up to 32GB DDR3 memory (16GB/system); quad GbE RJ45 (two/system); 4 hot-swappable 2.5” SATA drive bays; a PCI Express (PCIe) slot reserved for I/O expansion to integrate third party SDI, FC, and Ethernet cards; 2x 1600W redundant power supplies; and MediaManager software to round out the application-ready intelligent platform (ARiP). ADLINK’s MediaManager expands on the functionality of Intel® Media SDK by providing additional modules to handle common media processing tasks not natively supported by the Intel Media SDK API, including mux/demux of media container files, RTP receiving and streaming, video composition, and audio processing.

BittWare has announced the availability of its first board based on Altera’s Arria 10 GT/GX FPGA - a low-profile PCIe board called the A10PL4. Integrating the 20nm process technology of the Arria 10 with a wide variety of features, the A10PL4 board supports a range of challenging applications such as network processing and security, compute and storage, instrumentation, broadcast, and signals intelligence. The board offers flexible memory configurations supporting over 32 GB of memory, sophisticated clocking and timing options, and two front-panel QSFP cages that support 100 Gbps (including 100GigE) optical transceivers. A comprehensive Board Management Controller (BMC) with host software support for advanced system monitoring greatly simplifies platform management. The board will offer support for the AlteraSDK for OpenCL. Built on 20nm process technology, Arria 10 FPGAs boast higher densities, higher performance, and a more power-efficient FPGA fabric than previous generations; they also integrate a richer feature set of embedded peripherals, high-speed transceivers up to 28Gbps, hard memory controllers, and protocol controllers. Arria 10 FPGAs are also the industry’s first FPGA to integrate hardened floating-point (IEEE 754-compliant) DSP blocks that deliver breakthrough floating-point performance of up to 1.5 TFLOPS. BittWare’s A10PL4 is a low-profile PCIe x8 card based on the Altera Arria 10 GT/GX FPGA. Among its features are a PCIe x8 interface supporting Gen1, Gen2, or Gen3, dual QSFP+ cages for 2x 100GigE, 2x 40GigE, or 8x 10GigE with support for a wide range of optical transceivers that are connected directly to the Arria 10 FPGA for lowest possible latency. The board’s memory is up to 32 GBytes of DDR4 with optional error correcting codes (ECC) and it has a board management controller for intelligent platform management along with USB 2.0 for programming, debug, or control. Complete software support is provided with BittWare’s BittWorks II FPGA development kit for FPGA board support IP and integration along with a broad range of IP offerings including MAC/PHY. TCP/IP Offload Engines (TOE), UDP Offload Engines, PTP/IEEE-1588 and PCIe DMA.

ADLINK Technology, San Jose, CA (408) 360-0200. www.adlinktech.com

BittWare Concord, NH 603.226.0404. www.bittware.com

38 | RTC Magazine MAY 2015

PRODUCTS & TECHNOLOGY

SMARC Module with Freescale i.MX6 System-on-Chip

A new Smart Mobility ARChitecture (SMARC) form factor computer-on-module (COM) runs a Freescale i.MX6 processor based on the ARM Cortex-A9 architecture with a choice of solo, dual lite, dual or quad-core processors running at 1GHz with soldered memory up to 2GB DDR3-1066/1333. The SMARCFiMX6 from Embedian delivers high performance with efficient power consumption that targets a new generation of mobile applications requiring industrial-grade stability and reliability, and supports a wide operating temperature range of -40°C to +85°C. The Embedian SMARC-FiMX6 modules with single, dual lite, dual or quad core Freescale i.MX6 processors cover an extremely wide performance range. Based on the ARM Cortex A9 technology, they support a huge variety of industry standard interfaces, while at the same time providing advanced multimedia and high speed connectivity making it suitable for an almost unlimited number of applications. SMARC-FiMX6 supports SMARC 1.0 and SMARC 1.1 standards. In addition to Ubuntu 14.04 and Android, Yocto BSP is also presented for SMARC-FiMX6. The Embedian SMARC-FiMX6 is a short size 82 mm x 50 mm module. Each module supports LCD controllers for up to three independent displays (including a 24 bit TTL parallel display, a HDMI1.4a and dual channel, 24 bit LVDS display). In addition, an 4GB eMMC flash is supported, which can be used as a boot device. The SMARC-FiMX6 features a single Gigabit Ethernet port, one PCIe x1 Gen2 port, MIPI CSI camera interface (4 lanes), three USB 2.0 ports (2x USB host, 1x USB OTG), up to 12 GPIO, one SD/MMC and a SATA 3 Gb/s port. Support is also provided for 2x SPI, 1x SMBus, 1x I2S, 1x S/ PDIF, 2x CAN, 4x UART and 3x I2C. Embedian, Taipei, Taiwan + 886 2 2722 3292. www.embedian.com

EtherCAT Slave Controller with Integrated PHYs for Industrial Ethernet and IoT

A new stand-alone EtherCAT slave controller has two 10/100 PHYs. This highly integrated device’s dual 10/100 Ethernet transceivers support both fiber and copper, along with cable diagnostics capabilities. The LAN9252 from Microchip Technology supports traditional Host Bus and SPI /SQI communication, along with standalone digital I/O interfaces, providing system designers the flexibility to select from a wide range of microcontrollers when implementing the real-time EtherCAT communications standard. Additionally, the LAN9252 reduces system complexity and cost for developers using EtherCAT in factory-automation, process-control, motor/motion-control and Internet of Things (IoT) industrial-Ethernet applications. Fully compliant with the EtherCAT standard and interoperable with all EtherCAT systems, the LAN9252 EtherCAT slave controller includes 4 Kbytes of Dual-Port RAM (DPRAM) and three Fieldbus Memory Management Units (FMMUs). The LAN9252 also features cable diagnostics support that allows field service technicians to rapidly and effectively diagnose line faults and provides for fiber connectivity. This EtherCAT slave controller is available in commercial, industrial and extended industrial temperature ranges, in low pin count and small body size QFN and QFP-EP packages. To enable development with the LAN9252, two Microchip evaluation boards supporting various system architectures are also available. These hardware systems demonstrate how to interface to the LAN9252 through basic input/output connections, or to microcontrollers such as the 32-bit PIC32MX family via serial communications. A Software Development Kit (SDK) is also available today, which further enables developers to immediately start device evaluation and begin building solutions for their applications, allowing them to quickly familiarize themselves with features of the LAN9252. Both boards, part # EVB-LAN9252-HBI and part # EVB-LAN9252-DIGIO, are available now for $300 each. via any Microchip sales representative or authorized worldwide distributor, or from microchipDIRECT. The LAN9252 EtherCAT slave controller is available now for sampling in 64-pin QFN and QFP-EP packages, starting at $7.01 each, in 10,000-unit quantities. Microchip Technology, Chandler, AZ (480) 792-7200. www.microchip.com RTC Magazine MAY 2015 | 39

PRODUCTS & TECHNOLOGY

High Accuracy ATEX-Certified MagnetoCavium OCTEON III-Powered strictive Sensing Device A new robust, high performance magnetostrictive position Desktop Platform sensor, uses its innovative Temposonics technology developed by MTS Sensors.. The ET sensor is very well suited to deployment in applications with high temperature environments. It can deliver up to 0.005mm resolution when used in combination with a suitable controller. Industrial facilities dedicated to pressboard production or the processing of steel/iron need instrumentation that provides maximum safety and reliability, regardless of difficult working conditions. The new ET product offering significantly extends the supported temperature range of the MTS E-Series, with the ability to precisely determine exact positions even at 105°C temperature levels. This small rod sensor can be integrated directly into a cylinder, with rod length options covering 50mm to 3000mm. It exhibits linearity deviation of less than 0.02% (full scale). ET sensors have liquid ingress protection in accordance with IP68. Furthermore, ATEX certification for hazardous areas is available. These devices are equipped with a start/stop interface. They also have the capacity for sensor parameters to be automatically uploaded. A 316L stainless steel variant can be specified if needed. The proprietary Temposonics magnetostrictive sensing technology developed by MTS Sensors presents customers with a non-contact method for accurately measuring position, which permits its implementation into the most demanding of application environments. Sensors based on this technology are highly resilient to shock, vibrations and extreme temperatures. The magnetostrictive technology it utilizes provides a wear-free sensing mechanism that has significant value in heavy industrial settings. MTS Sensor Technologie, Lüdenscheid, Germany. +49 (0) 23 51 / 95 87 – 0. www.mtssensors.com

40 | RTC Magazine MAY 2015

An entry-level desktop hardware platform is designed for network service applications in SMB environments. The PL-80720 device from WIN Enterprises supports a Cavium OCTEON III CN7010 processor and features onboard DDR3L memory up to 4GB. The OCTEON III CN7010 is a single-core SoC processor that includes a rich set of I/O’s including PCIe, 8x GbE LAN ports with additional 1x bypass, 10GbE, USB 3.0, and SATA 3.0. This processor family series features Cavium’s fourth-generation application hardware acceleration and hardware virtualization. The standard desktop device comes equipped with an onboard eMMC flash, a boot device, and has space reserved for an optional slim-type 2.5” SATA HDD. Features include the CN7010 processor with maximum frequency of up to 1.2 GHz, plus up to 8 GbE ports with additional one pair bypass and robust I/O with USB 2.0; 2.5” SATA HDD bay, 2x mini-PCIe slots and Console port. The PL-80720 is RoHS compliant. In addition to 8 RJ45 LAN ports, the PL-80720 has one pair bypass function all accessible from the rear panel. The rear panel also features two USB 2.0 ports, a RJ-45 console port and LED indicators for monitoring power and storage activities. In addition, PL-80720 has two mini-PCIe slots. The device is RoHS, FCC and CE compliant. WIN Enterprises, North Andover, MA (978) 688-2000. www.win-ent.com

ADVERTISER INDEX

Company...........................................................................Page................................................................................Website Acromag................................................................................................................................24..................................................................................................................... acromag.com congatec, Inc....................................................................................................................... 4...........................................................................................................................congatec.us Dolphin...................................................................................................................................20................................................................................................................. dolphinics.com EDT............................................................................................................................................23...................................................................................................................................edt.com High Assurance................................................................................................................17................................................................................................................ highassure.com Intelligent Systems Source...................................................................................4, 41...........................................................................intelligentsystemssource.com Kontron....................................................................................................................................41........................................................................................................................ kontron.com One Stop Systems.......................................................................................................5, 12................................................................................................onestopsystems.com Pentek.....................................................................................................................................44......................................................................................................................... pentek.com Portwell...................................................................................................................................43.......................................................................................................................portwell.com Raytheon................................................................................................................................ 2.......................................................................................................................raytheon.com Sage...........................................................................................................................................21.......................................................................................................................... se-eng.com Somnium................................................................................................................................13......................................................................................................................ow.ly/M9PrW Super Micro Computers, Inc..................................................................................29...............................................................................................................supermicro.com Trenton Systems.............................................................................................................27....................................................................................................trentonSystems.com Product Gallery.................................................................................................................25...................................................................................................................................................... RTC (Issn#1092-1524) magazine is published monthly at 905 Calle Amanecer, Ste. 150, San Clemente, CA 92673. Periodical postage paid at San Clemente and at additional mailing offices. POSTMASTER: Send address changes to The RTC Group, 905 Calle Amanecer, Ste. 150, San Clemente, CA 92673.

The Event for Embedded, M2M and IoT Technology 2015 Real-Time & Embedded Computing Conferences San Diego, CA – August 25

Chicago, IL – October 08

Orange County, CA – August 27

Seattle, WA – November 05

Minneapolis, MN –October 06

For Information: The RTC Group, Inc. 905 Calle Amanecer, Suite 150 San Clemente, CA 92673

Register today at www.rtecc.com

42 | RTC Magazine MAY 2015

Call: (949) 226-2000

Mini-ITX

COM Express Module

PICMG SBC

www.portwell.com info@portwell.com 1-877-278-8899

Small Form Factor System

Network Security Appliance

Got Tough Software Radio Design Challenges?

Unleash The New Virtex-7 Onyx Boards! Pentek’s OnyxŽ Virtex-7 FPGA boards deliver unprecedented levels of performance in wideband communications, SIGINT, radar and beamforming. These high-speed, multichannel modules include: ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡

A/D sampling rates from 10 MHz to 3.6 GHz D/A sampling rates up to 1.25 GHz Multi-bandwidth DUCs & DDCs Gen3 PCIe with peak speeds to 8 GB/sec 4 GB SDRAM for capture & delay Intelligent chaining DMA engines Multichannel, multiboard synchronization Ž ReadyFlow Board Support Libraries Ž GateFlow FPGA Design Kit & Installed IP Ž GateXpress FPGA - PCIe configuration manager OpenVPX, AMC, XMC, PCIe, cPCI, rugged, conduction cooled ‡ Pre-configured development system for PCIe ‡ Complete documentation & lifetime support

With more than twice the resources of previous Virtex generations plus advanced power reduction techniques, the Virtex-7 family delivers the industry’s most advanced FPGA technology. Call 201-818-5900 or go to www.pentek.com/go/rtconyx for your FREE online Putting FPGAs to Work in Software Radio Handbook and Onyx product catalog.

3HQWHN ,QF 2QH 3DUN :D\ 8SSHU 6DGGOH 5LYHU 1- ‡ 3KRQH ‡ )D[ ‡ H PDLO LQIR#SHQWHN FRP ‡ ZZZ SHQWHN FRP :RUOGZLGH 'LVWULEXWLRQ 6XSSRUW &RS\ULJKW ‹ 3HQWHN ,QF 3HQWHN 2Q\[ 5HDG\)ORZ *DWH)ORZ *DWH;SUHVV DUH WUDGHPDUNV RI 3HQWHN ,QF 2WKHU WUDGHPDUNV DUH SURSHUWLHV RI WKHLU UHVSHFWLYH RZQHUV