Edge Computing
This is how powerful Linux container technology is
While data in smart factories needs to be collected, analyzed and made available in real time wherever possible, other priorities apply to distributed (M2M) applications - above all the handling of application data and the security of communication.
A look back in history: In 1991, Linus Torvalds had developed a kernel in Helsinki to access the large Unix servers at his university, close to the hardware and independent of an operating system. A little later, he realized that he had created an operating system and made it available to his 'community'. Since then, Linux has developed into probably the best-maintained open source operating system with guaranteed security updates, bug fixes and a wide range of programs. It is 'the' tool of choice, especially in the field of embedded programming.
Many industrial (IT) applications today are also based on Linux, which can provide a resource-saving solution with the so-called LXC containers. Briefly explained, these are virtualizations at the operating system level. The term 'container' is intended to symbolize the fact that isolated Linux systems run side by side on one host. This process should not be confused with virtual machines (VM), which are replicas of entire computer systems and are not mutually dependent, even if several VMs are operated on one hardware. LXCs, on the other hand, are virtual environments that each have their own processes but can communicate with each other. They use the kernel of the host system. LXC technology has been in use for many years and is an absolutely standardized, stable type of Linux virtualization. Microsoft Azure, for example, also offers the option of running Linux containers.
The security of applications and communication is still one of the core requirements of many project managers in the context of M2M applications. LXC has the ideal prerequisites for this: In a figurative sense, each container represents its own virtual network device with its own IP and MAC address - comparable to a PC connected to a router or a controller. All options such as network filters (firewall, NAT), VPN or network segmentation through to the application in the container are therefore available. Each container can also be encrypted if required.
Secure networking via LXC
The modular MRX router series is available as LAN and LTE versions, each with three or five slots, an integrated LCX environment and can be upgraded with additional plug-in cards.
© InsysThe modular router platform MRX from Insys icom, for example, provides this LXC in a so-called 'SmartBox' and thus combines communication and an application environment in one compact solution. The SmartBox is an environment that is completely independent of the router operating system and in which users can create any container they wish. By integrating this virtual application environment into the MRX professional router from Insys icom, an optional auto-update function can be used to update all router firmware and configurations as well as containers, applications and their configurations.
This feature is an enormous security advantage, as only one server needs to be maintained. In addition, there is no obligation to use public repositories. The containers do not allow access to the actual routing and security functions. They are therefore not a threat to other containers and the rest of the system, even in the event of hacking attacks. Applications such as IT monitoring and management or, for example, local mail servers for sending unencrypted emails from older controllers to providers can be implemented. Thanks to open source, available LXC applications can be adapted very flexibly to your own infrastructure.
The handling of application data
Web-based user interface of the router firmware: A Debian container has been created and can now be further configured.
© InsysA distinction is made between three levels when handling application data. The pure virtual environment, development containers and application containers. The latter host either native applications, such as data loggers, gateways, monitoring or the connection of legacy devices, or applications with Linux distributions such as Debian. This means that projects developed on hardware such as a Raspberry Pi can be ported to professional, industrial-grade hardware in no time at all. In addition to Debian, other images - such as Node Red, Nagios, SQL and other databases - as well as soft PLCs are available for download on the website www.insys-icom.de/knowledge/smartbox.
Terminal program (here PuTTY): It is possible to call up a container using its stored IP address via port 22.
© InsysAs basic containers with programs and scripts such as Python or C++, development containers form the second level and are ideally designed to meet the needs of application developers. The Linux distribution Debian also represents such an extensively equipped basic container. With the help of these containers, applications can be built solidly from the ground up. The MRX router from Insys icom, for example, has a function for the quick and easy creation of functional containers with shell access (minimal system) virtually at the 'push of a button'.
The third, most rudimentary level is the virtual environment. It represents the basic framework for creating containers. In the case of the aforementioned 'SmartBox' from Insys, this level provides a complete tool chain, including all scripts, with which executable containers can be created quickly. Pre-compiled standard programs such as Open SSL or Busy-Box can be found on Git-Hub.
Embedded LXC: It's the combination that makes the difference
In addition, there are now more and more devices - such as control units - with integrated communication, usually via Ethernet or mobile radio. A common problem here is the update process. For security reasons, communication devices need to be updated much more frequently than control systems. However, this is countered by the fact that process owners are generally reluctant to 'update' a running application if it is not absolutely necessary.
A router with an integrated, virtual environment based on Linux, on the other hand, strictly separates communication and application. What's more, the containers and other devices connected to the router have access to the digital inputs and switching outputs as well as to the router's serial interfaces. At the same time, applications have an interface for sending short messages (SMS). A control system without digital inputs could therefore access these via the router and a corresponding container that acts as a gateway. It is also conceivable to implement a soft PLC in a container. Furthermore, containers could be created here as data loggers and for visualization. Finally, IP capability enables direct access to the visualization via a web browser. Such approaches can also be implemented with single-board computers such as a Raspberry Pi. However, in addition to the actual task of programming the application itself, the developer must also think about the communication connection, including all security requirements and updates. The user-friendliness is also limited, as such a single-board computer only provides the basic functionality without fulfilling the requirements for a user-friendly interface.
But the LXC containers can do even more. There is an API for the router, which makes the router's status information usable for applications. It is also possible to completely configure a router from a container, provided the user allows this. For example, the router can be delivered with a uniform standard configuration. After initial commissioning, an encrypted container takes over the user-specific, security-critical reconfiguration.
In a nutshell: LXC is a powerful method for virtual units that use shared resources but can be equipped with scripts and programs independently of each other. Together with a router, this opens up completely new possibilities for users to equip distributed applications locally with intelligence. The router/LXC combination is an essential step on the way to the industrial 'Internet of Things', particularly in the professional environment, where great importance is attached to user-friendliness, reliability and security.
Author:
Wolfgang Wanner is Head of Marketing at Insys Microelectronics.
You might also be interested in
Second managing director appointed
Eduard B. Wagner, founder and Managing Director of Insys icom, appoints Florian Froschermeier as second Managing Director. This organizational change took effect on 1 April 2024.
read more...Cost-effective updates via plug-in cards
Insys icom has new plug-in cards for the modular router series 'MRX'. This series is the basic platform for a 'Kritis'-compliant and flexible connection of control technology and EEG systems.
read more...New products in Nuremberg
What new products did the exhibitors present at SPS 2019? Computer&AUTOMATION provides an overview of what awaited visitors to the Nuremberg exhibition halls this year.
read more...News from the field of predictive maintenance
In the course of Industry 4.0, remote control - i.e. remote access to machines and systems - is generally gaining in importance. The picture gallery shows a selection of current products in this area.
read more...Insys icom and Bechtle expand cooperation
Insys icom, manufacturer of industrial data communication and networking, and Bechtle IT system house Regensburg are now working closely together. The companies are entering into a partnership to jointly drive forward industrial IoT projects.
read more...News from the area of networking
What is currently happening in the fieldbus, Ethernet and wireless sectors? Computer&AUTOMATION has compiled new products in a picture gallery.
read more...New products at the industrial trade fair
'Industrial Intelligence' - this is the guiding theme of the Hannover Messe 2019. Computer&AUTOMATION shows an excerpt of the products that can be seen in Hanover in a picture gallery.
read more...Certified for Microsoft Azure IoT
In addition to the certification of the LTE router MRO-L200 from Insys icom, the basic variants (DSL, LTE, LAN) of the modular industrial router series MRX are Microsoft Azure certified for IoT.
read more...New products in Nuremberg
What new products will exhibitors be presenting at SPS IPC Drives 2018? Computer&AUTOMATION provides an overview of what visitors to the Nuremberg exhibition halls can expect this year.
read more...