Category

Blog

EdgeX is now fully ARMed

By Blog, EdgeX Foundry

Written by Gorka Garcia, Active Contributor in the EdgeX Community and Senior Lead Engineer at Cavium Inc.

Cavium joined EdgeX Foundry last year and has been committed to get full support for ARM64 in EdgeX, as we explained in our previous blog post. One common drawback of many open source projects is the lack of both build and test in ARM platforms in their Continuous Integration systems (CI systems). This issue can affect customers – it takes time and effort from their engineering resources to work with open source projects and integrate their platform of choice. This directly affects time to market.

On March 1, the Cavium team reached a very important milestone in the process of having ARM64 support in EdgeX Foundry. We got our first EdgeX ARM64 native build and test in the CI system! Since March 1, this machine has performed more than 700 builds with their corresponding unit tests.

The Linux Foundation, which is responsible for the CI system, helped by running it on an OcteonTX platform in Cavium premises and integrating this OcteonTX platform as a build executor node in Jenkins, the CI system. With their help and comparing what was done for PC, we managed to install all the dependencies and had it working in a short time. Since March 1, this machine has performed 26 build works and there have been 141 snapshots of the ARM images built total.

Moving forward, the EdgeX community will be notified of any changes on the source code that affects ARM64 compilation and testing. The next step in this process will be getting CI system to also perform black box testing in the same platform.

Additionally, Cavium recently announced support for EdgeX on its OCTEON TX® family of products, including the CN80xx/81xx and the CN83xx series. Click here for more details.

For more information:

If you have questions or comments, visit the EdgeX Rocket.Chat and share your thoughts in the #community channel.

Opportunities at the Intersection of Industry 4.0 and the Edge of the Industrial IoT

By Blog, EdgeX Foundry

The integration of physical industrial equipment and machinery with software defines Industry 4.0.

The intersection of Industry 4.0 with the Industrial IoT (IIoT) adds sensors, connectivity, cloud, applications, big data and analytics, and intelligent systems, brings to life real time automation and management across dispersed deployments. This is where real business value is being created.

The instrumentation of machinery using software has changed the nature of manufacturing. It has led to the redesign of production lines and the rethinking of the role of humans as large enterprises continue to look for ways to improve yields, ensure safety, and to save money leading to higher profit margins.

For things to run like clockwork in the manufacturing plants and factories, it’s critical to look at strategy systematically, and build hyper-intelligent capabilities that will provide sustainable improvements.

A big challenge in rolling out the combination of Industry 4.0 and the networks required to fully manifest the opportunity to “command and control” massive and multiple factories with fewer people and more predictable, positive results is getting all the moving parts to move together.

Mastering the intelligent machines is important and great progress is being made there every day. Machines are rolling off their own product lines and legacy machines are being retrofit with sensors to extend the ROI without having to rip and replace. The connectivity of these intelligent machines, including ones from different vendors, integrating software from different control systems, and securing the sessions against cyberterrorism or other attacks is a challenge. It can be very expensive with a lot of “hidden risks” if not architected and implemented wisely.

Controlling the edge of massive intelligent machines so they can be efficiently and securely registered to a private network to send data into cloud applications – where does that data becomes actionable? This may be the hardest part of all, which is why so many companies, including government agencies and critical infrastructure providers, are coming together to orchestrate standard approaches, through open source and other initiatives including EdgeX Foundry.

EdgeX Foundry is an important enabler for interested parties to freely collaborate on open and interoperable IoT solutions built using existing connectivity standards combined with their own proprietary innovations.

Last year, EdgeX Foundry formed an alliance with the Industrial Internet Consortium (IIC) given a shared vision for a highly organized and efficient development effort at the intersection of Industry 4.0 and the IIoT. The two groups work in parallel to bring top companies and organizations together to address fragmentation in two fast growing areas, to make development, testing and commercialization go faster, with less risk in service of the holy grail: commercialization.

It’s an extraordinary and balanced relationship. IIC has successfully built a healthy, active community spanning the entire world of the Industrial Internet, while the EdgeX community has remained 100% focused on solving for challenges at the edge.

EdgeX Foundry is busy working to solve for everything from security (not easy when there are potentially millions of endpoints, including multiple sensor types on the same machine), speed (compute at the edge is different from compute in the core or cloud), and sustainability (long battery life, ruggedized form factors). Additionally, above all else, economics (the edge usually brings with it a subscription business model, and with growing numbers of end-points, the related dollars can add up fast).

Beyond the basics, EdgeX Foundry is also a creative community. The members look to innovate beyond just monitoring and measuring and predictive maintenance.  Essentially, they look at one-way polling into more sophisticated applications that include “remote control,” “automated resets,” and “over-the-air updates,” which is dragging Industry 4.0 into the world of real time communications.

Being able to control millions of machines, or a smaller number of machines with mission critical functions and being able to do securely is money for enterprises and governments. When mundane tasks can be done better by software than people who may be less effective and make more mistakes than a well-designed system that runs beautifully.

This is already seen in the telecom world, where networks have moved to virtualized functions and virtual machines have taken the place of traditional bespoke hardware. The administration of those networks has become easier and far less expensive with automation built in.

We will continue to see massive improvements and cost savings when Industry 4.0 becomes more pervasive. This will only happen, however, when the community comes together to work through all the moving parts, literally, and forge partnerships that enable all the contributors to a given system to build and maintain systems coherently.

IIC and EdgeX Foundry are pioneering together, and are tackling everything from open, human machine interfaces and visualization technologies, business driven smart factory applications, analytics, artificial intelligence, security innovations including blockchain technologies, secure APIs for software and networking, augmented reality for field service, and so much more.

Together with the IIC, EdgeX is rolling forward under a common vision, that no longer will vendor specific or proprietary systems be acceptable, and that creating the environment for open interoperability between connected systems, networks and machines is an imperative.

EdgeX Foundry Member Spotlight: Mainflux

By Blog, EdgeX Foundry

The EdgeX Foundry community is comprised of a diverse set of member companies that represent the IoT ecosystem. The Member Spotlight blog series highlights these members and how they are contributing to and leveraging open source solutions. Today, we sat down with Drasko Draskovic, co-founder of Mainflux and the main architect of the Mainflux IoT Platform, to discuss the importance of a growing ecosystem, their IoT framework, the impact EdgeX has made and what the future holds for the company.

What does Mainflux do?

Mainflux developed a full-stack open-source, patent-free IoT Platform, which serves as a middleware and software infrastructure for the development of IoT Solutions and Intelligent products.

Written in Go, deployed in Docker and orchestrated in Kubernetes as a set of microservices, the Mainflux IoT platform is capable of massive deployments (millions of connected devices) and can provide connectivity to any device and any application. The Mainflux IoT platform can be deployed anywhere and respects modern standards such as JSON Web Signature (Json Web Token) (JWT) and TLS, as well as fine-grained, policy-based authorization.

In addition, Mainflux also offers consulting services provided by a cross-functional team that covers all technological layers needed for IoT projects.

Why is your company investing in the IoT Ecosystem?

Over time, IoT has changed the paradigm of single-vendor, end-to-end methodology. Even big companies are realizing that IoT is too complex to approach alone and that fulfilling its promise requires collaboration.

As such, it is important for small IoT companies or start-up businesses to be part of an ecosystem that can deliver technology that meets the customer’s specific business needs and provide acceptable ROI. Our CMO Sasa Klopanovic describes EdgeX as a “David Befriends Goliath” relationship – since IoT giants like Dell, AMD, Analog Devices and Samsung work with startups and smaller companies. The collaboration across the ecosystem brings together the range of expertise and abilities, fostering innovation and rapid growth by allowing multiple providers to work with a common framework.

How is Mainflux involved in EdgeX Foundry?

Mainflux is very active in the EdgeX technical community. Mainflux Co-Founder Janko Isidorovic is the Chair of the EdgeX Applications Working Group and other team members contribute code for EdgeX export services.

Additionally, I am active in the project through continuous following and analyzing issues and reviewing and commenting new contributions. As a project maintainer, I am responsible for approving and merging pull requests and leading technical discussions on improving the code and architecture. I am especially proud regarding monorepo proposal and implementation, file structure and architectural and containerization improvement because it led to dramatic reduction in memory footprint and start-up time.

As a result of my contributions, I was fortunate to be nominated by the technical community and selected as a winner for EdgeX Foundry’s first annual Community Awards. I was honored with both the Innovation Leadership Award, for my technical contributions, and the Contribution Award for my leadership that has made a significant impact on growing EdgeX as an open source project and interoperability platform. I am humbled and very proud of the honor and look forward to reaching more technical milestones with the EdgeX community.

How is Mainflux using the framework?

The EdgeX framework is an essential software block running on our MFX-1 gateway, ensuring connectivity, data processing and computing on the IoT edge. Through it’s Export Services, it connects to the Mainflux IoT platform in the cloud and forms a vertical turn-key solution for IoT.

The MFX-1 gateway is based on Quad 1GHz NXP i.MX6 ARM Cortex-A9 architecture with 2GB RAM and 8GB eMMC assured by our hardware partner Solid Run. One of our focuses is to assure good performance of EdgeX Go components on this type of architecture.

Being an industrial IoT gateway, MFX-1 has a strong requirement for security: the U-Boot bootloader is based on secure boot with ARM Trust Zone and PKI signatures. The Linux kernel is specially tailored through the Yocto framework, HW anti-tampering mechanism are employed and various other types protections are used. On the EdgeX side we have worked on EdgeX Auth service that implements JWT signatures and checking, and various reverse-proxy TLS/DTLS setup needed for constrained devices and applications.

Other things we are working on include EdgeX UI applications for local configuration that will run on a gateway itself and a remote Mainflux app that will manage whole fleet of EdgeX gateways, including handling software updates, status and service information handling, IoT messaging and analytics in the cloud.

How has EdgeX Foundry impacted your company?

During the R&D and implementation process, Mainflux team members gained a lot of skills for the EdgeX architecture and deployment procedures, and became comfortable in using and expanding these technologies. This helped Mainflux build a top-notch team of EdgeX experts who are capable of working on various kinds of consultancy assignments. We know how EdgeX project was built, we were there when it launched, and because of that we believe that EdgeX Foundry will be used extensively within the industry. This will yield a lot of requirements for integration, support and consultancy and we now have a team with EdgeX expertise capable to answer to these requests. In fact, the EdgeX platform will enable new disruptive solutions and applications to be implemented on top and the Mainflux team already has some ideas in the pipeline related to blockchain and decentralized computation on the edge.

If that isn’t enough, we also included EdgeX Foundry in a recent book and won a grant to develop IoT gateways based on EdgeX.

The Book: Scalable Architecture for the Internet of Things.

Our initial proposal for the “Scalable Architecture for the Internet of Things” book published by O’Reilly did not include an EdgeX Foundry chapter. We focused most of it on cloud IoT platforms. However, we soon realized that EdgeX is an extremely important example of the IoT architecture scalability, as it covers the whole edge-fog-cloud continuum and is based on a set of containerized microservices that communicate via standard interfaces or a message busses. It seemed natural to add it in. To receive a copy of the book, click here.

Mainflux recently won a Serbian Innovation Grant.

The Government of Serbia Innovation Fund awarded Mainflux a funding grant to develop MFX-1, an IoT edge gateway powered by the EdgeX Foundry platform. An addition of the edge component to the Mainflux IoT Platform will turn it into a unique open source IoT solution capable of both server-side and edge computing.

More than 130 projects applied for the Innovation Fund and 24 projects were selected. Projects were evaluated by an independent governance structure, with a robust international peer review system and an international Expert Committee.

The combination of Mainflux’s IoT platform and its IoT Gateway based on EdgeX will provide a Mainflux IIoT System, which we’re hoping will lead to an fully-featured open source system for IoT solutions development.

Janko Isidorovic, CEO and Co-founder of Mainflux,receiving the Serbian Innovation Grant at the ceremony.

How to implement an API Gateway & JSON Web Token (JWT) Based Authentication for EdgeX Foundry

By Blog, EdgeX Foundry

Guest post by EdgeX Foundry contributors Tingyu Zeng, Senior Principal Software Engineer and Security Lead for Dell IoT platform development, and David Ferriera, Senior Director – Cloud Technology, Office of the CTO for Forgerock

EdgeX Foundry is composed of a set of micro services running inside Docker containers to provide flexible RESTful APIs for interoperable communications.

Managing and securing RESTful APIs, however, can be a challenge.  RESTful APIs expose a broad and diverse attack surface that needs to be protected. This challenge is not unique to EdgeX Foundry.  It is an issue that must be addressed by any project with a RESTful interface.

A common approach to address this challenge is to utilize SSL/TLS and some sort of authentication/authorization/access control against each individual micro service’s REST APIs.  This is essentially shifting the burden of security to the micro service developers.  Given many developers and many micro services, it is likely to see mixed implementations of the security tightly coupled with each micro service.

A better approach for protecting a set of RESTful API resources is the API Gateway model. It presents a unified interface to the outside world. Additional authentication mechanisms like OAuth2, JWT, API Key, HMAC etc. can be applied as well.

In the EdgeX Foundry project, security is designed as a service, and runs just like other services that provide valuable capability to the IoT environment. A reverse proxy/API gateway service sits between external users and all EdgeX micro services. It serves as a single point of access to external users and helps protecting the EdgeX micro services from the “wild west” of the Internet.  Some of the benefits we are gaining here are:

  1. As a centralized access point for all of the EdgeX micro services, it minimizes the attack surface even the number of EdgeX micro services increases in the future.
  2. As an independent service, the implementation can be replaced easily if needed.
  3. Code related to protecting each micro service does not have to be placed in each micro service, thereby reducing different or problematic implementations and reducing the number of code changes if the security strategy needs to be modified in the future.

Kong (http://www.konghq.com), a popular open-source micro service API gateway, is chosen to secure the EdgeX micro service APIs in the upcoming California Release (June 2018) due to its flexibilities on API namespace management and plugin supports. Combined with JWT, it provides the basic security feature of authentication for EdgeX. Other authentication methods such as basic authentication, key authentication could be used in a similar way if needed.

This set of instructions below show how to setup Kong to be used with EdgeX to secure the RESTful APIs.  Once setup, those calling on the EdgeX APIs can skip to steps 15-18 to invoke the EdgeX APIs through the reverse proxy.

Step 1. Run the postgres sql database for Kong.  The postgress database is provided in a Docker container. The database will hold the configuration/policy information.

Step 2. Run the Kong database Docker container. Notice we are using Kong version 0.13.0 here since we are taking the services/routes object approach which is a preferred way based on Kong’s latest document.

Step 3. Run the Kong container. Notice in production environment we may need to minimize the listening footprint by avoid using broad interface such as 0.0.0.0:8001 and 0.0.0.0:8444.

Step 4. Start the EdgeX micro service based on the steps in the wiki

https://wiki.edgexfoundry.org/display/FA/Get+EdgeX+Foundry+-+Users

At this point we should have several Docker containers running, which include a couple of EdgeX micro services as well as the Kong and postgress database.

With the EdgeX micro services running, the APIs can be exercised as usual. Here we are using ping to check the health of the core-data micro service (core-data operates on port 48080 by default).

http://localhost:48080/api/v1/ping.

Step 5. Now we need to set up Kong to run on the same user-defined network inside Docker as the rest of EdgeX containers. The name of the user-defined network can be obtained from “docker network ls”. In the testing environment it show the name as “composefiles_edgex-network”. This can be done by running the command below:

Step 6. Here comes a tricky part– we need to get the IP address of the host for the Docker container.  A “ipconfig” command in the windows console shows it is 192.168.1.151 in our testing environment.  The IP address is the value of host parameter in setting up the redirect path of the proxy when configuring services and routes for the EdgeX micro services.

Step 7. Create a service entry for each of the EdgeX micro services. Here is an example to create a service entry for core-data of EdgeX.

Step 8. Create routes for each of the services. Below, a route is created for core-data.  Multiple routes can be associated with one service if needed.

Step 9. At this point we have finished mapping the core-data REST API with the Kong reverse proxy. In order to make the “ping” REST call to the core-data micro service of EdgeX (previously http://localhost:48080/api/v1/ping as show above) one would need to call on http://localhost:8000/coredata/api/v1/ping . With service and routes defined in Step 6 and 7, any core-data REST API is called on using the base URL of reverse proxy http://localhost:8000 as the entry point.

The hostname and port of the reverse proxy are configurable (see the Kong documentation https://getkong.org/docs/0.13.x/configuration/#admin_api_listen). With Kong and the service/route configuration complete, the only EdgeX port that need be exposed is that of Kong.

Step 10. Next,  we enable JSON Web Token (JWT) authentication to protect the core-data micro service. After doing so, any HTTP request to core-data will be denied if no JWT is associated.

Step 11. we Invoking the curl HTTP request against core-data REST API now results in an unauthorized 404 error indicating authentication is required.

Step 12. Assume we will have a user “adam” that wants to consume the protected core-data REST API. The customer needs to be defined on our reverse proxy first using the command below.

Step 13. Then we need to create a JWT credential for “adam”.

Step 14. Note: any consumer like “adam” can be removed from the associated JWT credential store later with an HTTP DELETE call as shown. Note “id” placeholder below would be replaced with the token we got from previous step.

Step 15. In step 13, we have got the JWT credential for the consumer “adam”.  We can use an HTTP GET request like below to retrieve or re-fetch that same  information.

Step 16. After obtaining the needed JWT credential we will be able to create a JWT token that can be used for authenticating “adam”.  Ordinarily, we would write code to create the JWT token.  For the sake of demonstration, we will create the JWT token manually here.

Go to https://jwt.io/  and use information in the previous step to get a JWT token. In the Payload Data elements, make sure to use the key value obtained in the previous step when creating the JWT token as the value to the “iss” field value (which is required) along with the username (optional). Replace “secret” in the Verifying Signature section with the secret value obtained in the previous step when creating the JWT token.

Step 17. Now we have JWT token associated with the consumer “adam” and it can be used it to authenticate through the proxy and access the REST API resources of EdgeX and avoid 404 unauthorized errors!

Step 18. Optionally, the JWT token can be passed with a query string instead.

In conclusion, we have implemented the EdgeX reverse proxy/API gateway and JWT authentication using Kong.  This is not the end of the EdgeX security story for sure – authorization, access control list (ACL), URL parameters filtering, URL white listing etc., can also be integrated with existing security mechanisms to provide an even better shield around the EdgeX micro service APIs down the road.  For now, Kong and JWT help to provide EdgeX with its first line of defense against inappropriate micro service access and allows us to incorporate other security capabilities in the future.  And it does so in a way that can be easily augmented or replaced in the future and it does not require implementing that security in each micro service.

For more technical details, visit the EdgeX Foundry wiki page.

If you have questions or comments, visit the EdgeX Rocket.Chat and share your thoughts in the #community channel.

Hannover Messe – Innovation, Collaboration and Celebration

By Blog, EdgeX Foundry

EdgeX Foundry joined the 210,000 visitors that spent last week at Hannover Messe.  Several member companies were on-site to help us celebrate our 1st anniversary, welcome new members and share what EdgeX can do! Check out our photo album and let us know if you have photos to add!

EdgeX Foundry had a strong showing in our booth (Hall 6: B17) with members Canonical, IOTech, IoTium, RSA, Dell EMC, SoftwareAG/Cumulocity and VMware displaying interactive IIoT demos.

More than 1,500 visitors, media and analysts stopped by the booth to learn more about EdgeX.

In addition to the EdgeX Foundry booth, other members were on hand including: Aicas, Analog Devices, CloudPlugs, FIWARE Foundation, FogHorn Systems, NetFoundry, IIC, Reply Concept and Tulip Interfaces.

One of the highlights of the show was the EdgeX Foundry and Industrial Internet Consortium (IIC) Networking Dinner, which was presented by member NetFoundry.

Another highlight was recognizing the winners of the first annual EdgeX Foundry Community Awards. Congratulations, again, to Drasko Draskovic, CEO and Founder of Mainflux, and Tony Espy, Technical Architect for Devices and IoT for Canonical, Ltd, for winning Innovation Awards  and  Andy Foster, Product Director for IOTech, and Drasko Draskovic are being honored with Contribution Awards.

We had a great time at Hannover Messe and will definitely be back next year. Thank you to everyone who stopped by our booth and help celebrate our 1st anniversary!

 

In case you missed the EdgeX Foundry news and blogs, check out these additional resources:

Happy 1st Anniversary EdgeX Foundry!

By Blog, EdgeX Foundry

The EdgeX Foundry community is back in Hannover this year, showing off the progress our members have made in developing a common interoperability framework and platform designed to make collaboration on Industrial IoT solutions that scale happen faster – and with less risk.

Our community is exceptionally proud of the members we’ve attracted, nearly 80 members in 17 countries including representation from the United Kingdom, South Korea, Serbia, Spain, Tunisia, Canada, Israel, Germany and Japan. We are equally proud of the composition of our collective – from small, agile start-ups, to some of the largest tech companies in the world.

In fact, our ecosystem continues to grow and today we welcome the addition of five new members, including Civil Infrastructure Platform (CIP), ETRI, ISSAT Mateur, Samsung SDS and Volterra.

Award Winning

What’s great about the mix is the co-existence of so many diverse businesses, technologists, business development experts, and overall problem solvers that bring a unique perspective of leadership and innovation. In fact, this year, to mark our first anniversary, we launched the first annual EdgeX Foundry Community Awards to honor those individuals who have contributed in leadership and innovative solutions.

Community members nominated their peers and the EdgeX Foundry Governing Board selected two winners for the Contribution Award, which highlights leaders who have helped EdgeX Foundry advance momentum this year, and the Technical Steering Committee (TSC) selected two winners for the Innovation Award, which recognizes individuals who have contributed the most innovation solution.

We are excited to announce that Drasko Draskovic, CEO and Founder of Mainflux, and Tony Espy, Technical Architect for Devices and IoT for Canonical, Ltd, as winners of the Innovation Award for their extensive technical contributions. Andy Foster, Product Director for IOTech, and Drasko Draskovic are being recognized with the Contribution Award for their exemplary leadership that has made a significant impact on growing EdgeX as an open source project and interoperability platform.

Tony Espy from Canonical at Hannover Messe receiving the Innovation Award

 

Going Commercial

In addition to honoring these outstanding achievements from the EdgeX community, our first anniversary also introduces the fact that several project members, including Cavium, Cloud of Things, Dell, IOTech, Mocana, RSA and VMware, have already started to provide commercial solutions based on EdgeX, while others have embedded EdgeX technologies into their product and solution roadmaps.

More exciting news? The Government of Serbia Innovation Fund has awarded member Mainflux a grant to develop MFX-1, an IoT edge gateway powered by EdgeX platform. (For more information about the grant, click here.)

Hannover Messe

If you’re at Hannover Messe, the EdgeX Foundry booth, located in Hall 6: B17, will feature interactive demos from Canonical, Dell, IOTech, IoTium, RSA, Software AG and VMware. (Demo information can be found in this blog.) If you’re there, swing by to ask questions or congratulate Tony Espy and Andy Foster on their awards!

Follow us during Hannover Messe on Twitter, LinkedIn and YouTube.

Web Console for Multiple IoT Gateways

By Blog, EdgeX Foundry

Guest post by Huaqiao Zhang, developer for VMware and contributor to EdgeX Foundry 

Preface

When users start using EdgeX, they could quickly run the service framework according to the official documents of EdgeX Foundry. EdgeX is a headless framework; often running in environments where there is no user interface capability or on systems that don’t have a display.  As a developer, this might be a bit inconvenient.  I decided to use an HTTP client tool and call EdgeX’s Restful APIs to become familiar with the features. However, you might desire something that is easier and more friendly to use.

This is what gave me the idea to create a Web Console where users only need to operate in the browser instead of manually typing in a lot of commands with parameters and assemble complex JSON data.  According to the EdgeX roadmap, the integration of EdgeX to various system management capabilities will soon allow those system management products, which often offer user interface consoles, to help users operate and manage EdgeX.  Importantly, these management systems will help manage multiple instances of EdgeX and the platforms it runs.  The Web Console that I created and contributed to the EdgeX, can serve as a tool for developers that want a better experience in interacting with the EdgeX microservices, or as a good starting point for those looking to create more extensive interfaces.

Why we need the Web Console

When a new user wants to add a new device to a gateway, if there isn’t a Web Console, he has to put some time and effort of learning the Restfull API of EdgeX Foundry and needs to confirm whether the relative data exist for DeviceService, DeviceProfile, DeviceAddress, etc. If not, he has to create it, then gets the ID or Name of that feature. Finally, he assembles complex JSON data and upload it. As another example, sending commands to a device could be even more complicated. All these could be hard for a new user or an on-site debugging engineer, but a Web Console would make it easier.

How to manage multiple gateway instances

When an enterprise uses EdgeX Foundry, multiple gateways can be deployed onsite. In most cases, each gateway has an internal IP address in the LAN rather than an Internet address. So, how to manage these gateways via a web console? There are two approaches:

  • A Web Console is deployed to each gateway. In this case, users need to remember the address of each gateway to operate and maintain multiple web consoles. Each gateway has to cost some resources to run its own web console.
  • Multiple gateways share one Web Console. In this case, there is a method to switch among all the gateways. All operation requests will be proxied to the selected gateway. With this approach, users only need to remember one address and maintain one Web Console.

Comparing the two options above, I prefer the later one. The limitation is that all gateways must be accessible to the host where Web Console is deployed. But in a company’s intranet, this should not be difficult.

Problems solved and basic implementation

The assumptions and expectations of multi gateway sharing Web Console are:

  • Gateways can be anywhere, but for an enterprise, they may all be in the intranet.
  • The host, which the Web Console is deployed on, can be one of the gateway or a PC that can access all gateways directly. So, the console should be very light weighted.
  • All operation requests should be dynamically proxied to the gateway selected by the user.
  • Multiple users could operate different gateways at the same time without affecting one another.

Based on these requirements, the fundamental architecture is shown below:

The basic user’s operation flow is shown as below:

  • After login, a user will be navigated to the management page of the default gateway. If there are no gateways at all or none selected, most menu items will not be permitted to operate.
  • When the user selects or creates one gateway, the metadata of gateway are stored into the local database in the web console.
  • Once one given gateway is activated, all operations will be proxied to the target gateway, then the data will be returned to Web Console.
  • Multi-user’s operations on different gateways will not affected one another.

Some necessary operations are illustrated below.

Gateway Management

 

Adding a Device

 

Device Service Management

 

Exporting Registration

 

Exporting Data Show

 

Check it out the video demo here: https://www.youtube.com/watch?v=2EOHR_gUeic.

Conclusion

This is just a prototype. I would like to gradually add some new features, such as a gateway location information using google map and video streaming. If you are interested in this web console for EdgeX Foundry, and want to join me on the effort, please ping me at https://twitter.com/Huaqiao_Zhang or the repos at GitHub: https://github.com/badboy-huaqiao/simple-local-gateway-console or https://github.com/badboy-huaqiao/edgex-foundry-web-console.

For more technical details, visit the EdgeX Foundry wiki page.

If you have questions or comments, visit the EdgeX Rocket.Chat and share your thoughts in the #community channel.

EdgeX Foundry on Display at Hannover Messe

By Blog, EdgeX Foundry

From April 23 – 27, more than 220,000 attendees, speakers and exhibitors from 75 countries will be at Hannover Messe, one of IIoT’s leading trade shows in Hannover, Germany, to share best practices, display new technology and discuss what the future looks like for industrial systems.

EdgeX Foundry will be on-site at the tradeshow with a full agenda of activities in our booth, Hall 6: B17. Members from Canonical, IOTech, ioTium, Dell/RSA, SoftwareAG and VMware will be demonstrating leading-edge industrial IoT solutions based on EdgeX. Experts from these member companies will also share keynote presentations about edge computing, smart buildings, the challenges of interoperability, open source ecosystems and more.  Stay tuned here for the schedule.

Interactive demons at the EdgeX Foundry Booth, Hall 6: Stand B17 include:

Canonical: Canonical will be demoing a snapshot of the latest EdgeX development release called ‘California’ running as a fully-confined snap on Ubuntu Core 16.  This will be demonstrated on an Arrow/Qualcomm Dragonboard 410c.

IOTech: IOTech will demonstrate the power of edge computing and the benefits of its commercial offering Edge Xpert – the Open IIoT Platform for Edge Applications.  The ‘Edge Xpert’ will run on a 32-bit embedded ARM controller and integrate with a Modbus Smart Power Meter. It will showcase a live data visualization and edge-to-cloud integration between Edge Xpert and AWS IoT Platform.

ioTium:  ioTium will present their edge-cloud infrastructure solutions. They will be showcasing ioTium OT-Edge; bridges edge and cloud computing by moving applications to data; allows mission critical data to reside on-premise in industrial and manufacturing environments. With ioTium OT-Edge, applications are moved – not the data. With a single click from ioTium’s cloud-based industrial app store, applications can now be deployed at scale, across the edge.

Dell/RSA: Dell/RSA will present the power of EdgeX as a secure IIoT platform enhanced with hardware platform from Dell and innovative security software from RSA Labs. Their demo will showcase the use of security analytics for monitoring and threat detection for the IoT Edge, secure communication using OPC-UA (an industrial automation protocol) and protection of credentials at the edge.

SoftwareAG: Cumulocity’s IoT Edge platform supports a distributed architecture, with dashboards, analytics rules, apps and integrations developed for the cloud transferable to edge deployments and Edge Real-time streaming analytics.  Their demo is a small replica of a real use case where Cumulocity IoT Edge is being used to manage the operation of wind farms.

VMware: VMware will be showcasing how to take control of the Edge through VMware Pulse IoT Center and EdgeX technology with the aim to virtualize and isolate on the edge for enhanced security, manage heterogeneous edge gateways or systems, and integrate Industry protocols.

Want to see more from EdgeX Foundry?  You can visit other member company booths including:

If you cannot make it, you can keep up to date by following us on @EdgeXFoundry for highlights and pictures from the event and the EdgeX Foundry YouTube Channel for all the latest videos!

EdgeX Foundry Member Spotlight: Xage Security

By Blog, EdgeX Foundry

The EdgeX Foundry community is comprised of a diverse set of member companies that represent the IoT ecosystem. The Member Spotlight blog series highlights these members and how they are contributing to and leveraging open source solutions. Today, we sat down with Roman Arutyunov, Co-Founder and VP of Products for Xage Security, Inc. to discuss Industry 4.0, challenges for edge computing, security and digital twins for machines.

What does your company do?

Xage is the first and only blockchain-protected security platform for industrial IoT, creating a tamper-proof “fabric” for communication, authentication, and trust that assures security at scale. Our platform supports any-to-any communication, secures user-based and machine-to-machine access to existing industrial systems, works at the edge even with irregular connectivity, and gets stronger and stronger with every device added to the network. Customers include leaders in the largest industries, spanning energy, utilities, transportation and manufacturing.

Why is your company investing in the IoT ecosystem?

Industry 4.0 promises to bring the next big wave of economic growth, optimizing production and customer experience. As a team of security, industrial digitization, and software experts, we knew security would be foundational to such an autonomous, any-to-any, edge-heavy ecosystem. The current centralized security systems simply aren’t designed to handle the scope, nature or complexity of Industry 4.0. We saw the opportunity to build a security fabric that is distributed, redundant, flexible, and adaptive enough to provide the necessary trust and integrity for secure Industry 4.0 interactions at scale.

How has IoT impacted your company? What benefits have you seen or what do you expect to achieve?

Our goal is to become the foundational and enabling security layer for IoT security across the major, evolving industries that need it––like manufacturing, transportation, utilities, and energy, among others. IoT has already had a large impact on industrial verticals ranging from robotics in manufacturing, connected cars in transportation, and integration of renewable energy sources like solar and wind in utilities. Data-driven autonomous operation with distributed intelligence is a common theme across multiple industrial verticals and has the promise of enabling significant improvement in service reliability, efficiency, and sustainability affecting our everyday lives.

Businesses currently have to invest a lot of time and energy into developing their own edge computing solutions. What are some of the business or technical challenges you have faced when adopting edge computing technologies?

When developing edge computing solutions businesses typically face the challenge of having to deal with multiple data and control protocols, building adapters for each, and creating a data store on top of which analytics solutions can be run. Additionally, as data is exchanged and accessed by multiple applications there is a need for effective access control. The Xage Security Fabric addresses the security concerns for data storage and access across multiple distributed systems and applications at the edge.

Why did your company join EdgeX Foundry?

EdgeX Foundry and Xage are aligned in our objectives to build a converged and secure solution, spanning multiple vendors, devices, and applications for industrial IoT at the edge. There’s massive potential to transform the way industrial organizations operate, and joining the EdgeX Foundry brings us one step closer to the reality of Industry 4.0, operating efficiently and securely at the edge.

How are you going to use the framework?

Xage has created a decentralized framework for securing IoT devices, applications, and and enabling any-to-any information exchange. The Xage Security Suite enables access control at the edge enabling zero-touch device enrollment, one-click user access control, and peer-to-peer application data exchange. Even before we became a member of EdgeX Foundry – we had been working with the framework. We plan to make our Security Suite accessible through EdgeX.

Where do you see enterprise and industrial IoT in 20 years?

Two decades is a very long time in technology’s terms – just think about what your cell phone looked like 20 years ago. Actually, most people used pagers back then! In 20 years, IoT will move well beyond connectivity and data, and will be a well-integrated part of our lives. Through the spread of artificial intelligence and virtual reality, we will invent “digital twins” for machines that currently power our industries, and learn to interact with them for joint machine and human decision making.

What is your favorite connected device?

I love cars, connected cars and autonomous cars. It has a been a passion of mine for some time now. One of the first connected and autonomous cars has been implemented in open-pit mining. Think large Caterpillar trucks the size of a 2-story house driving themselves.

Meetup: Open Source IoT Enthusiasts Unite!

By Blog, EdgeX Foundry

Guest blog post by Rodney Hess, Principal Member Technical Staff at Beechwoods Software

If you missed the Open Source IoT Meetup last month, here’s a recap of the interactive meeting and where you can find details for upcoming meetups.

 

The Open Source IoT Meetup in Boston took place at WeWork’s North Station on February 15.  (A shout out to Wework!  Their location in the historic Bulfinch Triangle of Boston is quite cool.)  The panel included myself—I work on the northbound and southbound interfaces of the EdgeX stack—and:

  • Brad Kemp (moderator), CEO of Beechwoods Software and a member of the EdgeX Foundry Governing Board
  • Tony Espy, Technical Architect at Canonical and EdgeX Foundry Technical Steering Committee (TSC) member and chair of the EdgeX Foundry Devices Working Group
  • Riaz Zolfonoon, an RSA Distinguished Engineer who collaborates with members of the EdgeX Foundry Security Working Group.

Our panel (L-R): Tony Espy, Riaz Zolfonoon, Rodney Hess, and Brad Kemp, our moderator and co-host.

 

Suffice to say, it was an excellent panel of which to ask questions.

This was our second Meetup for EdgeX, the first one was October 2017.  EdgeX Foundry had just wrapped up the Barcelona release and was in the process of defining the California release.  Since then, there’s been a lot of community feedback and discussions—we even had a TSC Face-to-Face meeting in Orlando—and finalized more details for the California release and preview.  It was time to bring our Meetup members up to speed.

Our moderator and co-host Brad Kemp introducing the group to EdgeX.

 

Around 25-30 participants, which is the largest audience we have had, attended the meetup and asked a lot of questions.  They were quite engaged.  They wanted to understand EdgeX and what you could do with it.  How did the microservices work together?  We delved into how the data flowed from sensors residing off of the Southbound interface to the clouds floating above the Northbound interface.

A question was raised as to whether EdgeX could handle video streams, for example video feeds from security cameras, with a follow up question as to whether one could set triggers based on values within the data stream.  The panel explained that EdgeX has been built for discrete, event based data collected from sensors and devices.  In a building automation use case, examples of discrete data include current temperature and humidity, target temperature, whether the heating system was on or off, and the like.   When a camera or audio sensor generate a discrete data point, for example, a count of people in a room, then EdgeX can work with that data.  EdgeX today does not handle raw video or audio streams.  The discussion then moved on to how the Rules Engine microservice along with the Alerts and Notification microservice can be configured to trigger actions and notifications based on data arriving from the sensors.

Rodney Hess (yours truly) providing an overview of the EdgeX architecture.

 

When asked about implementing support for multiple cloud services, the panel discussed the modular nature of the Export Distribution microservice; that some services were already implemented, including Azure IoT Hub and Google IoT Core, but that work supporting other cloud platforms remains.  Do they need to be clouds?  No, the Export-Distro can export data to any application or enterprise HTTP/S or MQTT/S endpoints—cloud or otherwise—that is external to the EdgeX framework with support for additional endpoint types already in the EdgeX roadmap.

When asked, how does the security framework protect sensors, especially those legacy networks that have no inherent security, the panel talked about the security initiatives the EdgeX Foundry Security Working Group is undertaking, including a reverse-proxy that all external applications must go through to access sensors off of the EdgeX southbound interface.

Riaz Zolfonoon speaking to a point on security within EdgeX.

 

The panel spoke to the larger IoT landscape and how EdgeX fits in and brings unique value, what the TSC has accomplished and what work lies ahead.

We are working on an agenda for the next Meetup.  Suggestions for topics or speakers are always welcome.  Find out more here and join our group:  https://www.meetup.com/Open-source-IoT/.

If you have questions or suggestions, please reach out to Brad or Geof Cohler, our Open-Source IoT Meetup hosts.  We meet every six weeks to hear from engaging industry experts, to network with other talented locals with diverse backgrounds, and to share our passions for all things IoT.

For more technical details, visit the EdgeX Foundry wiki page.

If you have questions or comments, visit the EdgeX Rocket.Chat and share your thoughts in the #community channel.