With a seemingly countless number of connected devices, the IoT will be a gigantic growth market in the coming years. With the right solution, developers can concentrate on their core competencies and access the required specialist know-how in the shape of affordable, reliable and pre-validated modules. By Zeljko Loncaric, Marketing Engineer, congatec.
The IoT is growing steadily and rapidly. All these intelligent objects - or ‘things - have their own IP address and are constantly connected to each other via the Internet, making them able to communicate more or less freely with each other. That this scenario is open to abuse, and that sensitive data and devices must be protected from unauthorised access, is obvious.
The first requirement for a network of machines and devices of any kind is secure IoT access. This can be provided either directly or via a gateway. In the first case, a gateway will already be implemented in the individual device. The tasks are largely identical, however, and a protocol conversion between the internal and external network is often useful and necessary.
Security is a complex issue and involves many aspects; the English language differentiates between ‘safety’ (broadly referring to safe operation) and ‘security’ (meaning safe from attacks by outsiders). In an industrial environment, both aspects must be implemented seamlessly and without gaps, so as not to compromise the whole system. This requires in-depth know-how and special expertise that most companies lack.
Figure 1 - congatec's current offering on the hardware and software sides of the IoT topology, with the Intel processor selection on the left, and the matching form factors on the right.
As a leading manufacturer of processors and platforms, Intel quickly realised that this is a major obstacle for widespread access to the IoT. In cooperation with its subsidiaries Wind River and McAfee, Intel set out to develop a secure end-to-end solution available from one source. This seamless and secure solution combines the individual products and special expertise from each company for selected platforms such as the Intel Atom-38xx family. Wind River supplies the Wind River Intelligent Device Platform XT which includes the OS (Wind River Linux5.0), pre-validated software stacks, hardware drivers and matching libraries and tools. Functions such as administration, communication, connectivity and security as well as runtime environments such as Java, Lua and OSGi are all supported. McAfee’s security software, McAfee Embedded Control, provides features such as dynamic application whitelisting (only registered and verified applications can run) and change control (all modifications of the code and environment must be explicitly approved before execution). Intel provides the hardware platform itself plus hardware feature enhancements such as TPM (Tamper Proof Module) and matching hardware-related software and stacks. The essential point here is that Intel validates the end solution as a whole; the complete processor board including all firmware.
For those who neither want to rely on finished, commercially available devices nor go through the complicated and time-consuming process of certifying their own developments with Intel, the use of pre-certified function blocks makes good sense. Many industry sectors already use modular computer systems that are highly scalable for the specific application and based on proven standards such as Qseven or COM Express. The use of modules that are pre-certified for the Intel solution not only saves time and cost when implementing secure Internet connectivity, they also open up all the advantages of modular computer systems. Important criteria when selecting a module supplier includes support of the relevant standards, quality of the modules and the ability of the module manufacturer to effectively support the system manufacturer in the development of its own systems.
Measuring just 70x70mm2, the conga-QA3 Qseven module from congatec with processors from the Intel Atom E3800 family is particularly well suited for connecting to the Intel Gateway Solutions for the IoT. It enables the use of Intel Atom processors with up to four cores and clock speeds from 1.33 to 1.91GHz. Depending on the system and its application, the total power consumption ranges between 4.5 and 12W. This enables the development of very economical and extremely powerful embedded PCs, that can be hermetically sealed and operate fanlessly in an extended temperature range. The maximum RAM size is 8GB DDR3L memory, and the integrated Intel HD graphics can support two independent Full HD displays via DisplayPort, HDMI or LVDS. Numerous interfaces and functions (including Gigabit Ethernet and USB3.0), enable fast and cost-effective realisation of high-performance embedded systems with low power consumption such as Box PCs or other customised solutions.
Figure 2 - congatec's certified Intel Gateway Solution for the IoT.
The combination of reliable hardware and a consistent software package, including everything from firmware to operating system and applications, provides a totally secure root of trust for IoT gateway applications. Thanks to outstanding performance, it is possible to carry out additional demanding tasks such as evaluation, consolidation, storage and visualisation of data, as well as sophisticated protocol conversions between the individual connection levels. Typical industrial applications are found in automation, energy technology and building automation, as well as transportation and many other areas that demand increased data security.
An end-to-end solution
QSys is a modular embedded PC from TQ-Systems based on the Intel Atom E38xx. The combination of the MB-Q7-2 mainboard and the congatec conga-QA3 module provides a highly compact embedded computer system and an ideal platform for use with the Intel Gateway Solutions for the IoT.
The compact box design, with external dimensions of only 100x100x23mm³ and many interfaces and functions, is an example of how to quickly and cost-effectively implement a high-performance, passively cooled embedded system for gateway applications. Hardware security features such as TPM 1.2/2.0, the Sentinel HL Security Controller and integrated secure EEPROM enable the realisation of embedded systems with an exceptional level of security.
The example has shown how quick and easy it is with congatec’s modular system to build concrete solutions for secure IoT gateways. The right know-how and technology can, however, bring further benefits. Thanks to the 70x70mm compact form factor of the Qseven module it is easy to transfer the system layout to a customised system, making the development of complete single board computer systems a simple and inexpensive task. The re-validation effort is relatively low because key components, such as processor, I/O system, network peripherals and firmware, require no or little modification. congatec has, for example, already implemented a complete mini-ITX single board solution.
Figure 3 - conga-QA3 Qseven Computer-on-Module based on the Intel Atom E3800 family.
As an ODM congatec can also develop complete customised systems and validate them for the customer, or use its know-how to help customers validate their own developments. The cost optimisation of this approach is particularly interesting where large production runs are concerned.
Modular systems consisting of pre-integrated hardware and software modules enable manufacturers of IoT-enabled systems to develop secure solutions quickly and cost-effectively, without having to deal in any detail with the complex security issues. On the one hand, security is safeguarded by a global player such as Intel bundling its expertise with that of its subsidiaries Wind River and McAfee in an end-to-end, validated solution. On the other hand, they can rely on the manufacturer of the appropriate certified standard module, who is responsible for high manufacturing quality and practical support during the implementation of the complete solution. It is important to select the manufacturer carefully to avoid unwelcome surprises later on.
While current modules are primarily designed to provide gateway functionality for applications in the areas of industrial electronics, mechanical engineering, energy supply and transportation, subsequent modules and validation packages will cover additional functionalities and industry segments. The possibilities offered by the IoT are virtually unlimited and hold a rich potential for further development. With reliable partners and well-engineered, validated product packages this potential can be exploited quickly and safely.