IEC 62443-4-1 Certified: Secure by Design
Certified development processes for secure, future-proof products.
Flexible and secure
Market research firm VDC emphasized in a recent study that IoT gateways are the essential link between very heterogeneous local sensor networks and enterprise applications. A good example of such an all-round communication talent is the Qseven-based MYNXG Gateway from MyOmega System Technologies, for which congatec provided embedded Hardware Design & Manufacturing services.
IoT, Industry 4.0 and clouds are the latest hype words in the industrial sector and many new applications are being developed to take advantage of these changes in technolgy. In addition, connecting and securing existing machinery and equipment is also expected to have enormous potential. The benefits range from cost savings, streamlined processes, improved sustainability, increased availability, and more efficient maintenance of these systems.
Turning the new possibilities of connecting devices and sensors into a viable business model requires a clear strategy and many sub-components. According to VDC, gateways play a particularly important role in this. They must provide the logic and communication functions required to receive and process the local sensor data from heterogeneous networks and send them to the management systems that are operated in the cloud or on enterprise servers, workstations, tablets and smartphones. To do this they need to provide adequate performance and security.
The maturity phase begins
The IDC survey that records the status of the implementation of IoT or Industry 4.0 applications points out that it takes considerable effort and time to turn wishes into reality. Only 3 percent of respondents were able to fully implement their Industry 4.0 application and only 12 percent have implemented first partial solutions. A whopping 85 percent are still in the early stages, ranging from the evaluation and planning to the first pilots. The mass implementation stage is therefore still to come. However, in four years’ time, up to 50 billion devices are expected to be connected via the IoT.
These initial projects are hampered by all kinds of issues: There are clouds, but no cloud solution for the specific application. There are many appropriate services that can be used in isolation, but they are often not secure. Sensors and machines come with connectivity, but the infrastructure is very mixed and an integrated solution is different for each company.
One particular challenge is the gateway design. Standard gateways are not rugged enough or do not provide adequate performance or programming flexibility. In addition, a wide variety of security requirements must be met. Often, there are not enough interfaces to provide connectivity with the field level and process level. In many cases, there is insufficient capacity to connect hundreds or even thousands of sensors and to control communication between them or to handle transmission across distances of thousands of meters.
Mastering multiple challenges
It is in this challenging environment that MyOmega System Technologies has positioned itself as a problem solver for industrial customers. The company advises on the implementation of IoT and Industry 4.0 strategies and offers an all-round worry-free service that encompasses everything from requirements engineering to the commissioning of the IoT application, allowing customers to outsource complete IoT projects. The focus is on software development as well as the selection, configuration and integration of the appropriate components at all levels: from IoT sensors in the field and the IoT gateway architecture at the process level, to cloud and app programming or ERP, MES and maintenance management.
The IoT applications that MyOmega supports can be extremely heterogeneous. For example, there are Smart Farming applications where the challenge lies in providing a 3000 meter wireless communication link between the IoT gateway and the sensors in the field. Or, there is a logistics application, designed to measure the fill levels of kanban containers via image recognition executed on the gateway, where 3,000 bins are connected per node. In yet another project, the gateway needs to record and document cycle times as short as 30 ms in order to verify that a product has been calibrated by the ODM and to transmit this data to the OEM.
Powerful IoT gateways
These three examples show that IoT gateways must be extremely powerful and that the requirements vary greatly from application to application. Next to the gateway’s performance, providing reliable and secure connectivity is a key factor. "We have applications where we need two WLANs, one to connect the staff on site, and one to handle communication with the cloud," explains Bernd Möller, Managing Director at MyOmega. In other applications, it is important to interface with the company's internal LAN or to integrate industrial protocols such as Profinet and Profibus or CAN, KNX and EnOcean. Yet others need to support wireless protocols such as Zigbee, Z-Wave and 6LowWPAN, or Bluetooth and NFC. Of course, gateway connectivity via 4G LTE modem is also required.
It is not just the diversity of requirements that is important; these could easily be addressed by a modular design with few interfaces. Rather, the key challenge lies in the large number of required interfaces. This is why MyOmega decided to turn their back on existing standard box PC solutions as they offer only a limited amount of extension cards. Instead, they decided to develop their own, highly flexible IoT gateway solution. "Most of our customers’ IoT applications need a powerful all-round gateway. It is not enough to provide two or three modular interfaces. You have to be able to connect simply everything - whether old or new devices. Sometimes, it may even be necessary to cope with up to 1,000 Mbps traffic and countless wireless connections with secure end-to-end communications," explains Bernd Möller.
Six modular extensions
The result is a completely new IoT gateway that provides unrivalled flexibility in terms of interface configuration. The hexagonal MYNXG Gateway can be equipped with eight antennas outside (LTE, HSPA, 2x WLAN) and six radio modules. This is a very complex design with up to 14 antennas; what is more, the design is also highly flexible.
To span long distances of up to 3km, MyOmega additionally offers a Mid-Range Radio solution for the open 868 MHz and 2.4 GHz band. The Mid-Range Radio technology was developed by MyOmega and is based on open standards such as IEEE 802.15.4, 6LoWPAN and CoAP; inside buildings, the technology is capable of bridging impressive distances of around 100 meters.
The development of Mid-Range Radio shows that MyOmega engineers are communication experts and MYNXG is not just a flexible hardware platform; it also provides the middleware and protocol support that IoT applications need for secure end-to-end communication. Even BYOD (Bring Your Own Device) strategies are supported with Android 4.4.2 (from KitKat) with the added option to also realize them for users of iOS or Windows devices.
High security
With so much openness, it is important not to neglect security. MYNXG therefore protects both the data and communication channels against abuse and manipulation. For a start, all communication channels are encrypted. Without a valid authentication of all participants no communication takes places. This prevents attackers from deliberately or accidentally accessing the communication. It also effectively counteracts possible man-in-the-middle attacks. For this purpose, all authentication keys are kept on the storage device with BitLocker encryption.
High system security is further provided by customer-specific adaptation of the boot routines, the need for user authentication when bootstrapping, 2.0 Trusted Platform Module and intrusion protection. In case of an unauthorized opening of the housing, all active keys are discarded and must be requested again. This effectively even prevents attempts that use electron microscopy to manipulate or spy on the gateways and their secure communications. In addition, checks are run to establish that the hardware is unchanged and remains trustworthy. This means, for example, that it is impossible to compromise the system by changing the storage medium.
The MYNXG Gateway comes standard for complete IoT projects or as an application-ready gateway that connects individual sensor infrastructures and transmits their data as needed to customer-specific enterprise applications. Existing custom applications can be integrated with the Android-based development environment via MYNXG middleware. The application code can be based on native real-time or SPS code as well as HTML5.
Qseven module integration
MyOmega uses Intel® Atom™ processor-based Qseven modules to develop the MYNXG Gateway. This modular approach ensures that the system platform is scalable to match specific performance requirements. It also means that it is possible to stay in line with the latest technology upgrades, so that customers always have access to state-of-the-art processing performance. Since the installed applications are expected to become part of the infrastructure at the customer site, components also require a long service life. In that case it is good, if each component comes with long-term availability and the ability to upgrade to functionally identical modules of a newer generation.
MyOmega adopted the same openness for the connection of expansion modules. All expansion slots are based on USB. The multitude of supported wireless connections represented a challenge for the design of the system. To avoid having to put all external antennas in a row, and to optimally separate the antenna fields from each other, the housing is designed as a hexagon. In addition, the system board is shielded by a metal cage against radio interference from the integrated antennas. This ensures full EMI immunity of the system even when all radio connections are used.
The housing consists of a combination of aluminum and plastic injection molding with integrated heat stacks for thermally sensitive components. As the warmest component, the CPU module is connected to the aluminum base right above such a heat stack. This yields a completely fanless, IP53 protected housing.
Single source design
MyOmega found the perfect developer for the MYNXG Gateway in their Qseven module supplier. congatec, the leading supplier of Computer-on-Modules in Europe, also provides Embedded Design & Manufacturing (EDM) services. As part of these services, the company develops complete system designs, based on its standard product range of computer modules, SBCs and motherboards. The technological basis for the MYNXG Gateway is the Qseven based IoT Starter Kit. Certified as ‘Intel Gateway solution for the Internet of Things’, the kit includes a TPM module providing comprehensive security functions.



