There are several design considerations to think about for industrial gateways:
- Operating system
- Industry standards and certifications
- Security
- Industrial network connectivity support
- Gateway hardware specifications
- Network deployment and configurations
- GPU support
Operating system
Considering the type of Operating System (OS) to deploy on the industrial gateway is an important factor, as software solutions can have different OS requirements. It is also important to choose an OS based on different factors such as how lightweight it might need to be or what dependencies it might or might not support.
The Dell Validated Design for Manufacturing Edge supports multiple ISVs, and as described in prior chapters, gateways are suitable for several ISV applications in virtualized, bare metal, and containerized deployments. Refer to ISV-specific contents for details on supported operating systems and deployment options.
Industry certifications
Industry standards and certifications are an important factor to consider when deploying equipment in a factory environment. One such industry standard is the Ingress Protection (IP) rating, also defined as IEC 60529. This standard classifies the different levels of protection provided by the casing around the device. It looks at the intrusion protection, such as solid objectsfollowed by the moisture protection, such as shielding from water spray. Depending on your environment, you will need different values to stay compliant and for the gateway to stay operational.
Other than the IP rating, there are other standards and certifications to consider, depending on the environment and use case. For safety standards in the manufacturing space, consider IEC 61010 and the newer IEC 62368 standards. For IT-based standards and security, consider IEC-62443 and other frameworks or standards for more stringent environments like FIPS-140-2.
Dell Edge Gateways are also tested and certified under MIL/NEBS standards environments to withstand most levels of shock, vibration, and extreme conditions found in remote locations.
Security
Security is a crucial consideration, as it plays a role in protecting the safety of factory workers, protecting sensitive company data, and providing availability. When working with gateways, review the following security functions:
- Ensure that only authorized users have access to the gateway, both physically and over the network. For example, consider access methods such as integrating with a central authentication server for more effective management of users. Any unused physical ports (for example, an unused RJ-45 port) should be sealed or disabled in the BIOS. Consider physically placing the gateway in an area that requires key-card access for authorized personnel only.
- Create user roles based on job function to follow the principal of least privilege. Review access and authorization periodically to ensure that both are up-to-date and accurate. It is also recommended to configure logging on the gateway (OS and any relevant applications) and to ideally forward those logs to a centralized logging server.
- Protect any data that exists within the gateway and any data going through it. Consider using up-to-date encryption algorithms to protect the confidentiality of the data. An example would be to encrypt any data at rest while leveraging a TPM module for secure encryption key management. Also, it may be appropriate to use hashing algorithms to protect the integrity of the data.
- Review segmenting of access as well. An example of this is to either designate a VLAN per function, or to physically segment management traffic from data traffic. Proper segmentation of data prevents someone without access from pivoting from one section of the network to another. This is important because machine data is often considered intellectual property, and therefore it must be protected and separated from other data.
Industrial connectivity
It can be helpful to put together a list of the devices and the protocols running in your environment. This helps to identify whether the gateway can support interfacing with everything on the list. Also, ensure that the gateway has the right hardware to connect to devices, especially programmable controllers like Programmable Logic Controller (PLC) or Distributed Control System (DCS). Often, this can be done using standard CAT-6 family Ethernet cables, but serial-based connections may be required, too.
Gateway hardware specifications
Hardware specifications help define the amount of processing that the gateway can handle. Often there is a ratio of programmable controllers to gateways to consider. Initially, it is helpful to understand how many machines, devices, and sensors are on the factory floor, and how much data each unit produces. Choose the appropriate hardware specifications and identify which cells and zones need specific hardware capabilities. Also consider what functions and applications the hardware needs to support.
Specific hardware specifications to consider include the CPU, memory, network ports and capabilities, as well as other special capabilities like ARM and multipathing capabilities. For example, if you require low power consumption, then require a gateway that runs the Intel Atom CPU. Other components include the amount of local storage. Does your environment need to support a large amount of data storage, or can you get by with a lower amount? Do you need a GPU card for more powerful processing? Also, does the factory floor support the power supply? Consider a TPM module for added security. Review the form-factor of the gateway for constrained spaces. Environmental factors like operating temperature, humidity, and vibration are essential considerations as well.
Network deployment and configuration
It is important to pre-plan the network deployment of the gateway to ensure a successful outcome. Consider where and how the gateway will be connected. Ensure that the necessary number of IP addresses are reserved for the gateway or gateways being deployed. If using VLANs, ensure that they are configured on the correct ports and that they are extended to the right devices. Test connectivity from the gateway location to where it will send the data, to services such as DNS or NTP, and the upstream ThingWorx server. This will verify that the Layer 2 and Layer 3 settings are configured correctly.
Review network redundancy for continued availability and minimal disruptions. Consider planning for network multipathing and fault tolerance by deploying redundant connections and switches. It is also important to plan for gateway failure scenarios. Ensure that there is a plan to restore gateway functionality with minimal downtime. For example, preconfigure a spare gateway on-site and nearby so that it is ready to be deployed with minimal configuration. When deploying Kepware Server software, back up the latest configuration periodically. For more detail, see High Availability and Disaster Recovery.
Another topic to consider is support for required network services. Common services and protocols to think about are NTP, DNS, 802.1X, as well as network monitoring (for example, SNMP) and logging. The networking should allow for the gateway to reach these services. Lastly, think about network security considerations such as firewall rules. Are the necessary ports and protocols allowed for the gateway software to carry out all its functions? Are the necessary network services allowed through the network path? Successful network planning results in an easier and more successful deployment. See Cybersecurity for further details on validated firewall access-list rules between various ISV applications.