ctrlX IOT

Efficiently and securely connected in the IIoT

In the Factory of the Future, everything will be connected. For automation, this means that control systems and IT are gradually merging with the IoT. Efficient and secure data exchange offers new possibilities.

In order to achieve this, modern automation solutions require open standards, intuitive configuration, maximum flexibility and the ability to adapt to individual requirements. However, the Industrial Internet of Things (IIoT) poses entirely new requirements when it comes to security.

With ctrlX IOT as a central part of ctrlX AUTOMATION, Bosch Rexroth offers a progressive IoT toolbox with integrated security which meets all Industry 4.0 requirements. The option of fully integrating IoT solutions into the (hardware) platform enables users unlimited possibilities.

Secure and decentralized: The highlights of ctrlX IOT

For users, ctrlX IOT means significant improvements in connectivity. This is made possible thanks to local archiving and various secure, established protocols for data collection. With numerous direct connection options and communication standards, the IoT software apps offer optimum flexibility for connecting different devices. They fit easily into existing and future systems.

Because security is a key requirement in the Internet of Things, ctrlX IOT aims to provide comprehensive protection. With its control system ctrlX CORE, Bosch Rexroth offers an integrated all-in-one network appliance. ctrlX IOT has fully-integrated IT security standards for access control and remote maintenance. Access can be monitored on a permanent basis and secure network communication can thus be ensured. The software is IEC 62443 SL3 certified and has a TPM 2.0 chip.

Engineering is also simplified by ctrlX IOT. The option of configuring and managing various apps via a web interface significantly reduces the engineering effort for data connection. Guided configuration dialogs are used to perform the set-up quickly and intuitively – without the need for programming. End users too can set up or change data connections quickly at the click of a mouse.

  • Industrial IoT connectors – Pre-configured connectors for convenient data collection
  • ctrlX CORE integrated all-in-one network appliance – Ensures maximum security and availability of routers, IoT gateways, firewalls and VPN
  • ctrlX Data Layer – Central access to all real-time and non-real-time data and archiving
  • IEC 62443 SL3 certified – Secure boot, TPM 2.0, system-wide user management

The architecture of ctrlX IOT

Thanks to the open and flexible architecture, ctrlX IOT can be used drive- or control-based. Peripherals can be connected easily via EtherCAT-Master as an automation bus.

IoT functions as necessary via app

Via the ctrlX Store, Bosch Rexroth offers its own IoT solutions as well as applications from third-party providers as apps. Thanks to these apps, the functions of the control solution ctrlX CORE can be configured as necessary. Suitable apps are available for every use case: ctrlX CORE functions not only as a machine control system – it is also a secure and intelligent gateway solution. With its open design and numerous interfaces, the control system is also suitable for brownfield use in order to add IoT connectivity and functions to existing machines and systems.

 

Node-RED

With the app Node-Red, IoT applications can be realized according to the modular principle. It combines input, output and processing nodes to form a flow. The app forms a central element as an IoT gateway together with the ctrlX Data Layer. This way, a wide range of devices can be connected.

Firewall

In order to allow greater security and additional use cases, a firewall can be installed. The app uses the firewall technology Nftables and provides users with a graphical interface for guided configuration. In the event of a virus attack, a segmented network can help to ensure the availability of production.

VPN

The app VPN makes available a VPN client on the control system. It supports the two popular and widely used VPN protocols OpenVPN and IPSec. Depending on the existing IT infrastructure, the function provides easy remote access to the production line while allowing the configuration of individual machines. The ctrlX World also features a VPN server from a third-party company.

Telegraf

The IoT is the ideal way to collect data and use them beneficially. The app Telegraf™* is based on the Telegraf open source server agent which was tailored to ctrlX AUTOMATION. The app collects and sends all types of data from databases, systems and IoT sensors. Over 200 plug-ins for collecting and outputting data are available. With the app Telegraf™*, users can also develop their own plug-ins to suit their individual monitoring requirements.

* [Telegraf™] is a trademark [registered / owned] by InfluxData, which is not affiliated with, and does not endorse, this ctrlX CORE App.

Security on all levels – Secure by design/Secure by default

With ctrlX AUTOMATION, Bosch Rexroth has focused on IT security and involves hardware and software equally. The platform, which is certified according to IEC 62443, is based on the Linux Ubuntu Core operating system as the most secure form of Embedded Linux for devices and connected edge devices. All apps are encapsulated in sandboxes by default and thus ensure maximum protection at all times. These apps are unchangeable thanks to digital signatures, which helps to protect them against manipulation.

Reliable, tested updates provide additional security. If an update leads to problems, the previous version can easily be restored through a rollback. A real time core which is maintained by Bosch Rexroth itself has been added to the Ubuntu Core operating system. Long-term security updates are also available.

Secure by Design

The control system ctrlX CORE is “secure by default” and thus offers security and flexibility when integrating data into existing IT production systems. Users can securely deploy the device from the very first minute and connect it safely to other systems and the IoT without any configuration being required.

Features for user management

  • User and group management with allocation of individual rights
  • Self-defined application rights
  • Session management
  • Password and session directives configurable
  • Support for remote authentication (LDAP)

Features for the management of certificates and keys

  • Central management of all applications, certificates and keys provided for an available service
  • Various actions for the handling of certificates
  • Key management
  • Importing of password-protected keys
  • Generating keys with TPM (Trusted Platform Module)

Logbook functions

  • Log reports for all apps in the ctrlX AUTOMATION toolbox
  • Logging infringements of access rights and licensing problems
  • Export function und API for logs
  • Support for remote logging (Syslog)

Secure by Default

When it comes to security, good advice is important. As part of ctrlX SERVICES, Bosch Rexroth offers “IT Security Consulting”, a comprehensive package of consultancy services for machines, systems and facilities. Experts produce individual weakness, risk and threat analyses as well as security concepts for machines or components. These are geared individually to the needs of customers.

Minimal software configuration

  • ctrlX CORE is supplied exclusively with system applications and applications for user configuration

Maximum security

  • ctrlX CORE is configured in such a way that only signed applications can be installed from the first system start

Practical ctrlX CORE user management

  • Users have to change the password when they log on for the first time. Furthermore access is possible only via a web interface

Well advised with security

When it comes to security, good advice is important. As part of ctrlX SERVICES, Bosch Rexroth offers “IT Security Consulting”, a comprehensive package of consultancy services for machines, systems and facilities. Experts produce individual weakness, risk and threat analyses as well as security concepts for machines or components. These are geared individually to the needs of customers.

Evaluating the current security status

  • Risk and threat analyses
  • Verification and validation
  • Vulnerability assessment

Increasing the security level

  • Producing individual security concepts to minimize risks
  • Support when implementing security measures
  • IEC 62443 evaluation and support when responding to requirements
  • Recommending secure hardware and software components

Building up security expertise

  • IT security training, training to increase awareness and building up in-depth IT security knowledge
  • Support when integrating IT security processes

IoT & PLC

In PLC & IoT applications, own process know-how can be easily integrated with ctrlX AUTOMATION. Customers benefit from the openness of the system, the security and the free choice of programming languages. The automation toolkit can be used in a wide variety of IoT & PLC applications, such as building automation.

Further application examples:

General Motion Control, Performance Motion Control, Manufacturing, Smart Energy

IoT & PLC

In PLC & IoT applications, own process know-how can be easily integrated with ctrlX AUTOMATION. Customers benefit from the openness of the system, the security and the free choice of programming languages. The automation toolkit can be used in a wide variety of IoT & PLC applications, such as building automation.

Further application examples:

General Motion Control, Performance Motion Control, Manufacturing, Smart Energy

More information regarding the efficient and secure IIoT solution ctrlX IOT

Now available –
ctrlX AUTOMATION the magazine 2022/2023!

"Feel free to change the game" ­– this is the motto of the ctrlX AUTOMATION magazine 2022/2023. Learn more about the new freedom in industrial automation enabled by the Linux operating system ctrlX OS and the planar system ctrlX FLOW6D. You can also expect exciting customer projects, partner statements and much more.

Get your free ctrlX AUTOMATION magazine!