Operational Technology (OT) networks are historically “air-gapped” from the rest of the networked world. But pressure is mounting for manufacturers to leverage real-time data exchanges from outside their controlled environments to increase productivity and efficiency. One major concern for manufacturers is how safe and secure it is to open the OT network’s doors to the internet.

This is forcing change in the control domain. Edge controllers are being proposed as the new programmable logic controllers (PLC), with the ability to merge OT and IT domains in a single device in an operationally safe and data-secure way.

PLCs have been evolving. This is partly due to the IoT but also a natural development. They are now more complex and capable, and at their core they may look very different to PLCs of yesterday. Functionally they can do more, and this is reflected in their underlying architecture.

Figure 2. The groov EPIC from Opto 22 is an edge programmable industrial controller. (Photo: Opto 22)

Control moved away from simple, repeating loops to something driven more by interrupts and task priority. To achieve this, manufacturers adopted real-time operation systems. To the end user they were similar enough to be familiar, but fundamentally there was a shift. These became known as programmable automation controllers, (PACs). At the same time, communication was becoming more important, so PACs were equipped with communication ports.

The latest iteration, the edge controller, takes this to the next evolutionary stage. The line between PLC and PC is getting thinner. The edge controller makes that line almost indistinct. But unlike an industrial PC, the edge controller provides features designed specifically for industrial control.

In many ways, an edge controller is a hybrid of the PLC/PAC and an industrial PC, which means it can offer a more flexible user experience in the way it is programmed and used. It also provides a gateway between legacy PLCs, as well as other devices in an industrial control environment. Industrial gateways have also become necessary for this reason. The potential here is for the edge controller to replace the PLC, the gateway, and an industrial PC with a single device.

Switching to Edge Controllers

Creating an industrial network and making it part of the IoT can be achieved in various ways. An edge controller would be expected to provide a lot of the functionality needed to do that, but it isn’t the only way it can be achieved.

For many manufacturers with legacy systems in place, it may not be viable to shift wholesale over to using edge controllers. Manufacturers of edge controllers understand this and have designed them in a way that provides flexibility. For example, if an OEM is expanding its operations with new equipment, it may be a good time to move to an edge controller, while the rest of their operations continue to run on PLCs.

If they already use industrial PCs to provide network connectivity, then switching to an edge controller could be an unnecessary disruption. But edge controllers aren’t only for greenfield installations. The availability of industrial gateways is also growing, so the choice may be between a gateway and edge controller.

Edge Controller or PLC?

Digital transformation doesn’t depend on the use of edge controllers. But those companies now producing edge controllers have convincing arguments to support why they have endorsed them. This mostly comes down to things OEMs cannot control, such as the need to introduce the processing power and performance offered by cloud-based solutions.

This is where edge controllers will excel. They combine two personalities. One is that of a traditional PLC; the other is more like a cloud-based server. They do this in a very literal sense, by physically partitioning the features across parts of the system that can only interact through strict mechanisms.

Partitioning in this way is essential to maintain safety on the side of the OT network and security on the side of the IT network. Communication ports will also be limited in the way they connect.

The edge controller needs to support a flexible user experience. Engineers more familiar with conventional PLC programming languages will still be able to configure them in that way. The majority, if not all edge controllers available today, support all IEC 61131-3 compliant languages. But they also support modern high-level programming languages, such as C/C++ and Java. More importantly, perhaps, they also support popular high-level scripting languages, such as Python.

This makes edge controllers more accessible to more engineers. And that is not by accident. Manufacturers understand that the workforce, like the shopfloor, is changing. New engineers are more familiar with Java, Python, and Node-RED than ladder logic.

Safety and Security

PLCs are well established as being capable of running industrial applications, but not all are inherently certified for safety-critical applications. The standard IEC 61508 for functional safety applies here. The same standard can be applied to edge controllers to establish the safety integrity level (SIL). As with PLCs, not all edge controllers will necessarily need to demonstrate a SIL rating.

Security is another issue. There can be no excuse for accepting a level of network security that isn’t robust and reliable. In a connected world, every device is a potential attack surface. This is perhaps the biggest perceived risk manufacturers have when moving to the industrial IoT.

It is unfair to consider the security offered by edge controllers in terms of the security provided by PLCs and PACs. The inclusion of robust security is fundamental to edge controller design, not an afterthought.

This is a really important point. The IT world has had decades to develop security solutions that work in a connected world. Edge controller manufacturers have leveraged this experience to provide the same level of security at the core.

Figure 3. An example of Node-RED being used to control a lamp through analog and digital I/O. (Photo: Node-RED)

This starts with relatively simple measures, such as not using standard passwords, enforcing user accounts that have tiered access rights, and assuming there will always be an unwanted actor trying to gain access to the system.

Security extends all the way to the heart of the system. The operating system used for IT-based activity will be entirely separate from the real-time operating system used for control. The key here is maintaining the modern equivalent of the venerable air gap while still allowing both sides of the system to exchange data. This is typically achieved using a protocol that has security baked into it, such as Open Platform Communications Unified Architecture (OPC UA) and MQTT.

Battle-proven security techniques, such as firewalls, will also be deeply embedded into the system and not an optional extra. In conjunction with this, an edge controller will partition communication ports to support trusted and nontrusted parts of the network.

Hardware for Edge Controllers

With greater emphasis on the embedded software running inside, edge controllers require processors that can handle the demand. In fact, it is likely that the processors used will have multiple processing cores and follow a heterogeneous multicore structure. This contrasts with PLCs and even PACs, which are often based on a single-core highend microcontroller.

In practice, the processing solution used will have two or even four Arm Cortex-A class processors supported by a Cortex-M class core. This combination provides a flexible approach to system architectures. Many Cortex-M cores are now able to run a real-time operating system and provide the control functionality. The A-class processors are designed for large Linux-based operating systems, which typically come with all the drivers and APIs needed to implement highspeed secure networking.

For single-core solutions, virtualization may be used to partition the two domains. Virtualization software and hypervisors are now used extensively to create multiple and virtually separate operating environments using a single processor.

The three RZ/N1 groups of single-and multi-core processors from Renesas are a good example of how this is being implemented. The devices in these groups are based on the Arm Cortex-A7 and Cortex-M3 cores. They provide five-port Ethernet switch functionality and support for various Ethernet-based protocols commonly used in industrial applications.

The STM32MP1 is another example from STMicroelectronics. This represents ST’s first microprocessor solution, and it integrates one or two Arm Cortex-A7 cores with an Arm Cortex-M4.

Secure Connectivity

The focus of manufacturers bringing edge controllers to market is industrial, which is indicative of the massive change happening in this sector right now. The Industrial IoT is fundamental to Industry 4.0, and edge controllers are a response to the demand for more secure connectivity and functionality in the control domain.

However, other areas are also going through a similar revolution. The IoT does not discriminate and digital transformation is not restricted to Industry 4.0. Edge controllers, as described here, are geared toward bringing the industrial sector into the IoT, but the term “industrial” is broad. It is not limited to manufacturing or automation in a manufacturing environment.

Other markets, such as medical, commercial, and social are also developing. Smart hospitals, smart buildings, and smart cities all need a similar mix of operation and information technology. This will propel the concept of a secure edge controller into new application areas. The inherent flexibility and capability of these devices, and the performance offered by the processors that power them will help shape “World 4.0.”

This article was written by Philip Ling, Senior Technology Writer, Avnet Inc. (Phoenix, AZ). For more information, visit here .