Skip navigation
2012

Last week I attended the LTE Asia conference in Singapore. This was an ideal event for 6WIND to participate in, for several reasons.

First of all, the conference organizers went out of their way to encourage and facilitate effective networking among the attendees. Everything from sending out a list of attendees ahead of time and offering to forward meeting requests (think LinkedIn on a very small scale), to organizing “speed networking” sessions. Modeled on the “speed dating” concept, service providers were coerced into spending 40 minutes having individual, two-minute conversations with a long series of vendors who had previously signed up for the opportunity to briefly introduce their products, hoping for longer, more detailed conversations later. I signed up for a session, found it to be a highly-productive experience, was exhausted at the end and walked away with a lot of follow-up opportunities.

Second, for a company like 6WIND this was a perfect opportunity to meet and learn from a large number of service providers, most of whom were from the Asia-Pacific region but some of whom have a global presence. For us, talking with our customers’ customers is an important part of better understanding the overall market needs and trends. Also, in some cases we’re able to influence the service providers to make sure that their equipment vendors (the TEMs who are our primary customers) understand the benefits that our software can provide for LTE infrastructure.

Finally, the conference included a fascinating set of sessions that highlighted just how much the hot topics have changed over the past twelve months. At last year’s conference, the focus was mainly on technology issues: spectrum allocation, TDD vs. FDD, WiFi offload, roaming etc. This year, however, the focus was clearly on how to monetize the technology and in particular how to turn around the steady decline in ARPUs and offset the continued increases in CAPEX and OPEX resulting from the on-going explosion in mobile video traffic.

Several sessions were dedicated to discussions of how service providers can provide true value-added services to their subscribers in response to the continued threat from the OTT providers. As always, Korea seems to be ahead of the rest of the world here with some truly innovative services (and what appears to be industry-leading adoption). That’s probably a good topic for another blog at some point.

For me, one of the most interesting sessions included a presentation by Infotech on new market segments for LTE. In his talk, Ravi Surapaneni pointed out that, while most of the industry focuses on the issues and opportunities associated with individual subscribers and personal usage trends, there are in fact a number of industrial market segments where the technology provides compelling solutions to business-critical challenges. These segments offer high-margin revenue opportunities for service providers, not constrained by the pricing and service expectations of individual subscribers.

The first of the four segments highlighted by Surapaneni was Oil and Gas. He described the need to connect remote locations, often far offshore, with reliable high-bandwidth connections, mentioning that today sometimes the only way for critical data to be delivered is by helicopter….. Current communication systems only support voice and low-bandwidth data, or are expensive satellite-based solutions, require multiple devices to achieve multiple functions and have no interoperability.

The second segment is emergency communications (police, fire brigade, ambulance, border control, coast guard, search and rescue services). Surapaneni explained some of the critical needs: accessing both real-time and non real-time video; email and file transmission of incident reports; remote access to databases; biometric data; digital mapping and location services.

The third segment is utilities and energy. Throughout the grid, there is a need for reliable, high-bandwidth communications in support of video surveillance, smart metering and multimedia operational communications.

Finally, there are major opportunities for LTE in transportation. Surapaneni described requirements for: real-time and trackside surveillance for trains; wireless broadband communication for both staff and passengers; video information for emergency rescue, surveillance and fault diagnosis; stable broadband wireless Internet access and voice calls during high-speed travel; improved security through remote monitoring.

LTE can provide an ideal solution to important challenges in these and other industrial market segments. For service providers, they offer opportunities to deliver high-value, high-margin services to a customer base where guaranteed reliability, bandwidth and coverage are far more important than minimizing monthly costs.

Were you at LTE Asia last week? What were some of the key messages and trends that you took away from the conference?

Machine-to-machine (M2M) communications strategies combined with cloud computing technologies promise to transform the industrial landscape from an assortment of isolated individual systems into a network of interoperable devices. Pervasive M2M connectivity will enable a wide range of applications, services, and performance improvements by exchanging real-time data between remote devices, central servers, and authorized third parties.  The major goal of M2M communications is to combine real-time data from remote devices with enterprise applications to automate everyday company decisions in order to optimize industrial output and lower operating costs. M2M technology also allows embedded design teams to contain costs, improve security, enable remote management, and maximize system availability. The problem with the current state of M2M communications is that many embedded interfaces are based on proprietary interconnection and data formatting standards that are unable to freely exchange data with a variety of clients.

 

In order to deal with the fragmentation problem and provide scalable interoperability and security, Intel recently announced the Intel® Intelligent Systems Framework. The framework is a set of standard practices for hardware and software development to ensure connectivity, security, and remote management. With this new framework in place, embedded designers can concentrate on the unique features that set them apart from the competition without worrying about the M2M interoperability details.  The basic capabilities are provided by software and middleware from Intel®, Wind River, and McAfee plus the hardware features of supported processors including Intel® Xeon® Processors, 2nd and 3rd generation Intel® Core™ Processors with Intel® vPro™ Technology, and Intel® Atom™ processors. To verify adherence to the standard practices outlined in the framework, Intel will validate hardware and software components from members of the Intel® Intelligent SystemsAlliance. Certified products are already available from Advantech, Dell, Kontron, Wind River, and Portwell with products from other Alliance members scheduled to launch over the coming months.

 

One of the first products available supporting the Intelligent Systems Framework was announced by Wind River at the Intel Developer Forum. The new Wind River Intelligent Device Platform is a software development environment for M2M applications based on the embedded Linux operating system plus middleware (See figure 1). This platform adds the security and manageability required for device development across multiple connectivity options including 3G, Bluetooth, Ethernet, Wi-Fi, ZigBee, and Z-Wave.  Wind River’s Secure Remote Management is also built-in featuring customizable trusted boot, security updates for Linux, and Trusted Platform Module features. The platform also include a complete set of development tools including Wind River Workbench, based on the Eclipse framework, and the Wind River build system for software integration. The Wind River Intelligent Device Platform is currently scheduled to be available in Q4 2012.

 

idp-stack-diagram-large.jpg

Digi International also joined the Intel® Intelligent Systems Framework ecosystem and announced the Digi M2M Solution Builder Kit for M2M applications. Based on the Intel® Atom™ E620T processor combined with a wide range of connectivity options, the kit provides an end-to-end solution, including hardware, software and services to simplify the development of connected M2M devices. The kit includes a certified gateway with all available connectivity options, such as 2G/3G cellular, dual-band Wi-Fi, Gigabit Ethernet and 802.15.4 (See figure 2). Future connectivity extensions such as 4G/LTE cellular, Bluetooth 4.0 and ZigBee can be easily added. The iDigi Device Cloud, a public cloud platform-as-a-service, is a part of the platform and provides remote management and secure data integration to help with the deployment of remote connected devices. The kit includes the Wind River Linux development environment tailored for cloud-connected M2M applications.

 

m2m-smart-services-developer-kit.jpg

 

These products show how the Intel Intelligent Systems Framework can be used to reduce the development time and cost of connected devices in industrial applications. With this platform in place, design teams can turn their attention to developing value from the massive amounts of data available from integrated M2M structures. If you think that this framework fits your next industrial automation project or if you have already started a project please share your concerns, questions, and successes with fellow followers of the Intel® Embedded Community. You can keep up with the latest technical articles and product announcements at the Embedded Computing Design archives on M2M connectivity. Also, please check back as I uncover more products and services that you can use to extend the performance of your next industrial project.

 

industrial.pngTo learn more about the design of industrial systems, see “Top Picks – Industrial

 

connectivity.jpgTo view other community content on connectivity, see "Connectivity - Top Picks

 

Warren Webb

OpenSystems Media®, by special arrangement with the Intel® Intelligent Systems Alliance

 

Wind River Systems is an Associate member of the by Intel® Intelligent Systems Alliance. Digi International is a General member of the Alliance. 

POS systems that exchange data with back-office systems and online operations provide competitive advantages in customer service in everything from sales to returns. They also provide better data for business intelligence. These advantages though come at a risk. A security or privacy breach could damage a retailer’s reputation and severely impact the bottom line through reparation costs and fines. In fact, compared to direct theft from employees and customers, digital security may be the greater concern. For this reason, a great way for designers of POS systems to add value and differentiate their products is to offer strong security through advanced hardware and software solutions.

 

The Retail Weak Spot

Missing merchandise is a visible and trackable issue for retailers. Compromised customer data is a grayer area. Cash, credit and debit cards, inventory, and customer data all intersect at the point of sale, making the POS terminal a prime target. What’s more, security traditionally hasn’t been a top focus for POS technology. Goal number one had been to enable merchants to track what they sell, record the particulars of the sale, and often cross promote products. Securing customer data has often been an afterthought. At least until the Payment Card Industry Data Security Standard (PCI-DSS) came into play. PCI-DSS has done much to improve and encourage cybersecurity. For cyber thieves though, this has simply raised the ante. If there’s a weakness in the system, they will find it.

 

A good example is the recent report of a breach of 100 Subway sandwich shops and other U.S. retailers by two Romanian hackers. Remotely compromising Internet-connected, PCI-compliant POS devices, they obtained the data from more than 146,000 cards and have been linked to more than $10 million in fraud losses. The hackers testified that they remotely scanned the Internet to identify vulnerable U.S.-based POS systems using certain remote desktop software applications. They were then able to log on to the  POS systems and in many cases crack the passwords, gain administrative access, and remotely install keyloggers or sniffers to record and store all card data keyed in or swiped at the POS.

 

John South, chief security officer at Heartland Payment Systems, a payments processor commenting on the breach, says there is a “greater level or protection afforded to merchants who adopt a technology that encrypts the card data … if the data cannot be decrypted at the merchant site, it is of little value to the attackers.” Encrypting data all the way from the card scanner through back-office systems is one of the best solutions, particularly for eliminating packet sniffers that, once installed on POS systems, log payment card data as it is sent to over the network.

 

Solutions Available from the Intel® Intelligent Systems Alliance

A number of POS systems available from members of the Intel® Intelligent Systems Alliance offer advanced security technology, including technologies to speed up encryption so that it doesn’t slow down transactions. The most progressive of these use 3rd generation Intel® Core™ processors. These processors incorporate Intel® vPro™ technology, a suite of hardware-based security and management capabilities that work below the OS, agents, and application software to prevent threats from attacking and digging in. Plus, they help protect data and machines.

 

3rd generation Intel® Core™ vPro™ processors include:

 

Intel TXT is particularly helpful in securing systems. When POS systems with Intel TXT are powered on, the configuration in which they are launched is tracked and can be verified from a remote management console, ensuring that there has been no tampering of the POS system. In the event of an issue, “poison pill” capabilities in Intel vPro can be used either to remotely disable a system if it is physically stolen, or to disable a system on a policy if some aspect of the POS is compromised or tampered with.

 

Now I also mentioned encryption. Encrypted data is protected data. But, traditionally, real-time encryption came at a high performance cost. With Intel AES-NI, the processor, encryption and decryption runs up to 10X faster. This performance boost eliminates the performance penalty and enables ubiquitous encryption across POS devices based on 3rd generation Intel Core processors.

 

Naturally, to make use of this capability, you need an encryption solution. Fortunately, Alliance member McAfee can help there. The McAfee Endpoint Encryption solution encrypts data throughout the retail environment, including retail POS systems, network files and folders, removable media, and USB portable storage devices.

 

The big key for developers creating POS solutions for retailers is making sure that Intel vPro technology is activated. For that, you might want to check out this resource kit.

 

Using Intel® Virtualization Technology to Secure a POS

At a National Retail Federation Convention (NRF), Intel demonstrated a retail POS reference design called the Secure Point of Sale Demo that improves the security of POS credit card transactions while potentially reducing enterprise PCI DSS compliance costs. This demo POS uses a commercially available self-service checkout system, but upgrades it to an Intel® Core™ i5 processor and Green Hills Software’s INTEGRITY* real time operating system (RTOS). This combination is used to run a Windows OS image and the POS applications in a virtual machine (VM).

 

Because the INTEGRITY OS is enabled with Intel® Virtualization Technology for Directed I/O (Intel® VT-d), Windows and PCI peripherals, such as integrated USB controllers, can be directly assigned to VM partitions. With Windows safely separated in a VM, Intel created a payment pathway as an RTOS application. Together, the Intel® VT and INTEGRITY software capabilities protect anything within the payment pathway, preventing any potential malicious applications based on the Windows OS from observing sensitive data.

 

In order to maintain software integrity over time, the platform uses Intel TXT at boot to confirm that the INTEGRITY RTOS, the payment pathway, and the virtualization infrastructure have not been modified or altered. This ensures that payments can safely be accepted on the platform. In addition, the platform can be remotely managed via Intel AMT to further reduce lifetime support costs at the point of sale.

 

Intel® Intelligent Systems Alliance Products for Secure POS Systems

Examples of boards based on 3rd generation Intel Core processors suitable for building POS systems and taking advantage of Intel vPro technology’s and Intel VT’s security features abound among Alliance members. I’ll just point out a few.

 

Portwell recently released the PCOM-B219VG, a Type 6 COM Express Compact (95mm x 95mm) module using the mobile Intel® QM77 Express chipset (4.1W). With the processor’s integrated Intel® HD 4000/2500, the module supports three independent displays, DP (DisplayPort), HDMI and DVI with no need for an external graphics card. This enables a small form factor, as well as BOM savings.

 

Norco offers a POS motherboard, the POS-7933 (see Figure 1), based on the Intel® Q77 Express chipset and available with 3rd generation Intel® Core™ i7-3770 and i5-3550S processors. The board provides 4x SATA interfaces, 1x Gigabit Ethernet ports, 10x serial ports, 1x parallel port and 6x USB ports for data communications (USB 3.0 supported). It also supports line-out, line-in, mic-in and CD-in audio functions. An onboard 1xPCI slot and 1xMini-PCIe slot provide flexible peripheral expansion. Obviously, in addition to security, you can connect a lot to this board.

 

Norco POS 7933.jpg

Figure 1. Norco POS-7933 POS motherboard.

 

For those looking for a ready-to-go POS solution that simply needs software to package it for retail customers, NEXCOM makes an innovative high-end solution that combines both the touch-screen POS terminal and server in one unit. The NEXCOM NPT 5850 (see Figure 2) uses 3rd generation Intel® Core™ processors to offer best-in-class computing and graphics processing capabilities, security, and modular expansion options (e.g., magnetic stripe reader, fingerprint reader and VFD customer display connected via a VGA connector). This full-functioned POS system is ideal for payment processing, as well as a data acquisition server.

 

Nexcom POS-NPT-5850.jpg

Figure 2. NEXCOM NPT 5850 POS System.

 

Centrally Managing Security

For retailers with multiple locations, IT security management can seem overwhelming. Central management can reduce this complexity and the costs. One solution is McAfee ePolicy Orchestrator (McAfee ePO) Deep Command software (see Figure 3). Designed to unify the management of POS systems, networks, and data and compliance solutions, the software increases overall visibility across security management activities to improve protection and efficiency.

 

McAfee ePO Deep Command employs Intel AMT to remotely manage computer-based systems and reduce the number of expensive onsite visits required to address security incidents or fix equipment. Security administrators can remotely deploy, manage and update security and device software on disabled and even powered-off retail systems.

 

McAfee.JPG

Figure 3. McAfee ePolicy Orchestrator and its management points in a POS system using Intel AMT and McAfee security products.

 

Conclusion

In a world full of threats, security is a complicated topic. I’ve covered a lot of ground here, but there’s much more that can be said. I’d be interested in hearing your thoughts on the solutions I’ve talked about and others you know about as well.

 

security[1].pngFor more on securing intelligent POS systems, see intel.com/p/en_US/embedded/innovation/security.

 

retail[1].pngTo learn more about bringing intelligence to POS and other retail devices, see intel.com/go/embedded-retail

 

Portwell is a Premier member of the Intel® Intelligent Systems Alliance. McAfee, Microsoft, NEXCOM and Norco are Associate members of the Alliance. Green Hills Software is an Affiliate member of the Alliance.

 

Mark Scantlebury

Roving Reporter (Intel Contractor), Intel® Intelligent Systems Alliance

Associate Editor, Embedded Innovator magazine

Glasses-free 3D, also known as auto-stereoscopic 3D, is a hot trend right now in digital signage. In a medium where compelling imagery is king, what better way to break out of the clutter than images that appear to leap off the screen and into the viewer’s environment? If a digital signage system designer is looking for a way to outdo the competition, this is truly it. Not only will 3D images get more attention, but 3D images will also earn more dwell time. It’s not unusual with glasses-free 3D for people to reach out and put their hands where they see the image coming out of the screen—a phenomenon that puts a whole new spin on the concept of a touch screen!

 

The Technology

Glasses-free 3D is created by interlacing multiple channels of the same content (still or video), each captured at slightly different perspectives. This is combined into one final composite image or video.

So viewers don’t have to wear 3D glasses see the 3D effect, the screen does. A special filter is placed over the panel that performs interlacing at the screen level.

 

The simplest filter is a parallax barrier—a fixed barrier of foil mounted between two pieces of glass that inserts a series of tiny slits that allow each eye to see a different set of pixels and thus see a glasses-free 3D image. A more sophisticated solution is a lenticular barrier with edged grooves designed to project two sets of images at the same time, splitting them between the right eye and left eye for the 3D effect). You may be familiar with lenticular printing—the technology that gives printed images on expensive postcards or business cards an illusion of depth. (There’s a good explanation and comparison of the two technologies in Wikipedia.)

 

While glasses-free 3D technology has been around for a while, two trends make it viable for today’s digital signage customers: 1) the dropping cost of glasses-free 3D HD displays; and, 2) the ready availability of high performance, low-power processors with sophisticated integrated graphics. Put the two together and you have a cost-effective 3D solution.

 

On the content side, content developers need to be trained on the latest 3D composing tools and auto-stereo 3D workflow. Several 3D content development programs, such as 3D Max or Maya are available. For video, the best solution is to shoot with multiple cameras set up to create the 3D effect. A new company named Imcube is working on a camera that shoots glasses-free 3D content using just one lens that could simplify 3D video tremendously. In the meanwhile, there are also a few cost-effective techniques for putting 3D images in front of existing 2D content, plus some software solutions for processing 2D images into 3D in real-time (e.g., 3D Bee Ultimate).

 

Naturally, as demand for 3D content increases, so will the expertise and solutions available for creating it. Already, with the growing interest in 3D TV, a growing number of software companies are moving into the market.

 

Glasses-Free Displays

One manufacturer making innovative glasses-free 3D displays using lenticular technology is Philips. Introduced this year, these full HD LCD displays (widescreen1920x1080p resolution) come in sizes of 23" (58cm), 42" (1.07m) and 55" (1.4m). They also include a built-in 3D conversion software that converts both 3D stereo and 2D content into glasses-free 3D content in real time. According to their website, the rendering core integrated in these auto-stereoscopic 3D displays supports the unique Declipse image format from 3DFusion that enables a true look-around 3D effect and improves the overall visual quality of a 3D picture.

 

Other display manufacturers, such as Toshiba and Panasonic, are also offering glasses-free 3D displays. In fact, Panasonic recently debuted a massive 103” glasses-free 3D plasma display prototype.

 

Cost-Effective Solutions for Powering 3D Signage

Compared to other content types, 3D is more compute-intensive since it must be rendered on the fly instead of being pre-rendered. The use of auto-stereoscopic displays further increases the graphics processing workload because of the multiple views that must be rendered at the same time to display a 3D image. Add any interactivity features or anonymous video analytics for matching content to viewers, and the processing requirements further escalate. This means to provide a great viewing experience, the system must be powerful enough to perform this rendering without pause or jitter.

 

Previously, this high level of graphics processing required a discrete graphics card, but because 3rd generation Intel® Core™ processors integrate a high-performance graphics and media processing in the processor, this is no longer the case. The combination of their next generation graphics technology (the integrated Intel® HD Graphics 4000) and Intel® multi-core technology provides all the computing muscle necessary to support multi-view video decoding and smooth playback at more than 30 frames per second (FPS). The secret is in the onboard dedicated hardware for accelerating video decoding. Decoding video, such as MPEG-4 and H.264, is done independent of the graphics engine and other applications processing, leaving other processor resources for other 3D workload tasks.

 

By eliminating a discrete graphics card, Intel Core processors offer a number of advantages. They lower system cost, reduce power consumption, improve reliability, and help shrink form factor size. In fact, using these processors enables a smaller, lighter, more concealable form factor without sacrificing image quality. You can learn more about these processors, including their cost-saving security and manageability features, in my recent post “Matching Processor to Signage Application.”

 

Speeding 3D to Market with Ready-to-Go Signage Players

There’s a wealth of excellent digital signage players using Intel Core processors to choose from the Intel® Intelligent Systems Alliance. The 200-plus member companies of the Alliance have the inside track when it comes to working closely with Intel to develop hardware, software, tools, and services. I’m just going to give two examples of players that you can get from one of the Premier members of the Alliance: Advantech. Many more can be found by searching the Alliance Solution Directory.

 

The first player is the Advantech ARK-DS762 (see Figure 1), a 3rd Generation Intel® Core™ i7/i5/i3 processor-based digital signage platform that supports for Direct X11 and OCL 1.1, and can power three independent HDMI displays. For some glasses-free 3D displays, a DVI to HDMI converter would be required. The Advantech ARK-DS762 provides great flexibility for expansion and storage, such as HDD, Cfast*, Mini PCIe* and USB 2.0 and 3.0. Developers using Advantech products can also make use of Advantech Embedded Software Services. These services provide BIOS, OS, and API assistance and can help decrease design effort and accelerate product development.

    

ARK-DS762.png

Figure 1. Advantech ARK-DS762.

 

Where the ARK-DS762 is ready to go for powering a glasses-free 3D display, another 3rd Generation Intel® Core™ i7/i5/i3 processor-based digital signage platform from Advantech is interesting for showing how such displays will be powered in the near future. The ARK-DS262 (see Figure 2) supports the Open Pluggable Specification (OPS). OPS digital signage players enable faster deployment and lower implementation costs by requiring no optional connections. To connect player to display, you simply insert the player into the specially designed slot of an OPS-compatible display and begin using it. OPS is an industry standard interface that’s catching on fast and something I plan to write on more in the future.

 

Advanttech DS262.JPG

Figure 2. Advantech ARK-DS262.

 

One thing I haven’t been able to find though is a glasses-free 3D display that’s OPS-compatible. But I think that’s just a short-term issue. Philips, for instance, makes a number of OPS-compatible displays, just none in their glasses-free 3D line. If you know of an OPC-compatible glasses-free 3D display, please comment. Also, remember my earlier statement that 3D could put a whole new spin on the concept of a touch screen? What do you think about adding a gestured-based interface using Microsoft Kinect? Could a combination of glasses-free 3D and a gestured-based interface get people even more involved with an advertiser’s messaging?

retail[2].pngTo learn more about bringing intelligence to digital displays and other retail devices, see Digital Signage - Top Picks

 

 

Advantech is a Premier member of the Intel® Intelligent Systems Alliance.

 

Mark Scantlebury

Roving Reporter (Intel Contractor), Intel® Intelligent Systems Alliance

Associate Editor, Embedded Innovator magazine

 

Digital signage has come a long way from the simple setups of yesteryear that endlessly repeated a series of three or four static images. Today’s digital signage solutions are intelligent systems that offer a wide range of capabilities. You can buy solutions that:

 

  • Display high definition and even glasses-free 3D (auto-sterescopic) images and video
  • Run two or three displays, each serving up different content
  • Provide touch-screen interfaces for easy navigation
  • Use anonymous video analytics (AVA) to tailor content to the viewer and record dwell time and other important metrics for determining content effectiveness and return on investment (ROI)
  • Offer advanced connectivity features
  • Include innovative security and manageability features

 

Obviously, to reach this level of performance and capabilities, the technology behind digital signage players has radically improved. Many of today’s advanced digital signage players come equipped with processors from either the Intel® Atom™ processor N2000 and D2000 series (formerly codenamed “Cedar Trail) or 3rd generation Intel® Core™ processors (formerly codenamed “Ivy Bridge”). Both these processor families feature integrated graphics that save the cost and power drain of a separate graphics card. Where they differ is in performance and Intel® technologies.

 

Which processor is best suited for which applications? This is an important question for digital system designers. After all, you don’t want to buy more processor than you need. Nor do you want to miss out on performance and features that could set your solution apart from the competition.

 

One way to decide that is to look at the players themselves and compare the capabilities they’re able to provide based on the processor they use. We’ll look at a few of these players later in this post. But there are simple differences that can help a digital signage system designer narrow their search right from the start based on processor performance and capabilities.

 

Graphics Performance

This is obviously the place to start for digital signage where graphics performance is king. For mid- to high-end digital signage systems, the answer is clearly 3rd generation Intel Core processors. The upgraded graphics engine offers an up to 2X boost in 3D performance over the previous generation and support for 3 displays. Other advantages include:

 

  • Integrated Intel® HD Graphics 4000 provides for up to 60 percent faster graphics performance, along with support for DirectX* 11, OpenGL* 3.1, and OpenCL* 1.1.
  • Intel® Quick Sync Video delivers native support for all mainstream codecs and the ability to handle multiple 1080p streams simultaneously.
  • Intel® Clear Video HD Technology providesdvanced video technologies that remove jitter, create crisper visuals, plus enable adaptive contrast and skin-tone enhancements that create vivid, rich colors on the display.

 

For low-end or power-constrained applications, the Intel Atom processor N2000 and D2000 series are an economical choice. They feature the integrated Intel® Graphics Media Accelerator 3600/3650 graphics engine which provides a 4x boost in 3D graphics performance over the previous generation, along with high definition 1080p video playback and streaming at a fraction of the power consumption of their predecessors. The Intel Graphics Media Accelerator 3600/3650 supports two hardware decoders (H.264, VC-1, MPEG-2) for dual independent displays, plus platform delivers multiple digital display and output options including LVDS, HDMI, VGA, and DisplayPort.

 

Processing Performance

In digital signage systems, processing performance comes into play for multiple zone displays and handling intense workloads like anonymous viewer analytics.  For such workloads, the 3rd generation Intel Core processors clearly excel (see Figure 1). With up to 20% better performance in the same thermal envelope as the previous generation, these processors make it easier to achieve performance goals in a fanless design. What’s more, they include Intel® Advanced Vector Extensions (Intel® AVX) which can speed up processing of some algorithms used in demanding image processing and graphical applications like AVA.

 

analytics workload.JPG

Figure 1. Graphics performance comparison between 2nd and 3rd generation Intel® Core™ processors measuring the average time per frame required to perform audience measurement on three video streams using Intel® Audience Impression Metrics Suite (Intel® AIM Suite) software that performs video analytics: 1) Highest compute: 1280 x 1024 video with high motion near the camera; 2) Middle compute: 640 x 480 video with medium motion near the camera; and 3) Lowest compute: 640 x 480 video of assorted crossings from 7-20 feet—light motion. For more details, see “Improved Graphics Performance changes the Cost Equation in Digital Signage.”


For less processing-intensive applications, the Intel Atom processor N2000 and D2000 series provide new levels of performance-per-watt compared to previous generations. This makes them ideal for power-efficient signage designs. Like Intel Core processors, they use Intel® Hyper-Threading Technology so each core is seen as two logical processors, executing parallel threads simultaneously for increased system responsiveness.

 

Manageability, Security, Connectivity and Other Features

Third generation Intel Core processor include Intel® vPro™ technology, which enables remote management, advanced security, energy savings, and lower TCO. A lot has been written on the benefits of Intel vPro technology, so I won’t go into here. But I highly recommend a post by my colleague Kenton Williston, “Cutting Costs with Intel® vPro™ Technology.” In the connectivity department, these processors deliver next-Generation I/O with support for integrated PCI Express Gen 3 and USB 3.0.

 

While the Intel® Atom™ processors don’t include Intel vPro technology, they do share Intel® Rapid Start Technology with 3rd generation Intel Core processors. This feature speeds up resume time from deep sleep for an “always-on” feel. The latest Intel Atom processors also include the Intel® Boot Loader Development Kit which allows designers to create customized initialization firmware to reduce boot-up times to less than a second. This can be an important differentiator in the retail market where digital signage users want signs that start up right away.

 

Off-the-Shelf Digital Signage Players

Good examples of signage players using these processors to enable the right performance for the right application are plentiful from the Intel® Intelligent Systems Alliance. Which should be no surprise—the 200-plus members of the Alliance collaborate closely with Intel to create hardware, software, tools, and services to speed such solutions to market. I have space to highlight just a few examples.

 

The NEXCOM NDiS 167 (see Figure 2) is a powerful digital signage player based on 3rd generation Intel® Core™  processors. It offers impressive performance on full HD videos with support for smooth 1080P video playback on three independent displays. Its tough steel chassis uses an aluminum top cover for heat exchange. Connectivity  options include two RJ45s for 10/100/1000Mbs Ethernet and a Mini-PCIe for an optional WLAN module. Storage includes a SATA 2.5” hard drive and a SATA disk on module (DOM).

 

Nexcom NDiS 167.jpg

Figure 2. NEXCOM NDiS 167

 

NEXCOM also offers a low power digital signage player, the NDiS 126 (see Figure 3), based on the Intel® Atom™ processor D2700 . It provides a variety of outputs for video (1 HDMI, 2 HDMI, or 1 HDMI and 1 VGA), audio outputs, dual GbE Ethernet with optional wireless connectivity, and a SIM Card slot for 3.5G radio connectivity.

 

nexcom NDiS 126.JPG

Figure 3. NEXCOM NDiS 126

 

Another good example of a digital signage player based on the Intel Atom processor N2000 and D2000 series is the DFI DS910-CD (see Figure 4). Featuring two display outputs (HDMI and DVI-I), this economical unit provides 1920 x 1200 resolution, smooth video playback at full HD 1080P video, and supports both Microsoft Windows* 7 and Windows 7 Embedded.

 

DFI.JPG

Figure 4. DFI DS910-CD

 

Getting back to 3rd generation Intel Core processor-based systems, Kontron has recently debuted the KOPS800 series player (Figure 5) that is available as an evaluation kit optimized for speedy time to market. It comes pre-validated for use with a Microsoft Windows Embedded operating system and Intel® Audience Impression Metric (Intel® AIM) Suite based on Anonymous Video Analytics (AVA) software. Add a content management system, display and sensors, and this open pluggable specification (OPS)-based modular solution is ready to simultaneously play high-definition video while gathering valuable viewer demographics. Enable its Intel® vPro technology, and you can design a system of hundreds of digital signage players that can be managed and updated remotely while maintaining a high level of security.

Kontron KOPS800.JPG

Figure 5. Kontron KOPS800 series

 

Many more examples of digital signage players using both Intel® Atom™ and Core™ processors can be found by using the Intel Intelligent Systems Alliance Solutions Directory. What I hope I’ve shown you is that whether you’re designing retail digital systems for the low-end or high-end, the place to start is by looking for solutions using the latest Intel processors. That’s always the way to get the best performance and performance per watt,  as well as the newest bells and whistles that will make your solutions stand out in the marketplace.

 

manageability[1].pngFor more on managing and securing intelligent devices, see intel.com/p/en_US/embedded/innovation.

 

retail[1].pngTo learn more about bringing intelligence to digital signage and other retail devices, see Digital Signage - Top Picks

 

Kontron is a Premier member of the Intel® Intelligent Systems Alliance. NEXCOM and DFI are Associate members of the Alliance.

 

Mark Scantlebury

Roving Reporter (Intel Contractor), Intel® Intelligent Systems Alliance

Associate Editor, Embedded Innovator magazine

SDN at IDF

Posted by charlieashton Sep 18, 2012

The Intel Developer Forum conference always covers a wide range of technologies and products, reflecting Intel’s influence and footprint across the whole high-tech industry. Last week’s IDF in San Francisco was no exception, with major topics such as the Haswell architecture, ultrabooks, all-in-ones, Windows 8, advanced graphics and security all being heavily promoted and receiving masses of press coverage.

However, despite all the attention on these laptop, PC and server topics, it was interesting to see that a large number of attendees were clearly focused on high-end networking and communications technologies. I attended several technical sessions on Software Defined Networks (SDN), packet processing and networking trends. Each was packed, with the presentations themselves being followed by intense Q&A sessions indicating strong interest in these areas.

In our booth, we discussed how 6WIND’s software solutions address critical performance challenges for SDN, in both mobile infrastructure and cloud infrastructure applications. We explained the enhancements that we have developed for Intel’s Data Plane Development Kit (DPDK) software. Many attendees picked up a copy of the white paper that we recently authored with Intel, titled “Optimized Data Plane Processing Solutions using the Intel DPDK”, available here.

Overwhelmingly, the conference attendees that I talked to believed that the SDN concept has enormous potential, both in terms of improving network manageability and enabling a new class of network applications. Several representatives from mobile operators confirmed that they expected to achieve significant OPEX savings through the application of cloud networking concepts to their core networks (the much-discussed mobile-cloud convergence trend). And I talked to some data center experts who confirmed our view that there are two key points in the data center where high-performance data plane processing is required: the network appliances in the aggregation layer and the virtual switch on the application server blades.

Throughout all these conversations, it was clear that there’s still significant uncertainty about exactly how the various SDN concepts will be adopted. While there’s widespread agreement on the benefits that SDN provides compared to traditional network architectures and implementations, there’s little consensus in terms of when specific product categories will be introduced or what additional standards (beyond OpenFlow and OpenStack) need to emerge for truly widespread deployments.

It’s obvious, however, that investment dollars continue to pour into SDN companies, judging by the number of startups that were at IDF to investigate what other SDN companies in the ecosystem are doing and to explore partnership opportunities.

With most of the SDN companies currently focused on control plane orchestration and management technologies, it was encouraging to see so much interest in 6WIND’s solutions for solving the key data plane performance challenges. The networking data plane is the basic foundation on which advanced data center architectures are built and high-performance data plane software such as 6WINDGate™ is key to the overall throughput and latency of the data center.

At 6WIND, we will continue to work with other SDN companies, including many that we met this week, to ensure that 6WINDGate interfaces efficiently and synchronizes seamlessly with the appropriate control plane, orchestration and management solutions, thereby providing operators with the full benefits of interoperable, high-performance SDN implementations.

Were you at IDF last week? What were the key SDN trends, topics and issues that you observed?

Mobility in health care represents a win-win-win for health care providers, insurers, and patients by simplifying information exchange, reducing costs, and improving patient health and outcomes. Embedded technology vendors are also looking to cash in on the mobile health (mHealth) trend by offering small, portable, consumer-type devices with fast processing capabilities and multiple connectivity options tailored to meet the specific needs of the medical market.

 

But the potential rewards mHealth promises to deliver come with risks and trade-offs that all involved parties must be willing to address, especially considering the high stakes of the health care field. Just as HIMSS leaders recently urged Congress to protect patient privacy and security by developing a nationwide patient data matching strategy, embedded technology companies are similarly tasked with the challenge of designing their connected devices to be secure and resistant to attacks that could jeopardize critical health data.

 

One way to help ensure security in embedded designs is by leveraging the advanced technologies provided in the 3rd-generation Intel® Core™ processor architecture. The Ivy Bridge platform supports Intel® Trusted Execution Technology (Intel® TXT), which offers malware protection by validating component behavior at start-up, as well as Intel® Virtualization Technology (Intel® VT), which enables applications to run in secure partitions that prevent unintended software interactions. Combining these technologies creates a secure, virtualized platform that verifies the integrity of a virtual machine prior to launching an application.

 

Wind River works closely with Intel to develop embedded platforms equipped with virtualization hardware-assist and other features that safeguard mobile medical devices from security threats. In the following interview, Santhosh Nair, general manager of intelligent platforms at Wind River, shares his perspective on how mHealth has introduced opportunities along with security risks and other complications and discusses how Wind River and Intel are striving to overcome these challenges with innovative techniques for protecting mobile medical designs.

 

RR: How has the mobile trend in health care opened new opportunities for growth in the embedded market?

Nair: The mobile trend in health care has opened up significant market opportunities for innovation and lowering the cost of health care. Specifically, consumer-based devices like blood pressure meters, thermometers, and tablets are getting integrated with the regulated hospital-based equipment, which requires qualifying and/or securing consumer-based devices to perform basic health monitoring and reporting. This creates the need for a hardware platform that can multiplex between safety-critical operations and non-critical operations, which can be done through the basic building blocks of silicon, operating systems, and middleware. We see this as a prime opportunity for embedded vendors like Wind River to excel in this market.

 

RR: What security risks does this increasing mobility pose for devices that help maintain and monitor patients’ health?

Nair: mHealth adoption requires companies to take a hard look at their core strategies. Products need to be designed to work well with other products and they must be secure, hence the need to design for safety/security. Patient data privacy and data integrity are paramount when we deploy devices for chronic disease management, aging independently, and health and wellness. In addition, this information has to seamlessly flow into the larger database of patient health records.

 

Decision making and treatment options depend greatly on getting this right. As the connected health ecosystem gets more complex, so does the opportunity for errors and misuse. Malware and viruses need to be top of mind for device manufacturers because their devices are going to be deployed in networks that are not necessarily controlled. Designing for security across the ecosystem and at various layers of the device is critical.

 

RR: How does the mobility requirement complicate medical device design issues such as interoperability and regulatory compliance?

Nair: Devices are increasingly required to integrate and exchange data with other devices or monitoring systems in centrally managed networks. Interoperability, not just basic connectivity, is necessary to ensure optimal outcomes. This means devices must be adaptable to the interoperable standards at play in the hospital or home to enable optimal workflows. Today, lack of interoperability is a contributing factor to the increasing cost of health care, and unfortunately there are very few incentives that enforce interoperability.

 

In addition, the mHealth world is polarized as to whether or not to regulate the devices. If the complete mHealth system is regulated, that exacerbates the task at hand for the regulators and could even affect innovation.

 

RR: How can embedded vendors address the security risks and other challenges that accompany mobile medical designs?

Nair: Wind River and Intel are collaborating on a reference design for a mobile therapeutic device (see Figure 1) that combines Intel’s high-performance multicore processing technology with Wind River virtualization software, enabling multiple operating systems and applications to run on a single, scalable hardware device.

image004.pngFigure 1: This mobile therapeutic device reference design developed by Wind River and Intel will be on display at the AdvaMed 2012 conference next month in Boston.

 

Today’s therapeutic devices must perform multiple tasks with multiple applications. To enhance the security of the device and assure continuous availability, it is essential to separate safety-critical applications, such as dosage calculations or flow control, from non-safety-critical applications. Virtualization allows critical and non-critical applications to run independently in separate hardware partitions controlled by an embedded hypervisor.

 

The design leverages the COM Express form factor to allow scalability across different types of devices, from Intel® Atom™ to Intel® Core™ processors. This secure partitioning makes the device less vulnerable to external threats and tampering. Each application can be designed to run on a different operating system protected by its own partition, rather than relying on a single operating system for all the applications. If a malware breach occurs in any part of the system, its effect on other parts of the system can be limited. This essentially provides performance security for the modality.

 

Read this post and view this webinar for more info on Wind River’s holistic approach to securing platforms for medical devices. And check out this new white paper to discover the issues that software developers should consider when choosing Linux for medical devices.

medical.pngTo learn more about delivering quality health care with secure devices, see intel.com/go/embedded-medical.

security.pngFor more on securing connected devices, see intel.com/go/embedded-security.


Jennifer Hesse

OpenSystems Media®, by special arrangement with Intel® Intelligent Systems Alliance


Wind River is an Associate member of the Intel® Intelligent Systems Alliance.

Last week’s Intel Developer Forum was full of great resources for embedded developers.  The technical sessions offered tons of learning opportunities – if you weren’t able to attend, I recommend browsing the session PDFs. The showroom floor was also packed with cool new products. Here are my top picks:

 

Digi International’s iDigi Device Cloud – I thought Digi’s machine-to-machine (M2M) demo was the coolest product of the show. This demo lets you control a dollhouse-scale building from a remote Anrdoid phone. In addition to offering remote controls like turning lights on and off, the Android app lets you set up scenarios. For example, you can set an energy budget and receive automatic alarms if the energy use is too high.

 

M2M wide fix.jpg

 

I like the demo for two reasons. First, it was a great showcase for the power of M2M. The tiny building was impressively wired—everything from the lights to the door locks to the security cameras was online. Despite the complex setup, monitoring and controlling the building was simple thanks to the intuitive app. It was easy to imagine all the myriad was you could use the app to cut costs, improve security, etc.

 

The demo also showed that setup up an M2M system can be surprisingly easy. The demo was based on the Kontron M2M Smart Services Developer Kit, which runs Wind River Linux 4.1 on an Intel® Atom processor.  The Digi representative at the booth told me that building client software fort the kit was a snap thanks to the robust OS. He could just develop everything on a Linux desktop and simply move the software to the M2M kit when everything was done. Easy as that!

 

Wind River* Intelligent Device Platform – building on the theme of M2M, Wind River’s new software development environment brings together a full set of tools and ready-to-use components built specifically for M2M. Built on Wind River* Linux*, the platform features M2M middleware from both Wind River and independent software vendors (ISVs). The platform is particularly noteworthy for its rich set of device management tools, such as OMA DM for 3G devices and TR-069 for cable devices like routers and gateways.

 

idp-stack-diagram-large.jpg

 

In principle, you could assemble all of these components yourself. However, it can be a major challenge to identify the best components, integrate them, and support them over the life of the product. The Wind River platform simplifies these challenges by giving you a pre-integrated, pre-validated package with single-vendor support – and Wind River believes it is the first to offer a package with such a high level of integration. Even better, Wind River plans to release a product with Kontron and Digi in a month that will combine the platform with field-ready hardware and cloud apps.

 

The platform is also notable for its compatibility with the Intel® Intelligent Systems Framework, which I covered last week. There were lots of other Intel Intelligent Systems Framework-compatible products at the show, including:

 

 

Radisys RMS-220 Network Appliance – in this impressive demo of policy enforcement for mobile networks, Radisys showed that it could do 20-30 Gbs deep packet inspection (DPI) with a mere 50% CPU loading, leaving plenty of headroom for applications processing. I’ve been reading a lot lately about the packet processing on Intel® architecture, so it was great to see this in person. I also learned a number of surprising facts about the RMS-220. As you can see from the photo below, nearly all the major components are field replaceable units (FRUs), including the storage, power supplies, and most of the I/O. Even the fans are right up front – Radisys did a hot swap while I was at the booth to show how easy it is to service the high-availability platform. Plus, the appliance has patent pending thermal management. Add in the short 20” depth and NEBS compliance, and you have a great solution for carrier-grade service.

 

product-rackmount-RMS220-back.jpg

 

Crystal Forest – we’re still waiting for the official announcement, but we got to see a bit more of Intel’s next generation communications platform, codenamed Crystal Forest. My top pick was the SSL acceleration demo. This demo showed how adding a single “Cave Creek” accelerator to an off off-the-shelf server dropped CPU loading from 70% to 20% for a 15 Gbps load.

 

SSL.jpg

 

The Crystal Forest platform couples Intel® architecture processors with a new Cave Creek accelerator. You can also use Cave Creek separately as a PCI* Express (PCIe) accelerator to upgrade existing platforms, as was done in this demo. Intel also had a quad-Cave Creek PCIe board on hand that was said to reduce CPU loading to essentially zero for 15 Gbps SSL encryption.

 

There were plenty of other Crystal Forest preview products on hand, including two ATCA blades from Emerson. I am working on an article that will reveal the details of these products and explore the details of the Crystal Forest platform. To be the first to receive these details, subscribe to the Embedded Innovator.

 

Advantech, Emerson, Kontron, Portwell, and Radisys are Premier members of the Intel® Intelligent Systems Alliance. Dell OEM and Wind River are Associate members and Digi International is a General member.

 

 

Kenton Williston

Roving Reporter (Intel Contractor), Intel® Intelligent Systems Alliance

Editor-In-Chief Embedded Innovator magazine

Follow me on Twitter: @kentonwilliston

As the embedded systems grow increasingly interconnected, fragmentation is becoming a major problem. Consider a service station with pumps, point-of-sale (POS) systems, digital signage, and surveillance cameras. If each system uses a unique platform—which is often the case—connecting everything to the cloud can be a major headache. Now expand the problem to an entire chain of stations, which have installed incompatible systems at different points in time. Integrating all of these systems can be nigh-impossible.

 

The new Intel® Intelligent Systems Framework solves the problem with a set of interoperable solutions that can scale across applications. The framework brings together hardware, OSs, and software for connectivity, security, manageability. The new approach promises to lower deployment costs, ease integration, and enable innovative services. The end goal is an easier, faster path to making buzzwords like Machine to Machine (M2M), Internet of Things (IoT), and Big Data a reality.

fragmentation.png

(Click to enlarge)

 

So what is the Intel Intelligent Systems Framework? One way to think of it is a set of recipes for connected devices. Intel has specified key ingredients than can be flexibly combined, including:

 

  • Processor platforms (including Intel® Atom™, Intel® Core™ and Intel® Xeon® )and related tech like Intel® vPro and Intel® TXT, as well as a range of I/O for flexible communications
  • OSs including Microsoft* Windows*, Wind River* Linux*, and Wind River* VxWorks*
  • Security including McAfee Embedded Control and McAfee Deep Defender
  • Remote manageability capabilities that support third-party management consoles

 

In addition to identifying the key functionality, Intel is ensuring the compatibility of compliant solutions. It has already certified systems from members of the Intel® Intelligent Systems Alliance including Advantech, Dell, Kontron, Portwell, and Wind River.

 

In addition to these key ingredients, Intel is working with system vendors, ISVs, and system integrators to create cloud-to-device services that build on the framework. Wind River and Digi International have already announced solutions, and additional solutions are scheduled to launch over the coming months from Arrow, Avnet, Axeda, and WebHouse. Intel’s vision is to enable rapid deployment across a wide range of industries including retail, smart grids, medical, communications, transportation, and manufacturing.

cloud.png

(Click to enlarge)

 

Earlier today I spoke to Adam Burns, Director of Marketing for the Intelligent Systems Framework. Adam pointed out that deployment is typically 5X the cost of the systems itself. Reducing deployment costs can launch you on a virtuous cycle of continuous innovation. The way Adam sees it, the reduced costs free up budget to implement new, innovative features—and these new features can generate extra revenue for even more innovation. What’s more, building on the Intel Intelligent Systems Framework saves you from reinventing the wheel on every project, leaving more time to focus on new things.

 

Returning to the service station example, Adam noted the benefits that accrue from connecting everything together. When the pump is connected to inventory data, you can make sure it is advertising items that are actually in stock. And when you bring the POS data into the loop, you can see how successful the pump ads were in driving additional sales.

 

Adam pointed out three practical ways the service station could benefit from the Intelligent Systems Framework:

 

  • If a device is connected, it needs to be secured. Integrating multiple security solutions into the backend will drive up costs—it is better to have a unified solution across the board.
  • Having universal security and manageability features drives down total cost of ownership (TCO). For example, service calls are expensive, but the remote manageability in Intel® vPro has a small marginal cost. That gives the technology a very quick return on investment (ROI).
  • Being able to quickly deploy the basic technology allows developers to focus on new services and opportunities. For example, the service station could add weather data to its pump adds so the pump would promote umbrellas during storms and sunglasses when the skies cleared.

 

The launch of the Intelligent Systems Framework is clearly a significant move for Intel and its partners in the Alliance. I expect that we will be hearing a lot more about this framework in the coming months, and I look forward to learning more as the story unfolds.

 

interoperability.pngTo learn more about building interoperable, standards-based solutions, visit intel.com/go/embedded-interoperability

 

Advantech, Kontron, and Portwell are Premier members of the Intel® Intelligent Systems Alliance. Dell and Wind River are Associate members and Digi International is a General member.

 

 

Kenton Williston

Roving Reporter (Intel Contractor), Intel® Intelligent Systems Alliance

Editor-In-Chief Embedded Innovator magazine

Follow me on Twitter: @kentonwilliston

It’s one thing to have your Facebook account hacked – you might unknowingly confuse and/or tick off a few friends – but consider the potentially dire consequences of having all your private medical data stolen, lost, or in some insidious way exposed to the world.

 

Data security is a huge concern in the medical field, where devices and systems store and communicate information vital to monitoring and sustaining patients’ health. The risk of violation has proven to be widespread, as 477 data security breaches compromising the medical records of about 21 million patients have been reported to the Office for Civil Rights under the U.S. Department of Health and Human Services since 2009.

 

All medical devices and systems that interoperate inside and outside hospital and clinic ecosystems must be designed with security in mind to prevent unauthorized access, eavesdropping, and session hijacking that could result in irreversible damages such as patient data loss, theft, and breakdown, says Ryan Phillips, database lead engineer at ITTIA.

 

“Data management security is a fundamental expectation of applications developed for medical devices, as data must be protected both at rest on the device and during communication,” Phillips says. “But who bears responsibility for data security? All components of a device must employ a security-conscious design, from the application and embedded database down to the hardware.”

 

On the hardware side, embedded designers can make their devices more secure by integrating 3rd-generation Intel® Core™ processors. Besides offering faster performance and greater power efficiency than previous-generation processors, the Ivy Bridge architecture supports Intel® Trusted Execution Technology (Intel® TXT), which protects IT infrastructures from malware by validating the behavior of key components within a server, PC, or medical computing device at start-up. Ivy Bridge further boosts security by providing Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI) to accelerate data encryption and Intel® Secure Key to generate high-quality keys for cryptographic protocols.

 

An embedded database likewise demands the integration of authentication and encryption technologies such as AES, Salted Challenge Response Authentication Mechanism (SCRAM), and Secure Sockets Layer/Transport Layer Security (SSL/TLS) to secure data storage and distribution, Phillips says. To enable medical devices to store and access information intelligently and securely, an embedded database must meet important technical criteria, including:

 

  • Reliable storage that recovers from errors and unexpected power failure
  • Adherence to standard interfaces for compatibility with existing systems
  • Data distribution features such as replication and synchronization with back-end Relational Database Management Systems (RDBMSs)
  • Rigorous testing to ensure that data is protected in all circumstances
  • Fast performance for insert, update, search, and sort operations
  • Low memory footprint

 

The ITTIA DB SQL embedded relational database (Figure 1) can fulfill these requirements in a distributed data environment such as a hospital by delivering high data availability, replication, synchronization, and other intelligent data management capabilities. With support for both heterogeneous and homogeneous distributed databases, ITTIA DB SQL can share data between devices and communicate with back-end RDBMS products such as Oracle and Microsoft SQL Server. ITTIA DB SQL protects this data with Atomic, Consistent, Isolated, and Durable (ACID) transactions and stores it securely on a device with AES encryption.

ittiadb-architecture-no-platform.png Figure 1: ITTIA DB SQL embedded relational database

 

“When combined with the Trusted Platform Module (TPM) key-generation feature and the AES-NI instructions of Intel® TXT, the ACID transactions ensure that data cannot be tampered with or stolen from the device,” Phillips says. “And because many medical devices run without a monitor and keyboard, Intel® Active Management Technology (Intel® AMT) makes it possible to install security updates and administer the device remotely.”

 

In addition to protecting data with encryption technologies, an embedded database must order writes to storage media to recover from unexpected power loss, a common problem with medical devices that are battery-powered. ITTIA DB SQL performs automatic recovery whenever a database is opened and relies on hardware to write changes to the database in a specific order. If the hardware can write each block of data atomically, the database can save data more efficiently.

 

When the ITTIA DB SQL database is shared among multiple tasks, special processor instructions are used to protect internal data structures from race conditions that could corrupt memory or crash the application. Using atomic increment, compare, and exchange instructions, the database software can efficiently serve multiple threads and processor cores.

 

Besides these security features, ITTIA DB SQL offers other data management capabilities that are particularly useful in medical applications:

 

  • Provides a consistent architecture for persistent data storage, making it easy to add new features and migrate application code to a new environment
  • Enables scaling throughout the entire life cycle of an application
  • Allows data to be saved reliably in a format that is easily shared with a back-end server
  • Reduces total cost of ownership and provides shorter time to market by enabling developers to focus on core application development

 

Data management is just one aspect that must be considered when determining how to secure embedded systems used in the medical field. Read this white paper to discover a layered security approach that enforces security policy from the CPU to the application software, and download this recorded webinar to learn five ways developers can secure a distributed system without compromising real-time performance.

medical.png



To learn more about delivering quality health care with secure devices, see intel.com/go/embedded-medical.

security.png


 

For more securing connected devices, see intel.com/go/embedded-security.



Jennifer Hesse

OpenSystems Media®, by special arrangement with Intel® Intelligent Systems Alliance


ITTIA is a General member of the Intel® Intelligent Systems Alliance.

With this week’s announcement that 6WIND has become a member of the Open Networking Foundation, it’s an appropriate time to explore the critical networking performance challenges that are faced by data center operators and discuss how the 6WINDGate™ software addresses these problems.

The traditional data center networking architecture, which was based on segregated aggregation, access and virtual switch layers, is migrating to a flat networking model in which the aggregation and access functions are consolidated onto physical and/or virtual appliances that use the same hardware platforms as the application servers. At the same time, the application servers now embed more and more Virtual Machines (VMs), becoming network nodes themselves and implementing virtual switches.


Image 1 for ONF blog.png

For the aggregation and access layers, functions such as ADCs, firewalls, IPSs and UTMs require a very high performance, rich networking software layer able to distribute high bandwidth network traffic to a large number of endpoints (application servers and appliance VMs) with very low latency. In addition, a single instance of a virtual network appliance must be fully scalable across processors, blades and racks, avoiding the cost and complexity of instantiating multiple virtual appliances as bandwidth requirements increase.

The networking stack within a standard Operating System such as SMP Linux is unable to deliver the performance or scalability required for these network appliances. To address these needs, specialized packet processing software is required and the 6WNDGate software has proven to be an ideal solution. Delivering 10x the performance of a standard Linux networking stack, with unlimited scalability and full support for standard hypervisors, 6WINDGate enables the developers of both physical and virtual network appliances to deliver products optimized for emerging data center architectures and based on general-purpose processors.

In the case of the application server blades, the new data center architecture brings four major networking challenges:

First, the number of VMs per blade is increasing rapidly, leveraging on-going improvements in the performance of the processors used on those blades. Today, a typical server blade hosts around 20 VMs, with that number expected to grow to hundreds within a few years. Because of this growth, the data center network needs to expand beyond its current limit at the Top-of-Rack, to the point where a virtual switch on each server blade is used to distribute the increasing volume of network traffic to virtualized applications. This implies the need for a high-performance virtual switch solution that is not constrained by the I/O performance limitations of standard hypervisors.

Second, adding to the networking load now placed on server blades, multi-tenant architectures serving applications for multiple users require traffic engineering (ACL, tunneling, QoS etc.) to be performed at the server edge in order to provide users with individual, differentiated services. This requires advanced packet processing functions running at high performance in a virtualized environment.

A third challenge for virtual switches is that the growing number of VMs per blade makes high-bandwidth VM-to-VM communication (VM2VM) mandatory. However the standard hypervisor virtual switch that allows communications between VMs limits VM-to-VM bandwidth and does not scale well.

Finally, in order to isolate and secure VM2VM in a multi-tenant architecture, VM2VM requires routing, firewalling and load balancing services that extend beyond the basic Layer 2 features provided by a typical virtual switch.

As in the case of the network appliances, a standard Operating System networking stack does not provide the performance or features to address these virtual switch challenges. The 6WINDGate software, however, provides the required advanced networking protocols and hypervisor performance enhancements, while delivering the raw networking performance necessary to accommodate ongoing growth in both North-South and East-West traffic.

By addressing these critical problems in the aggregation, access and virtual switch layers, 6WNDGate is rapidly gaining traction as a solution for data center networking subsystems.


Image 2 for ONF blog.png

Other reasons for the use of 6WINDGate in these applications include its compatibility with emerging control plane standards such as OpenFlow and OpenStack, as well as its integrated support for High Availability configurations that provide Carrier Grade reliability for enterprise-class data centers.

The networking data plane is the basic foundation on which advanced data center architectures are built and high-performance data plane software such as 6WINDGate is key to the overall throughput and latency of the data center. 6WINDGate interfaces efficiently and synchronizes seamlessly with advanced control plane architectures, providing operators with the full benefits of an SDN implementation.

From more information, please request the white paper “High-Performance Networking Software for Cloud Infrastructure”, available here.

Filter Blog

By date: By tag: