Skip navigation

Archive

5 Posts authored by: brandonlewis

In the Information Age it has become more of a requirement than a luxury that everything is Internet enabled, as we see connectivity being incorporated in structures, automobiles, and even accessories. In the industrial space, however, the need for connectivity presents problems that don’t exist in other verticals, principally because many industrial networks were intentionally designed to be closed/private environments. As a result, industrial networks often don’t have cyber protections commonly found in the IT world, and therefore many of the systems and devices that comprise these networks aren’t equipped with the resources to even run everyday AntiVirus (AV) software.

 

While these and other security issues – such as protecting remote devices – pose significant challenges for industrial device manufacturers and network administrators, Intel and the 250+ members of the Intel® Internet of Things (IoT) Solutions Alliance are working to mitigate threats through both hardware-assisted and software-based security. In conjunction with Intel, Associate Members of the Alliance McAfee and Wind River Systems are providing cyber threat prevention through software and middleware solutions that run on Intel silicon with Intel® vPro Technology, enabling comprehensive security for Industrial Control Systems (ICSs) from the edge to the cloud, and back again.

 

Industrial edge devices – resource constraints and hardware-level security

At some point in 2007, an operator at a uranium enrichment facility inserted a USB memory device infected with the Stuxnet malware into an ICS running a Windows Operating System (OS). Over the next three years, the Stuxnet worm propagated over the facility’s internal network by exploiting zero-day vulnerabilities in a variety of Windows OSs, eventually gaining access to the Programmable Logic Controllers (PLCs) on a number of Process Control Systems (PCSs) for the facility’s gas centrifuges. Stuxnet then injected malicious code to make the centrifuges spin at their maximum degradation point of 1410 Hz. One thousand of the facility’s 9,000 centrifuges were damaged beyond repair.

 

The above illustrates the risks associated with connected industrial systems, as their lack of protection enables malware to spread throughout ‘clean’ industrial environments much more quickly than they would in enterprise environments. In the case of Stuxnet, a rootkit-based attack was used to conceal the malware for an extended period of time so that it could proliferate throughout the Natanz nuclear facility nearly unimpeded (Figure 1).


Fig1.png

 

Figure 1. A rootkit is a type of malware that eventually makes its way underneath the core Operating System (OS) to the middleware layer and manipulates code to conceal its presence and alter system code/code calls.

 

 

To mitigate the effects of rootkit-based attacks like Stuxnet, McAfee Deep Defender is a hardware-assisted AV solution built on McAfee DeepSAFE technology co-developed with Intel. Available on Intel® Virtualization Technology (Intel® VT)-enabled 64- and 32-bit processors, Deep Defender works in conjunction with DeepSAFE to provide clamshell-type OS protection that resides between the OS and system memory (Figures 2 & 3). Deep Defender employs an AV component to continuously monitor the CPU and block kernel-based rootkits before they can load, even working beyond the core OS to detect, block, and remediate advanced attacks. In addition, leveraging Intel VT-x provides additional defenses in that virtualization allows malwares that have compromised a system to be effectively quarantined to certain portions of the network.

 

Fig2.png

 

Figure 2. Intel® Virtualization Technology (Intel® VT-x) rides on top of a system’s hardware architecture to perform Operating System (OS) and application monitoring, as well as enhanced control of CPU primitives.

 

 

Fig3.png

 

Figure 3. McAfee Deep Defender works in conjunction with McAfee DeepSAFE technology to protect the middleware layer between the Operating System (OS) and system memory to detect and block malware before they can load with the kernel.

 

 

As mentioned earlier, one of the limitations facing security in fixed-function embedded devices is the typical size of an AV package, which is usually around 300 MB, consumes more than 20 MB of memory, and increases boot time by about 20 seconds. For most industrial systems, this amount of overhead for a single application is a non-starter.

 

To eliminate cyber threats while still managing the resource constraints of industrial devices, all Intel Architecture (IA) platforms support application “whitelisting” through McAfee Embedded Control (Figure 4). Where most conventional AV security is implemented through a “blacklisting” approach in which programs that are known to be malignant are prevented from running by AV software, application whitelisting takes the reverse approach by only allowing predefined, ‘known good’ applications to run. By shielding applications and binaries at the kernel level, the application whitelisting feature of McAfee Embedded Control prevents malware and zero-day exploits and minimizes the need for frequent OS security patches on systems nearing End-Of-Life (EOL). This allows Original Equipment Manufacturers (OEMs) to lock down firmware images for control and monitoring, and because application whitelisting is low-overhead software with negligible memory usage and no file scanning, it has little-to-no impact on system performance. For legacy systems application whitelisting can be delivered as a McAfee Embedded Control upgrade package, and can be included on new IA-based device deployments.

 

Fig4.png

 

Figure 4. McAfee Embedded Control provides application ‘whitelisting,’ which prevents any program from running that has not been defined for a particular system. The small-footprint package is an ideal solution for fixed-function industrial devices, particularly as they typically don’t require the software flexibility needed in IT environments. When excluded programs attempt to access the system, they are denied and the event is logged in McAfee ePolicy Orchestrator (ePO).

 

 

Enacting Security through Industrial Gateways

McAfee Embedded Control is one component of the recently announced family of Intel-based intelligent gateway solutions, which also comprise the Wind River Intelligent Device Platform (Wind River IDP), a scalable software development environment for building industrial Internet of Things (IoT) gateways. Wind River IDP integrates the whitelisting capability of Embedded Control, and also extends device side security by providing secure boot with a hardware root of trust based on IA processors equippedwith Intel® Trusted Execution Technology (Intel® TXT). Intel TXT is another Intel vPro Technology-enabled hardware-based solution that protects against software-based cyber attacks through a sequence:

 

Verified Launch -> Launch Control Policy (LCP) -> Secret Protection –> Attestation (Figure 5)

 

Fig5.png

 

Figure 5.  Intel®Trusted Execution Technology (Intel® TXT) conducts a Verified Launch, Launch Control Policy (LCP), Secret Protection, and Attestation process to provide a Trusted Platform Module (TPM) that can be used to securely boot industrial devices.

 

 

This sequence establishes a Trusted Platform Module (TPM), which Wind River IDP uses for a secure boot process that verifies applications haven’t been tampered with or replaced during device power on and firmware startup, all the way until the OS loads. IDP provides integrity monitoring of the kernel to ensure that programs requesting to run on a device are in fact the ‘real’ applications, doing so through a variety of trusted boot techniques that include:

 

• Conducting TPM measurements of firmware, boot loader, kernel, and all associated configuration data before use

Storing TPM measurements using a hardware root of trust (when available)

• Verifying that TPM measurements are consistent and as expected

 

Secure boot also provides secure storage through an encrypted local file system and secure key management using the TPM to offer seal/unseal key protection. Figure 6 depicts a trusted boot implementation in an IA-based platform.

 

Fig6.png

 

Figure 6. Secure boot with the Wind River Intelligent Device Platform (IDP) establishes a hardware root of trust in a Trusted Platform Module (TPM) to ensure a trusted boot process from power-on through firmware startup until the Operating System (OS) loads.

 

 

Where available, Wind River IDP also uses TPM hardware supported by the OpenSSL TPM engine to conduct secure backend network communications. In typical SSL or TLS-based network communication where data transported during the handshake period is encrypted for a peer’s public key prior to the exchange, IDP stores private keys in the TPM chip so that it can never be extracted or used for decryption on any other platform. This guarantees that exchanged data can only ever be received by the correct peer as it ensures that only the correct peer has the private key required to decrypt it. In addition, IDP provides an image signing tool that verifies device-side software updates are only done with validated images; remote attestation; and Secure Remote Management (SRM) that offers secure, role-based access control to device data. Figure 7 depicts the security mechanisms that can be used to protect different areas of the IDP software stack, and thus the industrial devices it runs on.

 

Fig7.png

 

Figure 7. Wind River’s Intelligent Device Platform (IDP) provides hardware root-of-trust security based on Trusted Platform Modules (TPMs) based on Intel® Trusted Execution Technology (Intel® TXT) as well as secure network communications using TPM-enabled OpenSSL encryption, among other software security provisions.

 

 

Securing industrial networks – from edge to cloud and back – in the IoT age

As industrial systems are increasingly required to add connectivity to perform their basic functions, comprehensive cyber security measures – rooted in both hardware and software – will be critical to guaranteeing not only data security, but the physical integrity of devices themselves. In response, members of the Intel Internet of Things (IoT) Solutions Alliance like McAfee and Wind River Systems are leveraging the hardware-assisted security provisions of processors such as the Intel® Core™ vPro processor family and the Intel® Xeon® processor E5-2600, E5-1600, and E3-1200 product families to build software and middleware security solutions for centralized image management, secure network storage, and out-of-band protection – on both sides of the firewall.

 

To learn more about cybersecurity solutions from Intel and the 250+ members of the Intel Internet of Things (IoT) Solutions Alliance, visit the Solutions Directory.

 

Brandon Lewis

OpenSystems Media*, by special arrangement with the Intel® Internet of Things (IoT) Solutions Alliance

Follow me on Twitter: @BrandonLewis13

 

McAfee and Wind River Systems are Associate Members of the Intel® Internet of Things (IoT) Solutions Alliance.

 

 

Learn More

Contact Featured Members:

Solutions in this blog:

 

Related topics:

Looking around a typical factory you will find various assortments of equipment from different places and different times, all organized in close proximity. While these systems have performed their individual functions in an isolated capacity to date, factory operators are now driven to connect much of this equipment – regardless of form, fit, or function – to the cloud in order to capitalize on the productivity benefits of the Internet of Things (IoT).

 

Connecting this wide range of diverse equipment presents many deployment challenges, however, as the mix of new and legacy systems in industrial plants often presents a connectivity challenge in the form of a number of different communications protocols. The “connected factory” increases in value exponentially with every device so a failure to increase connectivity and advance applications creates a competitive disadvantage, but simply replacing legacy systems to achieve a standard means of communications is also an unrealistic Capital Expenditure (CAPEX).

 

To solve this challenge, Digi International, Eurotech, and Wind River Systems, all Associate Members of the Intel® Internet of Things (IoT) Solutions Alliance, have developed highly flexible software solutions to integrate legacy industrial systems into the connected factory. From modular components to factory-ready industrial systems, Intel and the 250+ members of the Intel® IoT Solutions Alliance provide the connectivity, manageability, and security developers need to create smart, connected systems. Close collaboration with Intel and each other enables Alliance Members to innovate with the latest technologies, helping developers drive legacy industrial components into the IoT.

 

Driving Intelligence and Application Evolution at the Edge

As mentioned, creating a system of systems in an already functioning plant is first and foremost an interoperability challenge not only because of inherent differences between systems, but also due to the large presence of legacy equipment (See Figure 1). In order to integrate both new and legacy systems in the larger context of the IoT, intelligent gateways capable of managing multiple, disparate communications methods are required so that different protocols can be converted to IP for cloud data exchange, which enables a complete data picture of plant operations.

 

Recognizing the need to federate data locked in edge systems, Wind River Systems’ Intelligent Device Platform 2.0 (IDP 2.0) provides a scalable, sustainable, and secure development environment for building IoT gateways that includes ready-to-use components designed for Machine-to-Machine (M2M) application development. Equipped with an array of connectivity options for both wired and wireless networks such as IoT protocol MQTT, Bluetooth, Wi-Fi, ZigBee, and other short-range wireless protocols, IDP 2.0 also facilitates remote management through OMA DM and TR-069 (See Figure 2). To promote functionality across application domains in both full-featured and resource-constrained devices, the gateway platform also enables development in Java, Lua, and OSGi environments to provide flexible, portable, and scalable applications in evolving industrial settings.

 

Fig2.png

Figure 1. Effective Inter of Things implementations combine both legacy and new equipment into a “system of systems” that yields Intelligent analytics.

 

Fig1.png

Figure 2. The Wind River Systems Intelligent Device Platform 2.0 (IDP 2.0) facilitates edge connectivity through a suite of communications and management protocols.

 

Also confronting the challenges of scalable application development, the Eurotech Everywhere Software Framework (ESF) provides a middleware solution that enables developers to build applications on a hardware-abstracted platform that can adapt to changing market demands. Combining a Java Virtual Machine (VM), Java Native Interface (JNI), and the OSGi framework, the Eurotech ESF approaches device drivers like services, as opposed to resources, which allows them to be implemented using simple APIs so that low-level Operating System (OS) code or configuration files do not need to be modified (See Figure 3). In addition to full integration with the Eclipse Integrated Development Environment (IDE), this abstraction affords developers the opportunity to write sophisticated applications using standardized open software that can be easily ported to and from third-party devices. Once written, applications can be easily connected with the Eurotech M2M platform using Eurotech’s end-to-end Everywhere Device Cloud (EDC).


Fig3.png
Figure 3. The Eurotech Everywhere Software Framework (ESF) provides a hardware-abstracted middleware layer for scalable application development.

 

Connecting Directly to the Cloud

Normally when we speak of legacy equipment, the assumption is that the device is fixed and neither its hardware or software can be modified, hence the need for an intermediate gateway for cloud connectivity. However, in instances where software can be upgraded and for those devices a connectivity solution from Associate Member Digi International gives legacy hardware a means of accessing the cloud.  Provided that the hardware is equipped with the necessary connectivity components, Etherios Cloud Connector integrates a software element on top of a networking stack that enables devices (with the exception of those using SMS-based communications methods) to connect to the cloud. Available in an extremely small footprint, the Etherios Cloud Connector enables cloud access for multiple device types – from traditional embedded systems to those operating in Android and Kinetis environments – precluding the need for a gateway solution. For embedded developers, Etherios Cloud Connector offers a simple set of ANSI-C-based source code and configuration tools that support any operating platform for two-way cloud-to-device messaging and control (See Figure 4). Outfitted with device management and troubleshooting tools, as well as remote file system management functionality, Cloud Connector provides a secure means of connecting to the cloud that can be downloaded free of charge.  In addition to upgrading legacy equipment, Cloud Connector is applicable for new device development.

 

Fig4.png

Figure 4. The Digi International Cloud Connector is a small footprint solution that enables any device operating platform to establish two-way communications with the cloud.

 

In with the Old

Though a complete retrofit of industrial facilities is not an option in most cases, connecting factory assets to the IoT is a business imperative. Utilizing software solutions from members of the Intel IoT Solutions Alliance enables developers, system integrators, and executives alike to realize the connectivity improvement and application enhancement necessary for the productivity gains of the connected factory by bringing legacy systems into the IoT age without breaking the bank.

 

To learn more about industrial connectivity solutions from Alliance Members, visit Intel® Internet of Things Solutions Alliance.

 

Brandon Lewis

OpenSystems Media*, by special arrangement with the Intel® Internet of Things (IoT) Solutions Alliance

Follow me on Twitter: @BrandonLewis13

 

Digi International, Eurotech, and Wind River Systems are Associate Members of the Intel® Internet of Things (IoT) Solutions Alliance.

 

Learn More

Contact featured members:


Solutions in this blog:

 

Related topics:

Balancing power and performance is a challenge that industrial system designers face as much as any other embedded developer. But what happens when integrated graphics and connectivity demands begin to be placed on industrial platforms? Developers will need a compute option capable of next-generation performance that also provides the flexibility to meet current application needs.

 

Responding to industrial systems’ need for high performance in a flexible package, the recently released 4th generation Intel® Core™ processor (Haswell microarchitecture) integrates a wide range of SKUs and new features that enable developers to cope with a changing landscape. This Roundtable discussion with Vibhoosh Gupta of GE Intelligent Platforms, and Dan Demers of congatec provides an overview of the Haswell microarchitecture’s benefits, while also considering how scalability within the Intel® product family is pushing computing “closer to the idea of common platforms.” Edited excerpts follow.

 

vibhoosh gupta.jpg

 

Vibhoosh Gupta, Product Management Leader, GE Intelligent Platforms

 

DD-conga.png

Dan Demers, Director of Marking – America, congatec, Inc.

 

Intel Roving Reporter: What is driving the need for increased performance in industrial computing, and what does this mean for system designs?

 

Vibhoosh Gupta, GE Intelligent Platforms: Industrial systems are performing more tasks and doing so more quickly, more accurately, and in harsher environments than ever before. They are becoming connected tools with substantially more computing and communication capabilities, allowing them to interoperate with other devices. According to a 2011 Ericsson study, 50 billion machines will connect to the Internet by 2016. As these billions of machines join the connected world, appetite for higher processing will continue to evolve.

 

Dan Demers, congatec: Previously cabled systems are going wireless, and, of course, are now being connected to the web more and more: the Internet of Things (IoT). An example application is industrial tablet PCs being used for multiple tasks versus single tasks. This drives the industrial tablet to perform at higher levels than many previous platforms, and also takes into consideration thermal and power designs much more. Connectivity and security are being addressed more as well.

 

Oftentimes, the demand for higher clock speed and graphics capabilities not only means a higher cost silicon platform, but also increased challenges in packaging the platform in a portable, lightweight design. It is definitely a balancing act, especially if a previous design is based on two or more separate subsystems that make up the entire product (for example, a brick-type PC or enclosure accompanied by a standalone LCD and standalone input device).

 

RR: How does the Intel's Haswell microarchitecture enable designers to meet the challenges of these systems?

 

Dan Demers, congatec: The Haswell microarchitecture is a very scalable platform. This certainly helps designers fine-tune their applications and systems to get the most out of the silicon. The recently announced Haswell microarchitecture system-on-chip (SoC) designs help address not only overall size, but cost as well. The performance of the integrated graphics is certainly something that cannot go unmentioned. When you add that to the fact that multicore processing is standard, the Haswell microarchitecture is a very compelling story for designers. Security is also addressed. We continue to see higher levels of integration from Intel, and this helps designers more easily and economically implement aspects into their designs (Figure 1).


Screen Shot 2013-09-24 at 6.54.10 PM.png

Figure 1. Intel's Haswell microarchitecture integrates a variety of features that allow designers to easily integrate advanced functionality into their designs.

 

Intel® Turbo Boost Technology is something that comes to mind right away. When the application needs it, the Haswell microarchitecture boosts to deliver the extra performance. The Haswell microarchitecture has a long list of advanced technologies that help to balance power and performance (Intel® Hyper-Threading Technology, Intel® Virtualization Technology, and so on). The scalability of the Haswell microarchitecture also increases the likelihood that designers will find the right SKU for their system; in other words, a SKU that has the right amount of performance and power draw for their scenario.

 

The most grueling applications are obviously going to focus on the higher end of Haswell microarchitecture offerings. At congatec, we see a lot of demand for the Intel® Core™  i7-4700EQ processor SKU. It is where many designers start their benchmarking and performance data gathering (Figure 2). There is often that inherent desire to have the latest, greatest, and fastest. As development continues, many customers hone in a little tighter to their true requirements. It really depends on the application and performance requirements.

 

congaTS87.png


Figure 2. The conga-TS87 is a Type 6 COM Express Basic module based on the 4th generation Intel® Core™ i7 processor for industrial applications that require high-end performance.

 

Vibhoosh Gupta, GE Intelligent Platforms: The performance requirement for industrial systems varies by application. While some applications require better graphics engines, others require more highly integrated chipsets. One thing they all have in common that is emerging is a demand for higher performance and lower power.

 

There are two general trends that seem to be converging for this class of CPU:

 

1) Low-end embedded control applications, such as engine control, are adding Graphical User Interfaces (GUIs) and beginning to use multiple cores for some of the real-time functions that previously ran on dedicated Programmable Logic Controllers (PLCs).

 

2) From the high end, more and more applications are starting to meet their processing needs by using 4th generation Intel® Core i3/i5/i7 processor-class CPUs as opposed to server-class CPUs. This makes system design much more attractive, enabling cost savings on multiple fronts.

 

The biggest challenge is finding the correct balance between power, performance, thermals, real estate, and cost. The flexibility to scale performance/cost with pin-compatible 4th generation Intel Core i3/i5/i7 processors allows embedded engineers to meet application-specific power/performance balances (Figure 3).

 

GEVMESBC.png

 

Figure 3. The rugged XVR16 6U VME Single Board Computer (SBC) from GE Intelligent Platforms is based on a quad-core 4th generation Intel® Core™ i7 processor in the same power envelope as its predecessor, making it ideal for image and digital signal processing applications.

 

RR: What are your projections for the future of industrial systems, and how is the Intel product line ensuring industrial designs keep pace?


Dan Demers, congatec: I fully expect to see the drive to reduce size and power while increasing performance to continue. Higher levels of integration will continue to happen. Flexibility is something that I see increasing as well. By this, I mean that more and more industrial systems will operate multiple functions to really make an impact on return on investment (ROI) and true cost of ownership. We only have to look at how flexible a product like an Apple iPad* is when consider the number of “things” it can do.

 

The opportunity identified is so large that Intel must focus resources on it. There is a lot of data to mine and a lot of devices that want to talk to each other. Creating a scenario where hardware, software, and tools simplify the means of understanding all of the data seems daunting, but there is so much to be gained. Intel is spending a lot of time and resources educating designers and the public about the Intelligent Systems Framework. It is inherent that they will continue to design platforms to fill all of the areas in the chain. Think about the massive amount of scalability in platforms that Intel offers today – this is enabling a situation where we get closer to the idea of common platforms.

 

 

Learn More

Contact Featured Alliance Members:

 

Solutions in this blog:

 

Related topics:

 

congatec and GE Intelligent Platforms are Associate members of the  Intel® Internet of Things (IoT) Solutions Alliance.


Brandon Lewis

OpenSystems Media*, by special arrangement with the Intel® Internet of Things (IoT) Solutions Alliance

Follow me on Twitter: @BrandonLewis13

As robotics continue to replace humans on the factory floor, MV (Machine Vision) technology has become industrial automation’s new lens. Applications like motion control and quality assurance require high-resolution image analysis from these new “eyes” on the assembly line, and must execute with extreme precision to ensure optimized manufacturing processes. Released in June, the 4th generation Intel® Core™ processor (codenamed Haswell) leverages enhancements that meet the needs of demanding MV systems, including up to  2x graphics performance over previous generations and features like the Intel® Advanced Extensions 2.0 (Intel® AVX 2.0) instruction set, which doubles signal and image processing performance. As a result, several Intel® Internet of Things (IoT) Solutions Alliance members have introduced off-the-shelf products for use in MV system design.

 

Get Your Graphics Inside

Though most of today’s MV technologies rely solely on 2D image analysis, 3D imaging has started to emerge for certain industrial applications. Supporting both markets, 4th generation Intel Core processors incorporate Intel® HD Graphics Technology into the die of Intel's Haswell microarchitecture to realize up to 60 percent improvement in 2D/3D graphics performance. For example, certain BGA (Ball Grid Array) variants integrate GT3 ( Intel® HD graphics 5000) GPU cores that provide 40 graphics execution units at only 15 W TDP.

 

Industrial building blocks have already begun leveraging the enhanced graphics performance of the 4th generation Intel Core processor. For instance, NEXCOM, an Associate member of the Intel IoT Solutions Alliance, offers the ICES 670 COM Express Basic module with various graphics engine options supporting DX11.1, including the GT1 and GT2 integrated graphics (See Figure 1). The ICES 670 can accommodate processors up to 45 W, and combines Haswell microarchitecture performance with the Intel® QM87 Chipset for graphics-intensive applications. Compliant with Revision 2.0 of the COM.0 specification, the ICES 670 supports the Type 6 pinout to allow for expansion via 1x PCIe x16 lanes, 7x PCIe x 1 lanes, 1 Gigabit Ethernet (GbE) interface, either 4 USB 3.0 or 8 USB 2.0 lanes, and the choice of 2x SATA 3.0 or 2x SATA 2.0 ports. In addition, three DDIs (Digital Display Interfaces) can be implemented through DisplayPort, eDP (embedded DisplayPort), DVI, HDMI, or VGA/LVDS interfaces (via the Platform Controller Hub - PCH - bridge chip), making the ICES 670 a viable subsystem solution for HMI (Human Machine Interface) platforms as well.

ICES670.jpg

 

Figure 1. The NEXCOM ICES 670 Type 6 Basic COM Express module supports two different Intel® HD graphics engines for intensive imaging and analysis applications.

 

Intel® Advanced Vector Extensions 2.0 Floats More Image Processing Punch

For industrial system designers, the most significant enhancement of 4th generation Intel Core processors may be the expansion of the AVX instruction set. Sometimes called “Haswell New Instructions,”  Intel® AVX 2.0 instruction set extends most integer vector processing to 256 bits (thereby doubling workload throughputs from 128 bits), and introduces fully pipelined FMA3 (three- operand Fused Multiply-Add) on two ports for SIMD (Single Instruction, Multiple Data) and floating-point scalar operation. For precision MV, FMA3 support increases accuracy and doubles peak floating-point performance for imaging applications by rounding only once during multiply-add workloads. Some of the features and benefits of Intel AVX 2.0 are outlined in Table 1.

-1.jpg

Table 1. Intel® Advanced Vector Extensions 2.0 adds significant floating-point performance and throughput enhancements for MV applications.

 

Intel AVX 2.0 is supported on all 4th generation Intel Core processors, so MV benefits can be leveraged from any available industrial subsystem that supports the Haswell microarchitecture. dfi-itox, another Associate member of the Alliance, has released the industrial-class HD101-H81 Mini-ITX motherboard that enables Intel AVX 2.0 technology, but also includes Microsoft DirectX Video Acceleration (DXVA) to accelerate video processing tasks (See Figure 2). Ten graphics execution units are leveraged from the motherboard’s processor (GT1), which combines with the new Intel® H81 Chipset to support the new LGA 1150 socket (Socket H3). The Intel H81 Chipset enables the HD101-H81 to support the 2x USB 3.0 and 6x USB 2.0 interfaces that accompany 1x PCIe x16 lanes and 1 Mini PCIe slot, 2x SATA 3.0, 2 Gigabit LAN ports, and 2 COM expansion sites. The PCH enables three displays through 24-bit dual channel LVDS, and HDMI and DVI-I interfaces that can offer resolutions up to 1920 x 1200.

HD101-H81.jpg

Figure 2. The HD101-H81 Mini-ITX motherboard from dfi-itox combines Intel® Advanced Vector Extensions 2.0 technology with DirectX Video Acceleration and the Intel® H81 Chipset to optimize video processing tasks.

 

ADLINK introduced a familly of industrial-grade products based on the 4th generation Intel Core processor market in June, including the NuPRO-E42, a PICMG 1.3 full-sized SHB (System Host Board) (See Figure 3). Capable of core speeds up to 3.1 GHz, the NuPRO-E42 is also equipped with the Intel® Q87 chipset, another chipset that accompanied the Haswell microarchitecture release. The Intel Q87 chipset brings Intel® Clear Video HD Technology to the SHB, allowing video decoding and post processing to be offloaded to GPU cores, as well as PCI Express 3.0 support that provides the SHB with 8 GTps communications through one x16 lane interface. Additional I/O connectivity on the NuPRO-E42 comes by way of 6 USB 3.0 ports with 5 Gbps data transfer rates, another 6 USB 2.0 ports, 1 PCI Express x16 lanes and 4x PCI Express x1 lanes, 4 PCI, and 6 COM ports. 4 SATA interfaces with 6 Gbps transfer rates, Intel® Rapid Storage Technology (Intel® RST).supporting RAID 0/1/5/1+0, along with two sockets of 16 GB DDR3 1333/1600 MHz memory also highlight the NuPRO-E42, tailoring it to industrial applications that require multitasking and high-speed data transfer.

WEB_UPLOAD_FILES000021620.jpg

Figure 3. The NuPRO-E42 includes the  Intel® Q87 chipset, bringing Intel® Clear Video Technology and PCI Express 3.0 support to the SHB.

 

Seeing 20/20 with Haswell

These products are just a few of the 4th generation Intel Core processor family solutions released by members of the Intel IoT Solutions Alliance that can be put to work in MV applications, with integrated graphics and Intel AVX 2.0 instructions just two of the enhanced features Intel® processors with Haswell microarchitecture can provide industrial engineers. If you are ready to begin implementing “Core eyes” in your MV system, the Solutions Directory can help identify form, fit, and function matches to your design goals.

 

Learn More

Contact Featured Alliance Members:

Solutions in this blog:

Related topics:

ADLINK, dfi-itox, and NEXCOM are Associate members of the Intel® Internet of Things (IoT) Solutions Alliance.


Brandon Lewis

OpenSystems Media*, by special arrangement with the Intel® Internet of Things (IoT) Solutions Alliance

Follow me on Twitter: @BrandonLewis13

“Always-on” Internet services are becoming critical to the small and medium business (SMB) sector. Not only are these businesses increasingly data-driven, they depend on reliable Internet access to deliver functions such as voice communications, streaming video and social networks. Security is an integral part of reliability – both for preventing denial-of-service (DoS) and other attacks that can disrupt service, and for creating the confidence necessary to leverage advanced services. Performance is important too -- security and advanced services require specialized processing that is poorly suited to a standard server environment.

 

All of this adds up to a growing market for network appliances that can deliver reliable, advanced Internet services on a budget the SMB market can afford. This is a tough set of requirements, but new Type VI COM Express* modules based on the Intel® Atom processor D2000 and N2000 series (formerly codenamed “Cedar Trail”) are helping meet the need in several ways:

 

•Power consumption

•Performance

•Price and time to market

 

Turning down the power

One requirement of all network appliances is their size; these devices often need to squeeze into crowded server rooms. Nor should they consume power in any way other than a low, steady, and durable manner. From a reliability standpoint, the key concern is the Thermal Design Power (TDP) – the amount of power that a system disperses for cooling to keep processors from reaching or exceeding their maximum junction temperature. Traditionally, most server rooms must be maintained at a temperature of no more than 21º C (71º F), any higher and server chips could blow, right along with a network’s availability. Many SMB server rooms The challenge is even tougher for SMB server room, which often have menial air conditioning that can be easily overwhelmed by the heat thrown off by new equipment.  Thus, keeping power down is essential to ensuring reliability.

 

To address the power problem, Alliance member Portwell introduced the PCOM-B218VG, a dual-core COM Express module that supports the new Intel® Atom™ processors.  These new processors move to a 32 nm process for a 16 percent clock boost over their 45 nm predecessors and a TDP of as low as 3.5 W (using the 1.6GHz Intel® Atom™ N2600 processor). Further, Portwell adjusted their network appliance’s power design to support Deep Sleep states, which when enabled, can drive power consumption under .3 W. Depending on the application, customers can adjust the Deep Sleep mode to attain high levels of system performance or scale down for basic system computing. This huge savings in power consumption predicates a reduction in heat, affording the reliability needed to support high availability (HA), even in the face of demanding applications.

 

PCOM-B218VG-v.jpg

 

Turning up the performance

Certain applications which may have designers waiting for the ‘but’ moment are those of network storage and Network Video Recording (NVR). NVR, which has become a software mainstay in networking applications for their use in the storage and remote viewing of video, is one such Application Program (AP) that is pushing the limits of software analysis and data integration from the terminal side.  With the increased graphic requirements of NVRs and other such APs, the reasonable assumption would be that power consumption would have to be scaled up dramatically to support these applications.

 

However, the Intel Atom processor D2000 and N2000 series integrate Intel’s Graphics Media Accelerator 3600/3650 graphics engine, which provides power-optimized performance for up to two streams of 1080p MPEG2/WMV9/H.264 video, Blu-ray video, and DirectX 10.1 graphics. The processor also boasts Intel® Streaming SIMD Extensions (Intel® SSE) for optimal multimedia processing and sensing/analytics. These features are supported by up to 4GB DDR3 1066 MHz memory for large, bandwidth-demanding files. All of this performance is provided at the cost of a maximum of 15 W, allowing the demands of next-generation networking to be met in the architectures of today.

 

Another, and perhaps the most significant ability of the PCOM-B218VG, is its application in data security. The 24-7 networks of today process inordinate amounts of data, particularly with the recent explosion in mobile data usage, but this data must remain uncompromised by hackers. For that purpose, Portwell endowed its latest Type VI COM Express module’s firmware with built-in security capabilities for system monitoring such as a cryptographic hash tag function, Flash protection, and ATA secure erase, all while maintaining at the lowest of power consumptions.

 

Harnessing the current

Besides the interoperability advantages granted by the PCOM-B218VG’s LVDS, HDMI, VGA, and DisplayPort interfaces, it is packaged in the widely used COTS COM Express architecture. The benefits of the COM Express form factor are widely known and leveraged, particularly for its compact size (the PCOM-B218VG measures a mere 95mm x 95mm) and rich I/O interfaces such as PCIe, USB, and SATA, among others. This allows for the easily implementation of Type VI COM Express modules into existing network systems at low cost, maximum interoperability, and the assurance of Portwell’s long-lifecycle support. Specifically, the PCOM-B218VG is a complete module ready for end-user include into carrier boards without the cost and deployment risks associated with in-house CPU board development. This solution reduces time to market and validation efforts, all while maintaining the simplicity and flexibility to of a product roadmap that is designed to be upgraded or replaced when future generations of Intel processors are deployed, which in turn extends the application lifecycle.

 

More information on the PCOM-B218VG can be found in Portwell Introduces PCOM-B218VG COM Express Module using Intel “Cedar Trail” (Atom D2700/N2800) for Military, Medical, Industrial and Networking Applications, and in-depth coverage of Cedar Trails video processing ability is available in Warren Webb’s Embedded Add-Ons Extend Image Processing Performance. Talk to you soon.

Filter Blog

By date: By tag: