OS and Cloud agnostic, Legacy and DevOps friendly
Leading egde router/firewall, central management
HW root of trust, Encrypted updates, Remote Attestation, Cyber defense
Unique control point, Central database Store OS updates, OS Settings, VM Images, System information
The micro cloud concept is shaping the world of embedded software and networking with virtualization coming to the FAR edge. Thanks to the SEC-Line firmware, the embedded computer becomes a versatile secured platform, able to consolidate multiple software workloads inside a single equipment using virtual machines. This approach to computing for the 'far edge' is also called UCPE ( Universal Customer Premises Equipment ). A micro cloud can run independant software stacks securely in each Virtual Machine, allowing old and insecure software to share the same computer with modern orchestrator driven payloads and software defined networking.
The router/firewall/cyber layer is used to filter and protect all communications in/out of VMs and via the rest of the HW interfaces. All settings are managed by IT network and security experts, remotely via OpCenter configuration templates database, or locally using the embedded GUI pages
In this example, a blade of a parallel real time computer can run virtual machines. This board extends the main company cloud. The computer designer keeps control of the rest of the system architecture and real-time performance while letting one board to be operated as a cloud computing instance for the IT infrastructure, extending the main cloud at the edge, able to run centrally orchestrated payloads.
In this use case, Genetec video recorder and preprocessor runs as a virtual machine within the security protection bubble featured by SEC-Line. Bare metal performance is guaranteed with VM direct access to the storage devices.
While systems deployed in the real world are always connected, they are exposed to attacks and must be continuously monitored, secured and maintained. Deployments can involve hundreds of computers, a challenge which requires specific tools to achieve security, operational efficiency and business agility.
Protecting applications and OS stacks with a unique combination of leading edge technologies.
On-premises console of SEC-Line from which secure firmware updates and all settings can be managed from a single operation point for large computer fleets.
Protecting customer software against cyber threats with a hardware enforced secure firmware.
Systems powered by SEC-Line offer an augmented version of OpenWrt with a rich GUI used to manage hundreds of settings. All the settings can then be captured from SEC-Line remote management console in a single operation as a settings template. Templates can then be used by fleet operators to rebuild or duplicate a unit without the need for experts.Explore SEC-Line GUI ( user: guest passwd: guest ) Request a guided demo
Kontron products 'Powered by SEC-Line' feature:
Confidentiality, integrity and availability are digital security requirements SEC-Line is answering with hardware enforced root of trust and software techniques such as Secure Boot.
Manage fleets of computers. Update SEC-Line firmware and settings from a single point.
Kontron OpCenter management console
is delivered as a VM image to run on an infrastructure server.
From this point, computer SEC-Line firwmare can be updated, and their numerous network and security settings captured
and stored in a database of settings archives.
From it, settings can later be applied after device replacement at a simple click of a button in OpCenter.
OpCenter can also import asset information from higher level management platforms, avoiding manual data entry for device creation. It can also export all the fleet data to other corporate tools in various formats.
Visit OpCenter and Browse the GUI. Monitor SEC-Line computers in our showroom.
Recommended reading: go to the On-Line documentation (in the help menu on the top right).
Attend a tour of OpCenter, manned by your Kontron sales engineer. See the GUI menus used to monitor computers status, to backup and restore their settings, etc.Request a guided demo
With its standalone design, it aims at 'on premises' operation and is compatible with any IOT solution, or application stack selected by the customer.
Users can monitor remote systems and command updates of their firwmare, while restoring their network and cybersecurity settings. Secure and reliable operation is enforced via encrypted channels protocols designed to operate on very intermittent connections often found in mobile operations (trains, airplanes, etc.)
OpCenter allows on premises management of all the critical data needed by computers in the fleet, allowing easy rebuilt or replacement of a unit. Running as a standalone VM inside any infrastructure server, it maintains:
According to the software payload profile required by the use case, choose the computer according to its performance.
Kontron firmware based on OpenWrt allows IT architects to implement the approved network security policy right into embedded computers like standard firewall/router equipment.
Their network policy is then captured in per-system "Settings profiles" in the on premises OpCenter for audits and re-use. This allows OT to deploy it further into new equipment without requiring network expert IT knowledge at the installation site.
Embedded computers for Legacy applications often come with old versions of OS and libraries.
The virtualization layer of Kontron firmware is used to protect and deploy them unmodified with their initial OS.
The security comes from the hardware root of trust protected firmware which runs them in virtual machines augmented with modern firewall and
multi-zone router and cyber defense mechanisms.
This allows OT teams to continue using old stacks and safely deploy in modern, always connected mission profiles, with almost no code development. The firwmare is regularly updated to circumvent discovered vulnerabilities, while the application and its OS can remain the same.
Thanks to virtualization, IoT stacks can deploy on top of Kontron SEC-Line, side to side with existing applications.
The hypervisor strictly controls the ressource consumption of each VM and container
and the router/firewall is used by infrastructure engineers and network architects to distribute the data and the control flows within the computer
and towards the selected physical connectors.
This allows a single computer to replace several existing systems without cabling redesign.
The TRACe family is a product range of fanless EN50155 railway computers offering easy customization to meet application-specific requirements. Designed to ensure stable operation in harsh environments and is ideal for any rolling stock system from Passenger Information Systems to Video Streaming & Storage Servers, Network Video Surveillance and Train Management Systems.
They now offer versions powered by SEC-Line which run complete software stacks inside virtual machines, secured through an embedded secure firewall / router layer. SEC-Line systems are also managed as a fleet via a unique management console.
The Kontron ACE Flight™ family is a line of products designed to support the digital transformation of commercial avionics. Some models are now powered by SEC-Line firmware offering leading edge secure firewall / router features and optional virtual machines on the more powerful server units. Their firmware updates are remotely managed by the SEC-Line fleet management console: OpCenter, which can also capture all the unit cybersecurity, hypervisor and network settings to manage them from a unique control point.
Blog articles Part 1:When two wolrds collide: Why Edge Computing is disrupting the current IT/OT status quo when it comes to security Part 2: The future of secure embedded computing Part 3: Securing your company's embedded computing future