FROM THE EDITOR

Digital Signage Computing

Platforms Get Modular www.embeddedintel.com

Vice President & Publisher

Is Intel anticipating that digital sign displays wont need Clair Bright
Editorial
upgrades as much as computing performance? Editor-in-Chief
Lynnette Reese
[email protected]
Managing Editor
By Lynnette Reese, Editor-in-Chief, Embedded Intel Solutions Anne Fisher
[email protected]
You may have noticed that many food menu boards, health club schedules, and signs in convention
Senior Editors
centers, hospitals, and even churches are now on large digital displays rather than permanent signs. Chris Ciufo
Its easier to change the content, but its about to get easier. Digital signage has a new tool in a modular- Caroline Hayes
minded computing platform. Traditionally, if software outgrows computing power, you get a whole David Bursky
Gabe Moretti
new system. But what if you could swap out the computing platform like a game cartridge?
Creative/Production
Production Trafc Cordinator
Earlier in 2017, Intel announced a family of Compute Cards, each of which has a processor, onboard Marjorie Sharp
storage, memory, wireless connectivity, and flexible I/O. Upgrading performance means a new Graphic Designers
Compute Card, not a whole new computing platform, which also means less for the landfill. An Intel Nicky Jacobson
Simone Bradley
Compute Card is a bit longer than a small stack of credit cards at 95mm x 55mm x 5mm, but its got Senior Web Developers
all of the elements of a full computer. Companies can make docks for all kinds of application-specific Slava Dotsenko
products, since Compute Cards bring the entire computing platform in as a single component. Mariam Moattari
Advertising / Reprint Sales
Meanwhile, Intel has created a 19V dock with an HDMI v1.4 port, Mini DisplayPort 1.2, a LAN RJ-45 Vice President, Sales
port with 10/100/1000 Mbps Ethernet controller, and three USB 3.0 ports. Some will wonder how this Embedded Electronics Media Group
Clair Bright
is much different from a USB stick. You can boot to an operating system from a USB stick, but USB sticks [email protected]
dont have processors. Imagine going to a library with your personal computer card; your desktop and (415) 255-0390 ext. 15
software settings are there, you dont have to clean the browser cache when you leave, and your applica- Sales Manager
Elizabeth Thoma
tions are all there and run as expected. This is one of those why didnt I think of that products. [email protected]
(415) 244-5130
Digital signs with cumbersome existing physical installa- Marketing/Circulation
tions will find upgrading easier. Imagine updating the digital Jenna Johnson
signage systems in New York Times Square to accommodate [email protected]

Figure 1: The Intel Compute Card and Dock.
Intels four Compute Cards provide various levels
of performance. (Credit: Intel)
new software in various layers of the stack that enable revo- To Subscribe
www.embeddedintel.com
lutionary new programming features. The display would stay,
and the Compute Card would be changed out for one that can
handle the increased performance requirements. In an Intel
press release dated May 30, 2017, Intel stated that there were Extension Media, LLC
a large number of partners currently working on [dock] solu- Corporate Ofce
tions that include Dell, HP, and Lenovo. A whole President and Publisher
range of products can be offered, allowing end Vince Ridley

[email protected]
users to start at the low end and buy up to higher (415) 255-0390 ext. 18
performance later on. Guaranteed effective Vice President & Publisher
upgrades can be shipped on a slim Compute Card, Clair Bright
[email protected]
negating the need to negotiate perceived failures
Human Resources / Administration
due to inadequate platforms with customers who Darla Rovetti
might be better at managing retail than man-
aging an upgrade to their chic electronic displays. Special Thanks to Our Sponsors

Applications dont stop at digital signs and kiosks.

Table 1: The Intel Compute Card presently features four levels
of performance. Intel is also releasing the Compute Card Device
Design Kit, a set of guides and reference designs that are avail-
able via Intels Classied Design Information (CDI) portal for any
customer under NDA.
The Compute Card is proposed for use with Internet
of Things (IoT), tablet-based systems, interactive
whiteboards, intelligent vending machines, mobile
video production, smart TVs, robotics automation,
security systems, point-of-sale systems, and all-in-
one PCs that are easily upgraded.

Successful applications always get upgraded with more sophisticated software that pushes the perfor-
mance envelope. Can Intel patent the concept of a compute-platform-as-a-cartridge? Will motherboards,
in general, shrink to small modules worldwide? As of this writing, the Intel Compute Card has not yet
been officially released, but should be out soon, as advance demonstration models have been sent out.
Lynnette Reese is Editor-in-Chief, Embedded Intel Solutions and Embedded Systems Engineering, and has been working in
various roles as an electrical engineer for over two decades.
Embedded Intel Solutions is sent free to engineers and embedded developers
in the U.S. and Canada who design with embedded Intel processors.
Embedded Intel Solutions is published by Extension Media LLC, 1786
18th Street, San Francisco, CA 94107. Copyright 2017 by Extension
Media LLC. All rights reserved. Printed in the U.S.

2 | Embedded Intel Solutions Fall 2017 | www.embeddedintel.com

IN THIS ISSUE

FALL 2017

DEPARTMENTS

FROM THE EDITOR DIGITAL SIGNAGE/SMART DISPLAYS

2 Digital Signage Computing Platforms Get Modular 23 What Makes an Industrial Digital
By Lynnette Reese, Editor-in-Chief, Media Player Different?
Embedded Intel Solutions By Robert Suffoletta, Logic Supply

25 System-on-Chip: Not Yet

SPECIAL FEATURES Ready for Prime Time
By Mark Boidman, Ben Zinder, and Gilbert
Baltzer, Peter J. Solomon Company

FOCUS ON INTEL
ANDROID & LINUX
6 The Passenger Economy: Challenges Ahead
27 Docker Containers Ease Cloud
By Lynnette Reese, Editor-in-Chief,
Embedded Intel Solutions
and IoT Implementation
By Lynnette Reese, Editor-in-Chief,
IOT SECURITY Embedded Intel Solutions
9 Why Blockchain May Not Reach Beyond 30 Open Source Meets Standards: A
the IP Gateway in IoT Security Platform for Fast Implementation
By Guillaume Crinon, Avnet By Dan Demers, congatec

12 When Adding IoT Devices to the

EnterpriseKeep it Secure PRODUCT SHOWCASES
By Rusty Stapp, UbiquiOS Technology

14 We have to coordinate that root of 32 ADL Embedded Solutions

trust: Q&A with WinSystems
By Anne Fisher, Managing Editor
LAST WORD
NETWORKING & DATA CENTER TECHNOLOGIES
17 Delivering Carrier Grade OCP to Telco Data Centers 33 The Eyes of the IoT Rely on
By Todd Wynia, Artesyn Embedded Technologies Processor Innovation
By Caroline Hayes, Senior Editor,
21 Jumpstart Connected Strategies Embedded Intel Solutions
By Ed Trevis, Corvalent

On the Cover:
...its key to design and plan for security upfront. I still often
see that folks will look at the feature set first and then get
down the road before they start thinking about how they
are going to secure the system. See why right sizing is part
of securing the IoT in the WinSystems interview, page 14.
Image courtesy WinSystems

4 | Embedded Intel Solutions Fall 2017 | www.embeddedintel.com

FOCUS ON INTEL

The Passenger Economy:

Challenges Ahead
As horseless cars become driverless cars, plan to see a tremendous
increase in productivity in every area that transportation touches today, and
in applications yet to be imagined.

By Lynnette Reese, Editor-in-Chief, Embedded Intel Solutions

Early Autonomous Vehicles (AVs) are here but pose grave

engineering challenges if we are to implement them in real life.
We are witnessing a moment of unprecedented transformation
in automotive history. The time when AVs are as common
as smartphones is a couple of decades or more away, but
the potential for new markets and significant increases in
productivity are seductive.

Autonomous Vehicles to Save $1.3 Trillion a Year

Morgan Stanley predicts that the U.S. alone stands to
save $1.3 trillion a year, presumably with a full-scale
implementation of AVs. Nearly $500 billion annually would
be saved in accidents due to reductions in repairs, medical
bills, and lost time, with another $500 billion in overall
productivity gains. Improvements include improved logistics,
Table 1: Average Commute Time to Work, per Day by City, as of 2013
lower fuel consumption, less traffic congestion, and personal
productivity gains (assuming the average person drives an
hour and a half each day). Time spent commuting, finding,
and paying for parking in crowded cities will
be significantly reduced as everything runs
more efficiently. Sharing vehicles means fewer
cars on the road and a lower cost of living for
individuals while maintaining autonomy. The
vision for a world with AVs includes less traffic,
better maps through detailed communications
from intelligent cars, and mobility for all. A
recently released report by Strategy Analytics
includes some tantalizing predictions, such
as lower public safety costs due to traffic
accidents that could total over $234 billion
from 2035-2045. Commuting time saved by
autonomous vehicles may amount to over 250
million hours per year for consumers in the
most congested cities1.

Once people cease to drive, what do they do? A

new market will open up, called the Passenger
Economy, a term coined by Intel CEO Brian
Krzanich. Different applications, markets,
Figure 1: Several sensors on the 2018 Audi A8 send data to the and businesses can shoot out of this inflection
autonomous driving system. (Source: Audi)

1. Intel Predicts Autonomous Driving Will Spur New Passenger Economy Worth $7 Trillion. Intel Newsroom. Intel Corporation, 1 June 2017.
Web. 26 July 2017.

6 | Embedded Intel Solutions Fall 2017 | www.embeddedintel.com


Figure 2: Estimated global passenger economy service revenues
from 2025 2050 (Source: Strategy Analytics)
point in how we carry out our lives. Consumer services such as
entertainment, advertising, and personal or financial services
might be carried out inside autonomous vehicles as people
travel to work. Intels Katherine (Kathy) Winter, Vice President
and General Manager of the Automated Driving Division,
deliberates a passenger economy and the new markets it will
incite. Its probably the smaller piece right now, but mostly
because we cant imagine what it is yet, she states. Winter
suggests that this portion of the passenger economy would
include the new services that a person in an [autonomous]
vehicle could be consuming; something [like] entertainment,
education, advertising, things like that.
As a population of drivers evolves into passengers, Intel,
working with Strategy Analytics, finds that by 2050 the
passenger economy is an estimated $7 trillion industry.1
Winter indicates that the semiconductor industry must
squeeze yet more improvement in computing power to
meet technical challenges that autonomous driving poses,
including leaving headroom for things we cannot imagine
yet. The largest factor holding the passenger economy back
will likely be social, not technical, as new laws and regulations
must be crafted. Consumer acceptance may be slower than
technologists and early adopters would like, as trust builds
Figure 3: Estimated global passenger economy service revenues by
region in the year 2050 (Source: Strategy Analytics)
FOCUS ON INTEL
in AVs and jobs are re-established in areas related less to the
actual driving and more to logistics management.
What can we expect? Winter points out the trucking industry
as one example where Mobility-as-a-Service (MaaS) will
dominate. Look at the trucking companies. Its well known
there is a shortage of truckers, people wanting to drive
long-haul trailers, and the need to move packages around is
escalatingbusiness [can take] advantage of Mobility-as-a-
Service in not having to have drivers. This is time and money
for them. The technical challenges to attaining AVs are not
small. AVs will shift the semiconductor industrys focus to
processing teraflops of data at blinding speeds to fulfill the
need for low latency, high bandwidth, and rapid throughput on
a scale that includes data creation and consumption the likes
of which we havent yet seen as commonplace.
The Technical Trinity: Car, Cloud, and
Connectivity
The picture for AVs includes the car, a cloud, and connectivity.
AVs are loaded with sensors to create enough information
on which to make split second decisions necessary to drive.
Myriad sensors are loaded onto AVs, including but not limited
to radar, LIDAR, cameras, infrared sensors, and GPS. Many
of these sensors are placed all the way around the vehicle
and work together to build the cars vision of whats going on
around it and where should it go next. Varying environmental
conditions make redundancy and overlapping data input
necessary to fuse together a knowledge that is more reliable
than mere vision as to what is going on around, behind, and
ahead of the car so that decisions can be anticipated. Changing
environmental conditions include road conditions, variations
in street layouts, random or sudden incidents involving
bicycles, pedestrians, or animals, and changing weather
conditions that can affect some sensors ability to gather
accurate data more than others. Theres a reason why Phoenix,
Arizona is such a popular testing ground for AVs these days.
Winter points out that Phoenix is laid out like a grid and that
testing engineers are pretty much counting on it being sunny.
Youre not going to see snow, youre not going to see ice. But
we need vehicles that can drive autonomously every day of the
year, not just when its sunny, not just when its not raining or
snowing, or below 32 degrees.
AV prototypes must test to optimize the right mix of sensors
for different environmental conditions. Thus, accurate sensing
in every kind of condition is part of the challenge to making
the passenger economy a reality. Why do we need all these
sensors? They all complement each other, which is kind of the
bottom line. And as we go through more and more testing, and
theres more of those vehicles out there, we are learning about
the combinations, how much redundancy, things like that,
that you actually need in the vehicle.
www.embeddedintel.com | Embedded Intel Solutions Fall 2017 | 7
FOCUS ON INTEL
Proving Grounds for
High-Performance
Computing
High performance embedded
computing (HPEC) is another area
that challenges the trinity of car/
cloud/connectivity also known
as the three Cs. Extremely fast,
low latency, high-throughput
devices that are extremely secure
are on the agenda for acceptance
and success of this pending
phenomenon. Winter comments
Figure 4: Kathy S. Winter, that today, the estimated average
Vice President and General amount of data that a person
Manager of the Intel generates in a typical day is
Corporation Automated
Driving Division. (Source: around 650 MB today. By 2025,
Intel Corporation) this figure might be nearer to 1.5
GB per day. However, AVs produce
an estimated 4,000 GB per day.
How do you get to that number at scale? Winter states that
an average vehicle thats driven an hour and half a day yields
that kind of data in the vehicle itself. This translates to a
challenge for HPEC. Today in 2017, theres probably half a
teraflop of data coming off those [self-driving] cars, on an
average day. If you go out to 2025, you think about all the
sensors, all the data, everything coming off there, look at the
computing power needed to process, that, store, share, save,
et cetera.
Other serious challenges include where and how to rapidly
store and retrieve enormous amounts of data, and how to
manage, process, save, store, and share that data from each
and every car on a scale thats beyond anything we have seen
to date for an infrastructure that stretches coast-to-coast.
Each state has differing traffic laws, landscape, and weather.
A large number of servers positioned across the nation will
handle storing data thats needed to perform deep-learning
processes, and create algorithms for use by a massive fleet
of AVs that will learn collectively from what can only be
described as each others learning experiences. And not all
data is equal. How do we decide what is safety-critical? If
safety-critical data is obtained, how do we get it to a fleet of
cars on a massive scale, and as soon as possible? Theres lots
of learning and testing to do, and as yet, communications
technology is missing a critical piece.
Connectivity
Communication is the last vital piece to work out in how the
trinity of car, cloud, and connectivity brings AVs to full scale.
Wireless 5G communication has been on the radar for some
time now as a well-needed means of upgrading cell phone
communications to much faster, higher bandwidth wireless ber of women working in STEM so she has a greater chance of
services. Intel has long recognized 5G as ideal for industrial talking about something other than football at the water cooler.
use cases, smart cities, and anything that requires super
8 | Embedded Intel Solutions Fall 2017 | www.embeddedintel.com
high bandwidth, super low latency, and wide-ranging wireless
connectivity. But Intel has found that the use case for AVs has
taken the lead for 5G, according to Winter. The autonomous
vehicle seems to be one of the forces really driving the need
for [5G], and the lead use case from what we can see. You
need a way [to communicate], and weve talked about the end-
to-end, mission critical information, that needs to be really
fast, low latency [communication]. The other piece is the pure
volume of all that data. Once 5G is out there, cars can use it to
communicate to one another, to the cloud for critical updates
both ways, and to and from surrounding infrastructure. It may
be that speed limit signs will disappear one day, replaced by
innocuous transmitters that signal the speed limit to passing
cars. Stoplights may transmit status to vehicles directly. The
anticipated 5G also adds another sensor to the car.
So How Do We Get There?
Labor costs may go down with AVs, but we will see an increase
in demand for cloud services, servers, predictive analytics,
and Internet of Things (IoT). Data collection, processing,
storage, retrieval, and analytics will be even more important
as we analyze, predict, optimize, decide and anticipate using
high-performance computing as just part of the picture. At a
full-scale implementation, the challenges of a driverless world
seem tremendous. One step at a time, building on the work
of others, is how science and technology have evolved for
centuries. What Intel has been pushing for, and what Winter
believes is critical to accelerating success, is in standards and
collaboration across the industry. Winter believes that success
is in developing talent for the task and in sharing potentially
mission-critical safety dataacross the industry, so that
every vehicle manufacturer, every fleet operator, doesnt need
to put in millions and millions of miles to understand the
safety aspects of driving autonomous vehicles. Sharing that
kind of safety data will accelerate the pace of the industry.
Additionally, shared standards mean that no one has to learn
and develop uniquely, on their own. Putting some standards
and industry-wide platforms in place will help accelerate the
entire industry. If you really think about this from a safety
perspectiveits worth doing for everybody.
Winter says that one of the most common questions she hears
is What will it take to make this happen? Winter states, To
make this happen, the biggest thing we need to do is trust and
just let go. Let go of the wheel.
Lynnette Reese is Editor-in-Chief, Embedded
Intel Solutions and Embedded Systems Engineer-
ing, and has been working in various roles as an
electrical engineer for over two decades. She is
interested in open source software and hardware,
the maker movement, and in increasing the num-
 Why Blockchain May Not Reach

SPECIAL FEATURE
Beyond the IP Gateway in IoT
Security
Is it time to walk away from the centralized architecture weve used for

IOT SECURITY
more than two decades?
By Guillaume Crinon, Avnet

Blockchain is a technology initially deployed at the heart of

crypto-currency systems such as Bitcoin or Ethereum where
the basic idea is to get rid of centralized banking systems ruling
monetary transactions. Instead, every transaction is signed by
its emitter (private key) and broadcast to everyone along with
the corresponding public key. Then, everyone is able to check
the validity of the transaction, going back in history to check
that the spender has the money, and registers it in the form of
a block mathematically chained to the previous block into a
shared and massively duplicated public ledger keeping track of all Figure 1: The Diffie-Hellman key contract established in 1975 is the
transactions to date. A public set of rules ensures that duplicated most important use of asymmetric cryptography.
ledgers are consistent with one another. Public cryptography tools
make sure that no one can corrupt past transactions in ledgers. A very efficient way to implement these concepts in the real
Distributed among participants mostly playing by the same world of low-power battery-operated sensors and gateways is
official public rules, trust is decentralized, no longer concentrated to rely on symmetric cryptography, which uses the same key
among a few banks. on both sides to encrypt/sign and decrypt/verify. For example,
mutual authentication and message integrity are commonly
To incentivize participants faced with the tedious job of checking achieved by appending each message sent with a 32-byte
others transactions and contributing to the ledger, crypto hash code (SHA256 function for instance) taking as inputs:
currencies have also engineered rewarding mechanisms yielding the message to be sent; a means to defeat replay-attacks by
a very controlled monetary creation, often referred to as mining. a third party; and a pre-shared 128/256-bit key. Message
confidentiality is usually implemented with an AES cypher
IoT Security Basics taking as inputs: the message to be sent and a pre-shared
Securing communication between two devices within a 128/256-bit key.
network relies on three ideas:

1. Mutual authentication: each device

should be able to prove its true identity
to the other.

2. Message integrity: each message sent

to the other side should be signed in a
way that prevents any interferer from
secretly changing its content.

3. Message confidentiality: option-

ally each message may be encrypted
so that only the authorized parties
understand the content. Figure 2: Exchanging public keys to compute the same AES/SHA
key on both sides

www.embeddedintel.com | Embedded Intel Solutions Fall 2017 | 9

SPECIAL FEATURE
Whereas these implementations are widely deployed in
most communication protocols such as Bluetooth, 802.15.4,
802.11, etc., only the IP-compliant ones can take advantage
of an efficient symmetric key distribution scheme called
Transport Layer Security, or TLS, formerly SSL. The other
implementations rely on more or less manual pairing, factory
pre-setting of keys, or even distribution of keys in the clear!
Efcient and Secure
It turns out that the mechanisms at work within TLS can be
IOT SECURITY
easily ported over non-IP communication protocols yielding
efficient and secure systems all the same, as demonstrated by
Avnet with the end-to-end security implementation of Visible
Things 2 between a Bluetooth sensor and an IBM cloud server.
Figure 3: End-to-end device-to-server security
In short, TLS relies on asymmetric cryptography and a
transaction invented by Diffie and Hellman in 1975, allowing
TLS to compute the same shared secret between two entities,
which are exchanging only public information. Asymmetric
cryptography works with mathematically-correlated key pairs:
One key is defined as private and should neither be shared nor
exposed, while its counterpart is public and can be distributed
to peers. When one is used to encrypt/sign, only the other one
can decrypt/verify.
Applying the Diffie-Hellman key contract to
communication session solves the
problem of securely distributing
and renewing symmetric keys in
the field, which is also how TLS over
HTTP (making it HTTPS) works:
Certicates and Trusted
Third Parties: A Centralized
Model
Swapping public keys between
devices, machines or servers
allows opening a secure channel
end-to-end between them and
implementing state-of-the-art
mutual authentication, integrity
and confidentiality. However, as
10 | Embedded Intel Solutions Fall 2017 | www.embeddedintel.com
Figures 3 and 4 show, the robot and the server willing to
open an end-to-end secure channel are often distant and
their communication has to go through many intermediaries
and networking layers, such as a Local Area Network (LAN)
gateway bridging to a Wide Area Network (WAN), and several
telecom operators.
Simply swapping public keys between robot and server
requires trusting that all the intermediaries will pass the
public key to the next level. However, they could also keep it
for themselves and pass on their own, breaking the end-to-end
tunnel into two tunnels and eavesdropping and stepping into
the conversation unnoticed, thus successfully performing a
well-known man-in-the-middle attack.
In order to solve this famous problem, the
Internet has been relying on certificates
delivered by a Certification Authority (CA).
CAs are entities trusted by everyone whose
role is to bind a public key to its owners
identity into a document they sign in turn:
the certificate.
Anyone willing to share a public key will
therefore have it converted into a certificate
first. The other party receiving the
certificate will then trust that the public
key belongs to the sender because the CA
guarantees the bond between the public key and the senders
identity.
We now have a full solution working and relying on a
centralized trust architecture built around a few CAs able to
bind in a well-protected database the unique identity of objects
and their public keys.
As long as everyone trusts these CAs and their capability to
keep their databases highly secured, the architecture holds
perfectly well.
any
Figure 4: Man-in-the-middle attack

Blockchain: The Promise of Decentralization
But the word is out that Blockchain will disrupt this scheme
very soon, allowing peer-to-peer secure communication
between sensors and devices not needing CAs anymore.
How trust could be decentralized with a Blockchain
architecture raises many questions:
1. Should all the sensors, devices, machines, servers able to
communicate globally or within an application or a vertical
participate?
2. If the idea is to get rid of CAs, would it mean that every
device could sign certificates for others or that certificates
themselves would not be needed anymore?
3. Distributing the trust would also imply distributing a trust
database in the form of a ledger. What should it contain?
Bonds between IDs and public keys or more?
4. Would every participating device be required to check the
ID of others transacting messages and registering them
into a shared ledger?
5. How would the devices described in point 4 be incentivized?
6. By which mechanism would they be capable of
synchronizing their copy of the public ledger with peers
so as to maintain a consistent ledger overall?
7. How would they efficiently store a valid copy of the
duplicated ledger locally?
With a current average of 250k monetary transactions every
day, the Bitcoin ledger has grown to 130GB since inception
in 2009 and is expected to carry on growing at a rate greater
than 50GB per year.
The process of mining new blocks, once affordable
by a personal computer, has become so demanding in
computational resources and energy because of the monetary
creation regulation mechanism that only a small number of
computer pools (less than 10 in the world, mostly in China)
now own 50% of the capacity, hence the trust of the Bitcoin
currency.
As a reminder, IoT hardware can be classified into two
categories:
1. Mains-powered: servers, gateways, high-end sensors and
actuators in addition to rechargeable devices to some extent
2. Battery-powered: low-cost sensors, actuators, tiny
gateways and rechargeable devices
SPECIAL FEATURE
Anything battery-powered and low-cost will certainly not have
the processing capability nor the energy to participate actively
in a public or private Blockchain infrastructure as previously
described. So much for secure peer-to-peer communications
between battery-powered devices.
As a consequence, a Blockchain architecture for trust and
security is likely to stop at the network edge, no further than
the gateway, provided that the gateway has processing power,
network bandwidth and a sufficiently large amount of memory
IOT SECURITY
to participate in the community job.
Conclusion: The Cost of Trust
A distributed trust architecture will not come at no cost. Some
mechanism and business-model will be needed to finance the
extra hardware, the extra cellular bandwidth, the extra energy
and earlier wearing-out of those devices and machines which
will support the computing and storage of trust processing.
Looking at the industry, I am not sure we are ready yet to
discard the centralized trust architecture the world has been
relying on since the Internet went live more than 20 years ago.
More probably, trust entities will structure themselves with a
Blockchain architecture and offer compelling business models
for their customers to collaborate in the overall maintenance
and redundancy of their trust business.
Further, Industrial IoT or Industrie 4.0 use cases will be
massively vertical and self-contained to start with, more like
Intranet of Things deployments. Therefore, its possible that
major players that everyone trusts will offer centralized trust
architectures and business models 10 years from now.
The future will tell
Guillaume Crinon is the Innovation Technical
Marketing Manager for Avnet EMEA, where he
is responsible for Internet of Things (IoT) and se-
curity strategy across Europe. He has 22 years of
experience in the semiconductor business and has
co-authored 11 international patents in wireless
systems, IC architectures and design to date.
www.embeddedintel.com | Embedded Intel Solutions Fall 2017 | 11
SPECIAL FEATURE
When Adding IoT Devices to the
EnterpriseKeep it Secure
When will IoT device developers heed the call for full circle IoT-to-IT security?
IOT SECURITY
The addition of Internet of Things (IoT) devices and
applications to enterprise IT networks is increasing the attack
surface available to hackers. Failure to secure that surface
presents a real danger to the security of the overall systems.
Traditional computing/IT systems have been working mightily
to include robust practices and standards to protect important
enterprise devices on their networks. This hasnt been the case
as much for IoT applications that increasingly must attach
to and communicate with the IT systems. That remains a
primary source for widespread concern, and it has slowed but
not prevented the increasing adoption of such devices. The risk
grows while the potential advantages of adoption are slowed.
Figure 1: IoT deployments include multiple protocols, controlled
access to the public Internet and integration with public Cloud ser-
vices such as Microsoft Azure IoT Hub, AWS IoT, and IBM Watson IoT.
According to a study by the Ponemon Institute, 75 percent
of respondents say the use of IoT apps significantly increases
security risk, with nearly the same number being very
concerned about the use of insecure IoT apps. Despite that
concern, 44 percent of respondents say their organization isnt
taking any steps to prevent attacks. For IoT device developers
to enjoy a ready market and realize maximum growth,
something needs to change.
Merging IoT Security with Enterprise Security
While IoT deployments often include architectural features
to provide security, the challenge is to smoothly integrate
them into the enterprise environment to achieve end-
12 | Embedded Intel Solutions Fall 2017 | www.embeddedintel.com
By Rusty Stapp, UbiquiOS Technology
to-end security. Among the security measures found in IoT
deployments are wireless protocols such as Bluetooth Smart,
Thread, or Zigbee, which require gateways to access the public
Internet or even the corporate intranet. The use of firewalls
and integration with public cloud services such as Microsoft
Azure IoT Hub, AWS IoT and IBM Watson IoT has also helped
secure such devices.
Such underlying connectivity technologies as Wi-Fi and
Bluetooth may well provide good security at the link layer,
but again, that security exists only among the communicating
wireless devices and the endpoints they are connected to (e.g.,
sensor, router, gateway). Now, the challenge is to provide end-
to-end security beyond the IoT endpoint all the way to the
cloud server. Ideally, this should include a root of trust based
on secure hardware. Such end-to-end security needs to address
three main concerns: authentication, integrity, and privacy.
Clearly, there is a gap between what IoT developers create and
what IT architects need.
End-to-End Security from IoT to IT
To ensure the same level of end-to-end security from the IoT
level across the enterprise, the Transport Layer Security (TLS)
protocol is the first line of defense. With origins in the Secure
Sockets Layer (SSL), TLS state-of-the-art algorithms secure a
connection between two nodes and ensure:
t
Communicating parties identities can be authenticated
using public key cryptography. This authentication can be
made optional but is generally required for at least one of the
parties (typically the server). Such authentication ensures
that the end-point connects only to the proper server, and
that the server accepts connections only from bona fide end-
points.
t
The connection safeguards integrity because each message
transmitted includes a message integrity check using a
message authentication code to prevent undetected loss or
alteration of the data during transmissioncaused either
by malicious action or unintentional corruption.

t
The connection is private because
symmetric cryptography is used to
encrypt the data transmitted. The keys for
this symmetric encryption are generated
uniquely for each connection and are
based on a shared secret negotiated at the
start of the session.
To provide the highest levels of security,
TLS relies on asymmetric public key
cryptography in which each communicating entity is assigned
a unique and strong private key, and a mathematically related
public key. The private key must be kept secure with its owner
and not disclosed to any third party. The public key, on the
other hand, may be made generally available, as it is practically
impossible to use it to determine the private key.
Public key cryptosystems structures enable two primary
operations:
t
The public key may be used to verify that the holder of the
corresponding private key signed a given message.
t
The public key may be used to encrypt a message such that
only the corresponding private key holder can decrypt it.
TLS builds on these functions to directly achieve the goals
of authentication and ensure message integrity. Privacy
is indirectly achieved by using communication under the
protection of public key encryption to establish a shared secret
that may then allow a more computationally efficient symmetric
encryption scheme to protect subsequent communications.
Secure Hardware
With TLS securing the sender, the next step is to protect
the receiving IoT end-point. For TLS to secure edge-to-cloud
communications, developers need to address the following:
t
Secure storage of the private key in the IoT end-point,
so an attacker wishing to impersonate the device cannot
retrieve it.
t
Ensuring the authenticity and validity of the public key
certificate offered by a server to which the IoT end-point
is attempting to connect.
As noted, private keys must remain known only to the IoT end-
point to ensure the overall security of the system. If compromised,
an attacker could use the private key to impersonate the IoT end-
point, intercept communications, or gain increased information
for a potential attack on the cloud infrastructure.
While modern microcontrollers and architectures often
implement mechanisms to protect non-volatile memory
and incorporate cryptographic co-processing engines,
such platforms can still be susceptible to discovery attacks
SPECIAL FEATURE
IOT SECURITY
Figure 2: Enterprise IoT applications require true end-to-end security
between the IoT end-point and the Cloud server, with typical con-
cerns including authentication, integrity, and privacy.
using measurement of dynamic supply currents or analysis
of electromagnetic emissions and cannot be considered
reliably secure. For applications with the highest security
requirements, developers should choose a hardware secure
elementa device built on tamper-resistant hardware that
implements mechanisms to:
t
Store the private key in a manner that makes it irretrievable
by all practical means
t
Perform the cryptographic operations necessary to sign
and/or decrypt data using the private key
IoT products typically have limited user interface and
frequently need to be installed and commissioned by non-
expert users. As a result, they must support provisioning
flow, which is very simple to follow, while still maintaining
security of the overall system. With the device identity and
root of trust embedded within a hardware secure element
in the IoT end-point, the provisioning process can, without
compromising security, enable the device with credentials and
details for access to the wireless network and/or gateway via
which it will access the Internet.
Designing robust security into an IoT product whether a
camera, thermostat or temperature sensor, is possible and
should be part of every designers criteria. Not only will
the use of industry standard practices provide a high-level
of protection and ease implementation in the field, it will
also provide the assurance needed for large enterprise level
distributors to come onboard, resulting in a dramatic uptick
in market growth.
Rusty Stapp is the CEO of UbiquiOS Technology,
which enables low-cost Wi-Fi, Bluetooth and LP-
WAN connectivity for the Internet of Things (IoT)
market. Stapp brings nearly 30 years of component
and material customer engagement experience to
his role. He has led eorts in Europe, North America
and Asia for large companies like Texas Instruments and Kodak to
VC funded startups. Stapp also worked at NextWindow, where he
led engagements with HP, Microsoft and others. He holds a EET
from Texas A&M and a MBA from University of Texas at Dallas.
www.embeddedintel.com | Embedded Intel Solutions Fall 2017 | 13
SPECIAL FEATURE
We have to coordinate that root of
trust: Q&A with WinSystems
Why right sizing is a part of securing the IoT
IOT SECURITY
Editors Note: This spring saw publication of the Industrial Internet
Connectivity Framework by the Industrial Internet Consortium
(IIC), of which Intel is a founding and contributing member. Intels
involvement at that level in an organization striding purposefully
toward a trustworthy IIoT in which the worlds systems and devices
are securely connected and controlled.1 is a role well understood
by WinSystems, with roots firmly in industrial computing, and
now branched to the MIL-COTS, energy, transportation, and
automation verticals as well.
Understood too is embedded designers ongoing need for information
as threats to IIoT security persist. We have a strong relationship
with Intel, and can help our customers understand the security
measures that exist and Intels security roadmap for the IoT on
all the device levels that are available, T.J. Smith, WinSystems
Technology and Engineering Director, tells EECatalog.
On a regular basis, we help customers understand what is coming,
what the timeline is, and how to implement toward their needs as
1. https://lwn.net/Articles/506761/
14 | Embedded Intel Solutions Fall 2017 | www.embeddedintel.com
By Anne Fisher, Managing Editor
well as enabling all of the broad features that Intel has brought to
the tablebecause every chip that Intel brings to the table has new
IoT features and improved security, Smith adds.
EECatalog spoke with Smith and George T. Hilliard, Director of
Technical Sales, WinSystems, about the Industrial IoT and security
recently. Edited excerpts of the interview follow.
EECatalog: Whats important for someone targeting Industrial
IoT applications to know about the elements supporting
Secure and Trusted Data in a product like WinSystems PX1-
C415 SBC? [Figure 1]
Figure 1: A PC/104 form factor SBC with PCIe/104 OneBank expan-
sion, the PX1-C415 single board computer from WinSystems includes
the latest generation Intel Apollo Lake-I E3900 SOC processor.
George T. Hilliard, WinSystems: From a
systems-level perspective, its key to design
and plan for security upfront. I still often
see that folks will look at the feature set
first and then get down the road before they
start thinking about how they are going to
secure the system. Then they have to do some
George T. Hilliard,
WinSystems
redesign. Thats sometimes a missing element

out there. A secure way to start is with the root of trust and the
platform itself. And thats where we come in as an embedded
systems provider. We give customers a hardware platform
where they can create that root of trust using Intel or other CPU
products and have that space as a starting point for the security.
Addressing security in parallel with application development
and design speaks to the customers bottom line. By using this
approach, he can minimize risks and control costs rather than
going back at some point and having to redesign.
T.J. Smith, WinSystems: As soon as you
realize that your product has value, you
need to understand how you are going to
protect that value. So, you have to do an
assessment very early on in the product
life cycle.
T.J. Smith, Its also possible to oversize or overdevelop
WinSystems
on security. One of the things we target
with our customers is how to right size their security. You
need to understand the value of what is being protected and
put the appropriate measures in place to address that security
now and into the future. What will need to be monitored?
What will need to be adapted 10 years down the road?
EECatalog: How have some of the actions taken by Intel in the
past couple of years, including licensing decisions, affected the
solutions WinSystems is developing for its customers?
Smith, WinSystems: Longevity is very important. Intel
has been strongly promoting its longevity and has been
making licensing decisions based on that. When you go into
deployment, you have to understand not just security today,
but security tomorrow. How are you going to make sure that
two years down the road the millions of the products youve
deployed into the field dont suddenly become vulnerable with
no cost-effective way to repair them? The advanced decisions
involve understanding what a proven framework can do and
how WinSystems and Intel and the different software and
security layers play together to give you a secure yet flexible,
adaptable, solution for your IoT products without going
through the roof on costs.
Hilliard, WinSystems: In the embedded space, which has
now morphed into what everybody is calling the IIoT, Intels
acquisition of McAfee and VxWorks shows its commitment to
embedded systems platforms. We are seeing these technologies
picked up into the consumer products, which is encouraging
in that it can flow back into our area as well. And I think the
fact that Intel has focused on including more of the hardware
security into its chipsets is also a positive sign and helps us to
set the platform for the root of trust.
2. Industrial Internet of Things Volume G4: Security Framework IIC:PUB:G4:V1.0:PB:20160926. Published in 2016
SPECIAL FEATURE
EECatalog: How do you assure various security elements
complement one another in an SBC?
Hilliard, WinSystems: We give the choice to the customer. For
example, customers can add a Trusted Platform Module (TPM)
and take advantage of secure boot and other features, such as the
integrated Intel security engine and ECC memory, which gives
you a more reliable RAM for your device, and helps you protect it
from a forced reset vulnerability, for instance. As Jack [T.J.] notes,
they can right size that security solution for the application, and
IOT SECURITY
that is where their planning and expertise are going to come in.
Smith, WinSystems: Exactly. The platform is designed from the
start to enable, but not require, all levels of encryption and security.
A strong level of security requires a good root of trust. And where
that root of trust resides is an important decision between us, the
designer and manufacturer of the hardware, and the consumer,
the integrator, and their development of their application. We
have to coordinate that root of trust. Our hardware is capable of
providing a hardware root of trust. We can also enable any of the
variety of layers that are well integrated with the Intel platform.
The Apollo Lake platform provides a generous helping of security
capabilities. The application author and system integrator have
an awful lot of options for developing security. We support them
through that decision process; we support them through that
implementation process. And we definitely support them through
the production and manufacturing ramp into volume.
EECatalog: Please comment on the Industrial Internet
Connectivity Framework (IICF).
Smith, WinSystems: I like the direction the IICF is headed.
Its reached critical mass at this point and will be effective. The
IICF defines a wonderful selection of reference architectures
and frameworks to apply to basically any IIOT application.
They are helping drive interoperability in the space so that
developers can integrate layers even if they are from different
vendors. This is particularly helpful to WinSystems and our
IIOT ecosystem partners as we help our customers get their
products to market.
Hilliard, WinSystems: The [Industrial Internet Consortium]
IIC is involved in the standards, but they are not trying to set the
standards so much as to get individual standards to talk to each
other. With all these big installed bases for industrial control
there are so many different protocols on industrial Ethernet, for
examplethey are trying to find ways for all of these platforms
to talk to each other and then be able to transfer that data at
different layers at a higher level. Its going to be beneficial long
term, but I dont think were really seeing the structure around
it yet, although publishing the Industrial Internet Security
Framework2 is going to go a long way toward that.
www.embeddedintel.com | Embedded Intel Solutions Fall 2017 | 15
SPECIAL FEATURE
EECatalog: With regard to IIoT security as well as for other
elements, the model referenced is often that of layerswill
this model continue to work?
Smith, WinSystems: Yes, the layered model has been shown
to be effective and beneficial for over 30 years in the networking
arena. Applying this model to security and the IIOT provides
a similar abstraction from the complications and details that
each layer provides. This allows customers to quickly integrate
security features from trusted partners while maintaining
IOT SECURITY
focus on their own special requirements.
For example, if we integrate a security layer from a trusted
partner like Intel McAfee, the system security will be improved
without much extra complexity or burden to the customer.
WinSystems has a very similar role. We build very trustable
hardware. We put on top of that very trustable BIOS; we
put on top of that very trustable security layers, network
layers, and Board Support Packages [BSPs] and Operating
Systems all the way up into where the user runs their specific
application. One of the benefits the layers model gives us is
that users can almost be a la carte with what they do and
dont need. If they dont need a secure network layer from
us, then that can be provided through their own existing
capabilities. Depending on whether they need, for example,
a unique identification key for each board or a shared key for
each board or for their family of boards, we can abstract that
in a different layer of security. Yet the layers above and below
dont have to change dramatically.
The layered models give you the flexibility to adapt to the
various needs of a customer without having to start over and
redevelop everything. There are substantial benefits there in
terms of speed of execution, speed of production, re-using
tested code, and cost efficiency.
16 | Embedded Intel Solutions Fall 2017 | www.embeddedintel.com
EECatalog: What tools and practices need to be developed
today to keep the things of the Industrial Internet of Things
secure?
Smith, WinSystems: One of them is system management.
When you have devices in the field you have to have a way to
manage them. Depending upon the requirements, this could
be aggregated to a single pane of glass cloud-based solution
or it might have to be an on-site hands-on management-
based solution.
We know that the closer you have to get to a device, the more
it costs. If you have to go up and service the device at the top
of the windmill, it costs more than if you can do it from your
browser, so remote system management is very important.
Security detection is also very important. You need to have
some level of monitoring to understand when an attack or
breach has occurred. There is a tremendous amount of malware
in the world, detection of that is going to be an ongoing
problem for decades to come.
Finally, once you detect an issue, you have to be adaptable
enough to correct the problem. You have to be able to correct
problems and restore the system to a trusted state. That can be
something as simple as changing passwords or as complicated
as pushing a complete new software image, a more secure, not
corrupted software image into the device remotely.
Security needs to be included early, right-sized, and cost-
efficient because it will require attention for the life of your
product. If you deploy security measures and think youre done
and out the door, and youre forever secureWell, theres no
such thing as forever secure.
 SPECIAL FEATURE
Delivering Carrier Grade OCP to
Telco Data Centers
Carriers as well as web service companies have some things in common
(and some differences) when it comes to capitalizing on a common set of
hardware solutions.

NETWORKING & DATA CENTER TECHNOLOGIES

By Todd Wynia, Artesyn Embedded Technologies

Many communications service providers (CSPs) are looking
to adopt COTS hardware and virtualize many of their
applications, deploying these diverse workloads on a common
pool of hardware resources (Figure 1). The potential savings
of COTS computing and networking hardware is also creating
great interest in the latest data center innovation: open
compute technologies.
Pioneered and promoted by the Open Compute Project (OCP),
these technologies focus on the most efficient and economical
ways of scaling COTS computing infrastructure. Founded by
Facebook, the OCPs original objective was to guide, from
the ground up, design of the most cost-efficient data center
infrastructure.
t
These servers typically have individual AC-DC power
supplies, increasing cabling and power costs and limiting
the ability for centralized management.
t
A short supply of real estate is available, curtailing attempts
to increase functionality.
Facebook wanted a new rack-scale solution in which all servers
would be identical no matter what company manufactures
them. Servers needed to be powered, plugged into the rack,
and cabled in the same manner. Determined to remove
anything that didnt contribute to efficiency, Facebook even
had manufacturers remove server faceplates and other
metalwork, choosing to handle the regulatory EMC shielding
at the facility level instead of at the server or rack level.

Today, the goal of the OCP is to spark a collaborative dialog and

effort among peers on OCP technology, collectively developing
the most efficient computing infrastructure possible. Project
focus includes addressing servers, storage, networking,
hardware management, Open Rack (a rack standard), data
center design, and certifications for solution providers.

Figure 1: Virtualization enables CSPs to run many applications

on more cost-effective standardized, multi-vendor hardware.
Deploying cloud technologies on this COTS hardware enables
greater agility in service delivery.

Facebook sought a new rack-scale architecture that would

use generic servers to make its new data centers as low cost
and efficient as possible. The company viewed traditional
rackmount servers as falling short in several areas.

Traditional Rackmount Server Drawbacks

t
Each has a unique form factor, I/O, and management Figure 2: Front and back of a CG-OpenRack-19 system (CG-OPEN-
RACK-19 Image Courtesy of Pentair-Schroff).
system, locking a company into a single supplier.

www.embeddedintel.com | Embedded Intel Solutions Fall 2017 | 17

SPECIAL FEATURE
Leveraging Open Compute and Open Rack
Some applications must be hosted in central offices or
similar environments at the edge of the network. And many
CSPs want to use the principles of the OCP in their network
infrastructure, but the specification doesnt lend itself to CSPs
maintenance or other equipment practices.
So, a group of carriers and technology vendors have
collaborated to leverage Open Compute and Open Rack as
a base model, but to adapt them for telecom central office
NETWORKING & DATA CENTER TECHNOLOGIES
environments and carrier grade building practices. The
result is the CG-OpenRack-19 specification, which has been
designated OCP-ACCEPTED.
CG-OpenRack-19 is a scalable carrier grade rack-level system
that integrates high-performance compute, storage, and
networking in a standard rack (Figure 2). CG-OpenRack-19
brings the OCP to carriers, tracking (but de-coupled from)
changes driven by web companies and allowing compute,
storage, and acceleration to scale independently. The capital
expense (CAPEX) is driven down by flattening the supply chain,
using OCP economies of scale and driving competition through
an open source specification, while OPEX benefits from lower
power consumption and a reduced maintenance overhead.
Functional Elements
There are six major system elements (Figures 3 and 4):
1. System rack (19-inch)
2. Power conversion and distribution via dual 12V bus bars
3. White-box top-of-rack switches for optimized cable
handling
4. Two sizes of open bays for compute and storage elements
(full- and half-width)
5. A sled can be full- or half-width, each of which includes a
single optical header on the back for connectivity
6. Pre-wired blind mate optical backplane
Figure 3: The anatomy of a typical CG-OpenRack-19 compute sled.
18 | Embedded Intel Solutions Fall 2017 | www.embeddedintel.com
Terms and Acronyms
t
PODA logical and/or physical collection of racks within
a shared infrastructure management domain.
t
POD ManagerThe software that manages logical
groupings of functionality across all infrastructure in a
pod.
t
RMMRack Management Module. A physical system
element that is responsible for managing the rack, which
normally assigns IDs for the instances of PSME in the
rack, and manages rack power and cooling.
t
PSMEPooled System Management Engine. System
management software that runs on the DMC and is
responsible for the conguration of pooled storage
modules by the Pooled Node Controller (PNC), the
network (SDN) the compute modules, and the switches.
t
MMCModule Management Controller. The controller
that manages the blades in the module.
t
BMCBaseboard Management Controller. A specialized
service processor that monitors the physical state of a
computer and provides services to monitor and controls
certain compute/ storage module operations.
t
MEManagement Engine. A physical hardware resource
that gives access to hardware features at the baseboard
level below the operating system.
t
BIOSBasic Input/Output System. Firmware that
initializes and tests compute/storage module hardware
components and loads a boot loader or an operation
system from a mass memory device.
CG-OpenRack-19 Specication
Management Strategy
The CG-OpenRack-19 specification requires
each sled to have a dedicated baseboard
management controller (BMC) for various out-
of-band platform management services, which
is fully IPMI 2.0 and DCMI 1.5 compliant.
The specification goes on to stipulate certain
conditions that the BMC should meet,
but implementation details are left to the
developer.
Beyond the CG-OpenRack-19 specification
is another open, industry-standard platform
management specification and scheme
called Redfish, managed by the Distributed
Management Task Force (DMTF). See Figure 5.

Figure 4: Functional elements of the CG-OpenRack-19 systems.
Redfish is a hierarchical pod/data center management tool,
where a pod is a pool of compute resources. It recognizes
that the scale-out hardware usage model differs from that of
traditional enterprise platforms and requires a new approach
to management.
While Redfish is not a part of the CG-OpenRack-19 specification,
it is one of the most popular platform management approaches
and is a requirement for a solution to be Intel Rack Scale
Design (Intel RSD) compliant.
Comparing CG-OpenRack-19 to OCP
There are some key differences between the OCP specification
and carrier grade OCP as implemented in CG-OpenRack-19. For
example, while web companies are comfortable with rack-level
SPECIAL FEATURE
NETWORKING & DATA CENTER TECHNOLOGIES
Figure 5: Redfish pod logical hierarchy. See terms and acronyms.
field replaceable units (FRUs), carriers with many more physical
sites need to reduce costly on-site installation, maintenance,
and repair activities. These costs are being eliminated through
simpler hardware design. One example of such design is sled-
level field replaceable units with a minimal-touch environment
for service operatives.
Other differences found when comparing CG-OpenRack-19
and OCP include the following:
Physical:
t
Suitable for current central office and new telco data center
environments
t
19-inch rack-mounting defined (versus 21-inch in OCP)
t
Standard rack unit (RU) spacing
t
1000 to 1200 mm cabinet depth, supporting GR-3160
spatial requirements
t
EMI shielding at the sled level
t
Terabit-capable blind mate optical cabled backplane with the
ability to individually hot swap sleds
t
Consistent hardware user interface across different vendors
to shorten the learning curve
t
Option for central office seismic, acoustic, and safety
standards (NEBS)
www.embeddedintel.com | Embedded Intel Solutions Fall 2017 | 19
SPECIAL FEATURE
System Management:
t
Ethernet based out-of-band (OOB) device management
network connecting all nodes and power shelf via a top-of-
rack (TOR) switch
t
Ethernet based OOB application management network
connecting all nodes via a TOR switch
t
Optional rack-level platform manager
NETWORKING & DATA CENTER TECHNOLOGIES
Networking/Interconnect:
t
One or more Ethernet TOR switches for I/O aggregation to
nodes
t
Pre-cabled designfiber cables in rack, blind mate to node
with flexible interconnect mapping
t
Durable, blind-mating coupling connectors provide for
rapid insertion/extraction and prevent accidental damage
or incorrect placement
One Infrastructure. Any Workload.
CSPs are embarking on an exciting period of business
transformation. The ability to use high-volume COTS servers
to implement cloud technologies, such as virtualization and
OpenStack, will help them reduce CAPEX and OPEX, unleash
new flexibility and elasticity in their operations, and radically
improve their time to market for new services.
While OCP provides an excellent solution for the enterprise
data center, CSPs require a higher grade of hardware platform
designed to meet their more challenging needs for low-
latency performance, bandwidth scalability, reliability and
serviceability, and regulatory and safety compliance.
Considering how critical and specialized their current
equipment is, the shift requires a carefully managed transition.
20 | Embedded Intel Solutions Fall 2017 | www.embeddedintel.com
Figure 6: CG19-GPU Sled from Artesyn Embedded Technologies
Working with the OCP and other industry bodies, companies
like Artesyn have developed solutions that will meet
CSP requirements with standardized architectures such
as CG-OpenRack-19 (Figure 6). Through a performance-
optimized solution that maximizes data flows to virtualized
applications while maintaining high reliability, CSPs in the
future should easily and confidently be able to implement
open compute solutions.
These solutions will enable open compute successes not
only for their enterprise data center needs, but also for
NFV solutions and a range of new innovative services that
will help them better compete in the cloud provider and
communications industries.
Todd Wynia is Vice President of Communications
Products for Artesyn Embedded Technologies. He
has written a number of white papers on indus-
try standards and the telecom industry as well as
serving on the board of CP-TA, VITA and partici-
pating extensively in the PCI Industrial Computer
Manufacturers Group (PICMG). Wynia is a graduate of the Uni-
versity of Wisconsin, where he earned his B.S. in economics with
a math emphasis.
Editors Note: More evidence of CG-OpenRack-19 benets is de-
tailed in this articles online version.
 SPECIAL FEATURE
Jumpstart Connected Strategies
Remote monitoring reduces costs, improves uptime, and jumpstarts
connected strategies. Integrated platforms enable a flexible path,
protecting both edge and on-premise computing options.

NETWORKING & DATA CENTER TECHNOLOGIES

By Ed Trevis, Corvalent

Application-ready platforms act as building blocks to the

Internet of Things (IoT), providing a secure development path
that speeds time-to-market and assures flexibility as needs sway
between centralized and de-centralized computing. Tapping into
these platforms to enable remote monitoring and management
capabilities is an ideal first step toward an IoT-based future.

To streamline the overwhelming nature

of creating an IoT system strategy, OEMs
and developers should address a primary
use case such as remote monitoring and
management as a first step.

The IoT can present a number of roadblocks for OEMs and

application developers. The impact of committing to network
technologies, development platforms, cloud providers, and
more, means that a misstep could become a costly setback.
Such a misstep might not even reveal itself until an application
needs to scale or a security breach demonstrates a performance
limitation. These are the kinds of factors that keep technology
innovators awake at night, even while they are fully aware
of missed opportunities resulting from a lack of real-time
connectivity between systems and applications.
To streamline the overwhelming nature of creating an IoT
system strategy, OEMs and developers should address a
primary use case such as remote monitoring and management
as a first step. By capitalizing on integrated hardware/software
platforms optimized for flexible development, the path to
connectivity is both straightforward and secure.
Tapping into Remote Monitoring
Accessing remote monitoring and management capabilities is a
good place to start, with the potential to deliver fast value from
an IoT investment. While deployed systems represent a wealth
of potential data, many are not yet equipped with sensors and
applications that enable data to be gathered and shared in a
timely fashion. Even if performance data is currently being
gathered, it may not be actionable quickly enough to support
predictive or preventive maintenance.
Figure 1: Based on Intel x86 processors, Corvalents CorEdge box
PC product family offers a powerful, exible, and reliable platform,
helping developers reduce time-to-market, protect application
security, and support reliable performance. Each application-ready
system can be customized to the individual needs of the project,
including software pre-installation, hardware installation and con-
guration, and system branding. Systems can be shipped ready to
plug-in to manufacturing facilities, or directly to end users in non-
branded packaging. (Image credit Corvalent)
The win comes from accessing and sharing that data in real-
time. If a system is running hot due to environmental issues or
looming component failure, proactive measures can be taken
only if operators are made aware of the rising issue. In another
example, a system may be performing well and even exceeding
its anticipated quota of scans or cycles; consider a high-
performance MRI machine quickly reaching a milestone for
number of scans completed. Ideally it should warn operators in
advance that maintenance is soon required, before unexpected
downtime costs hospitals thousands in unrealized revenue.
An application-ready integrated platform enables OEMs
to configure these remote monitoring applications quickly,
adding sensors to aid in predictive maintenance operations
for the end-user. Integrated platforms may also ship with
sensors on board, enabling remote monitoring out of the box.

www.embeddedintel.com | Embedded Intel Solutions Fall 2017 | 21

SPECIAL FEATURE
Solving Risk Factors
Achieving system longevity is an important part of the design
goalsaving millions of dollars over the life cycle of a product
based on reduced costs in hardware and software compatibility
testing, qualifying and validating new platforms, and agency
re-certification. With IoT technology investments, embedded
OEMs and developers face additional risk, as the pendulum
constantly swings between centralized and de-centralized
computing. Solving this significant challenge involves working
with an application-ready platform that is inherently flexible.
NETWORKING & DATA CENTER TECHNOLOGIES
Developers can embrace any type of IoT environment, tuning
system performance to the edge or on-premise without a
change in architecture. Ideally, software can be deployed in
any manner that makes sense for the application at hand.
This advantage allows developers to reduce risk dramatically,
removing difficulty by building their applications on what could
be called infrastructure middleware. Across the full spectrum
of embedded applicationsindustrial automation, medical,
defense, energy, and moremost technology leaders compete
best by focusing on their business of managing large devices or
systems, not building core level platform middleware.
Addressing Pain Points and Simplifying Deployment
It is true that engineers love to build things, but their bosses
need to build the bottom line. Given that time-to-market is
a critical factor in this effort, application-ready platforms
address a range of options that improve the balance between
costs and development resources.
End-users want to put software where they need it, and avoid
being tethered to one cloud provider vs another. Rather than
committing an infrastructure build to a cloud service such as
Amazon, Google, or Azure, an integrated container-based IoT
platform can be deployed and moved as needed. Edge components
act as self-contained IoT systems, and can run completely
disconnected from the cloud or the on-premise server.
Improved Reliability with Security at Every Layer
This flexibility and independent capability also protects uptime,
for example in scenarios where a rugged system may not have
connectivity. The device continues to operate under the rules
running at the software edge, an important value add for non-
stop applications such as manufacturing or hazardous security.
Security innovations capitalize on options built into
processors such as hardware-accelerated encryption; today,
a range of features is available below the operating system,
creating comprehensive capabilities that enhance productivity
and secure management. In an integrated system, secure
hardware dovetails with secure software. The perspective is
security first, with protocols architected into the platform at
every opportunity. Everything is locked down by default, and
developers must specifically open ways to access the system.
This is in contrast to ground-up solutions, where security tends
22 | Embedded Intel Solutions Fall 2017 | www.embeddedintel.com
to be an afterthoughtit is typically handled in the opposite
fashion, with developers having to make choices about which
protocols to turn on.
Security faults arise when the development takes place, and
security decisions follow. It is much more effective to incorporate
a secure mindset as part of the development effort itself. This
allows the system to be secure and interoperable at every layer.
Developers in Mind
An optimized platform is built with developers in mind,
using open architecture and a full range of communication
interfaces. Most interface protocols are available, as well
as open source protocols and APIs for communicating with
devices or enterprise systems. Developers are empowered to
focus on the business problem at hand, building their solution
as opposed to building a low-level infrastructure.
Your IoT Initiative
Tackling a single mission such as accessing remote monitoring
and management capabilities is a smart strategy, right-sizing
the overwhelming proposition of becoming IoT-enabled. These
capabilities not only reduce maintenance costs, but also make
OEMs more competitive for their end-user customers. Because
deployed systems can be supported remotely, costly on-site
visits to either repair or simply diagnose systems are vastly
reduced. Uptime is improved with more proactive options, and
overall support resources are significantly better managed
based on predictive and preventive maintenance strategies.
Integrated hardware/software platforms provide the
necessary toolsas well as the freedomto enable this value
for developers. Faster time-to-market, reliable performance,
and a security-first perspective are bundled in a flexible
system that accommodates both edge and on-premise
computing. Investments are protected with longevity in
mind, capitalizing on the remote management platform
as a flexible IoT framework on which to build additional
connected applications.
This initial step can open the door wide for whats next.
The ability to create IoT systems in a fast, scalable, secure
manner may be just what it takes to move your organization
into the future.
Ed Trevis is President and CEO, Corvalent. Trevis
has been Corvalent President and Chief Execu-
tive Ocer since the companys inception in 1993,
leading the rm to double-digit growth, rapid
gain in market share, and numerous business
awards and recognitions. He is an active CEO
member of Vistage International, and maintains
a leadership philosophy promoting employee edu-
cation and encouraging personal and professional growth. Connect
with Ed via LinkedIn or at [email protected]

What Makes an Industrial Digital
Media Player Different?
With digital displays popping up well outside their climate-controlled
comfort zone, a new kind of media player is increasingly in demand.
The digital signage industry is booming. Analysts predict an
8.94 percent compound annual growth rate1 between now
and 2020, and that by 2023 the market will be worth $32.84
billion2. The expansion of signage implementation throughout
industry has been a major contributor to this exponential
growth, with displays being used by businesses of every shape
and size for a huge range of content delivery needs. Of course,
Digital Out of Home (DOOH) advertising is still a significant
part of the overall signage equation, but increasingly digital
displays are being utilized for applications far beyond
customer acquisition, and in locations that would challenge,
or even destroy, a typical media player.
Figure 1: Unlike traditional media players, fanless industrial media
players, like this ML400 system from Logic Supply, employ custom
machined heatsinks and fanless enclosures.
Static and interactive digital displays are popping up
everywhere from medical facilities and manufacturing floors,
to transportation hubs and outdoor events (Figure 2). These
varied applications for digital content delivery bring with
them a host of logistical and environmental complications
that have required signage professionals to reevaluate the
hardware they utilize to convey their message.
1. http://www.tmcnet.com/usubmit/2014/03/12/7720094.htm
2. http://www.marketsandmarkets.com/PressReleases/digital-signage.asp
SPECIAL FEATURE
DIGITAL SIGNAGE/SMART DISPLAYS
By Robert Suffoletta, Logic Supply
But what makes an industrial digital media player different,
and what factors play into an educated hardware choice for
signage integrators and ISVs?
A Different Look and Feel
In the past, theres been an attitude toward disposability in
much of the digital media player space, with entry level device
builders suggesting that when a media player fails, the user
simply throw it away and replace it. But that assumes a certain
level of nonchalance toward the information being displayed.
Industrial digital signage players arent throw away devices
because the content theyre displaying isnt disposable. In fact,
its often mission-critical.
Perhaps the most striking difference between consumer-
grade digital media solutions and industrial media players
is the way theyre constructed (Figure 1). The vast majority
of commercially available media players are built using
some combination of plastics and polycarbonate. While
these materials are relatively inexpensive, they dont offer
much in the way of durability, particularly in challenging
environments. Industrial media players, which may be subject
to extreme temperatures, moisture, vibration or even impact
forces, most commonly utilize all metal enclosures and
internal components designed specifically for industrial use.
Figure 2: An industrial digital signage installation located above the
JetBlue terminal at JFK airport in Queens, NY. Industrial digital media
players inside power two displays each. (Courtesy Logic Supply)
www.embeddedintel.com | Embedded Intel Solutions Fall 2017 | 23
SPECIAL FEATURE
Industrial media players may also look very different than
their commercial counterparts. With enclosure extrusions
designed to dissipate heat, and form factors tailored to
installation behind low profile displays or within electrical
cabinets, industrial signage devices dont always conform
to the nondescript black box archetype. The connectivity
options available on industrial media players also tend to take
into account the variety of output devices they may need to
interface with. In addition to HDMI, USB, and DisplayPort (of
various flavors), its not uncommon to find VGA or even DVI
DIGITAL SIGNAGE/SMART DISPLAYS
connections to accommodate legacy displays that may be part
of the existing infrastructure at a given installation location.
Purpose-built Reliability
A hardware crash at a retail facility utilizing a digital signage
solution might be inconvenient or embarrassing for the
proprietor, but imagine the potential ramifications to loss
of signal at a high-paced manufacturing plant or, worse
still, a busy medical facility. Reliability is paramount in any
industrial signage application, making attention to detail
and careful engineering of industrial media players vital to
their longevity. For signage integrators installing hardware at
client sites, a single failure that results in the need to roll a
support truck can cost the company hundreds of dollars, not
to mention the potential lost revenue for its customer.
With outdoor signage deployments becoming more
commonplace, systems designed for industrial use are
employing components rated for extreme operating
temperatures, from -25 C (-13 F), all the way up to +70 C
(+155 F) or more. In addition to outdoor use, these wide
operating temperature ranges provide integrators the
flexibility to install systems in cars, busses, trains, and ships
where theyre commonly used for everything from passenger
information delivery to infotainment and wayfinding.
In addition to environmental resistances, many industrial
signage players limit, or even completely forgo, moving parts.
Solid state storage offers faster read and write speeds to
allow for smooth content delivery while also eliminating the
noise and data corruption that can result from spinning hard
drives. The most reliable breed of industrial media players
also leverage fanless, solid state cooling solutions. Removing
a cooling fan from the equation can result in a digital media
player with zero moving parts, greatly improving overall
system reliability, especially for installations where the
hardware is subject to vibration.
Above and beyond fanless cooling, some industrial media
player hardware manufacturers take the extra step to create
systems that are also fully sealed against contaminant ingress,
with no vents or extraneous openings in the enclosure. Quick
serve restaurants who employ digital signage displays for
24 | Embedded Intel Solutions Fall 2017 | www.embeddedintel.com
their interior menu boards are increasingly turning to fanless
solutions to prevent dust, grease, and moisture from reaching
sensitive hardware components and causing failures.
Constructed for the Long Term
One important aspect of industrial signage that frequently
goes overlooked is the concept of life cycle. While the
reliability of the hardware contributes to its life span (how
long its expected to operate without a failure), life cycle
refers to the manufacturers commitment to produce and
support a given device.
In the world of consumer technology, frequent hardware
turnover due to obsolescence makes life cycle less of a concern,
but for industrial applications that may depend on a system
to operate for three to five years or more once installed,
the ability to order additional devices or get support for
any necessary updates is paramount. When dealing with
international or safety certifications, even slight changes to a
device configuration can cause huge logistical headaches, not
to mention the significant costs of re-certification. The ability
to order a locked-down configuration for the foreseeable
future of a project is a huge advantage industrial media players
offer over their consumer-grade counterparts. In addition to
life cycle management, industrial media player manufacturers
frequently offer more inclusive and longer warranty support,
providing additional peace of mind to signage integrators.
The Bottom Line
The continued evolution of digital content delivery is changing
the way signage professionals evaluate the hardware platforms
they utilize. Even the most user-friendly, fully featured
software suite is still only as viable as the hardware its running
on. The widespread use of digital media players in increasingly
challenging environments puts pressure on integrators to
ensure the hardware they select will survive the rigors of
installation, no matter where that might be. Ultimately, the
quality of your industrial digital signage hardware should
always match the gravity of your message.
Robert Suoletta is a Visual Communications
Specialist at Logic Supply (www.logicsupply.com),
an Intel IoT Solutions Alliance member. A 20-year
veteran of the computer industry with more than
10 years experience in providing hardware solu-
tions to the digital signage market, he is dedicated
to matching clients building innovative signage solutions with the
most capable and reliable hardware for their unique installation.

System-on-Chip: Not Yet
Ready for Prime Time
Factors involved in weighing SoC, Integrated OPS, and external hardware
choices for digital signage
By Mark Boidman, Ben Zinder, and Gilbert Baltzer, Peter J. Solomon Company
System-on-Chip (SoC) is an integrated digital signage solution
where media player hardware is embedded within a display,
eliminating the need for third-party, external media players.
These external media players are the commercial equivalent of
consumer products such as Roku, Chromecast, and Amazon Fire.
Initial System-on-Chip Products Had Limited
Capabilities
First-generation SoC products from Samsung and Sony
launched in 2013, followed by second generation displays and
the entrance of LG into the market in 2014. First- and second-
generation products had minimal processing and graphics
power, which restricted capabilities to playback of images
and basic video. Content creators and software developers
(Photo: Samsung)
SPECIAL FEATURE
DIGITAL SIGNAGE/SMART DISPLAYS
often faced a substantial learning curve when required to use
proprietary operating systems (e.g., Samsung Tizen OS, LG
WebOS). Finally, adoption was hindered by skepticism about
long-term commitment and focus of manufacturers to what
will always be for them a relatively niche product.
Subsequent generations have addressed some of the issues
encountered by early adopters. Improved hardware offerings
have greatly improved the functionality and flexibility of
SoC displays. New entrants into the market (Panasonic,
Philips, Sharp, Toshiba, etc.) have adopted Android as a
standard, and Samsung and LG have made their operating
systems more developer friendly. However, Android remains
a consumer-grade operating system and the proprietary OSs
www.embeddedintel.com | Embedded Intel Solutions Fall 2017 | 25
SPECIAL FEATURE
are derivatives of consumer TV platforms. They are primarily
based on the world of streaming, and theres not a lot of focus
on software development. The core hardware is good, but the
software ecosystem is changing all the time. That makes life
difficult for end-users and developers.
What the industry needs are very stable APIs because so many
software developers are developing on these platforms. When
the software changes with every new version of the consumer
TV models, development is quite difficult.
DIGITAL SIGNAGE/SMART DISPLAYS
System-on-Chip Now Offers Some Advantages
The primary selling point for SoC is that the upfront cost
is approximately 25-40 percent lower than comparable
solutions. Users also typically experience a reduction in
hardware support expense due to fewer points of failure.
Power consumption is usually lower, as an integrated design
improves energy efficiency. In addition, with no need for
configuration, the installation process is straightforward and
requires less technical expertise.
Most display manufacturers require screens to have constant
Internet access both to stream data and to download software
updates. While this connectivity is convenient, it also creates
a potential security concern for corporations with large
installations consisting of hundreds of displays.
External Hardware Remains Essential in
Certain Situations
Despite recent improvements, SoC devices continue to face
some limitations in their ability to support the breadth of
features needed for many types of digital signage projects.
Consequently, external media player solutions remain the
solution of choice for businesses aiming to ensure seamless
transitions between media content, complex video layering
and HTML rendering, or synchronization between multiple
displays. The primary advantage of dedicated external media
players is the breadth of the solutions software offering.
External hardware also accommodates applications that
vary from touch screens to complicated display solutions
and/or video walls with a range of display sizes mounted at
various angles. An additional consideration for many buyers
is external hardwares upgradeability, the ease of which helps
to future-proof the display, not locking buyers into a specific
product ecosystem.
26 | Embedded Intel Solutions Fall 2017 | www.embeddedintel.com
Another Option for All-in-One
A different type of integrated solution is gaining momentum
in the industry. Displays and players that have adopted Intels
Open Pluggable Specification (OPS) are offering the Pro AV
market a solution thats both powerful and integrated. The
combination of an OPS display and a commercial-grade OPS
media player delivers an all-in-one signage solution that is
powerful and feature-rich while still being simple to install,
eliminating the need for wiring and technical expertise. This
OPS display/player combination can offer all of the benefits of
a commercial-grade media player, a purpose-built OS, stable
software with open APIs and an all-in-one solution without
any of the downfalls.
To Date, SoC Has Struggled to Gain
Widespread Adoption
Despite most display manufacturers now bundling SoC at
minimal incremental cost, it is estimated that fewer than
10 percent of displays with SoC have their capabilities used
by operators, who still prefer external hardware solutions.
Nevertheless, SoC products have improved significantly since
market entrance and offer a compelling alternative in some
circumstances.
Ultimately, the decision to purchase external hardware, an
integrated OPS solution, or a SoC display must be made on
a case-by-case basis. For many basic digital signage needs,
SoC may very well be an adequate solution. Customers who
place a premium on performance, reliability, and scalable
software will likely continue to rely upon external hardware or
integrated OPS solutions for the foreseeable future.
Mark Boidman is a Partner and Managing Director
at Peter J. Solomon Company.
Ben Zinder is an Associate Director at Peter J. Solomon
Company.
Gilbert Baltzer is an Associate at Peter J. Solomon
Company.
 Docker Containers Ease Cloud and
IoT Implementation
Open-source Docker leverages Linux resource isolation features to deliver
lightweight, efficient, and repeatable software delivery on complex
infrastructure.
By Lynnette Reese, Editor-in-Chief, Embedded Intel Solutions, Embedded Systems Engineering
Three items are key in IoT: a thing, a cloud, and the internet
for communication. Within this model, the cloud is not only
someone elses computer, but in reality, the cloud is a complex
compilation of interconnected servers with variable hardware
infrastructure, software stacks, and other effects that can be
combined in millions of ways if you count all possible settings.
IT staff loves Docker since it removes the agony factor to a large
extent when setting up or bolting on software components
into any infrastructure. Docker eliminates the need to become
a pseudo-expert in various packages and hardware settings
and isnt limited to clouds. Docker, an open source project,
makes it easier to get software and hardware working together
in an efficient, repeatable pattern, so developers dont have to
deal with the complexities of servers and storage1. Docker is a
tool that allows us to innovate without reinventing the wheel
and like Linux is the crux of why Docker is so successful.
Figure 1: Left: Virtual machine (VM). VMs run a resource intensive OS
and establish a configuration entanglement. Right: Containers can
share a kernel. Only the executable and package dependencies are in
a container image. Processes run as native and can be managed indi-
vidually with no configuration entanglements. (Source: docker.com)
1. Levy, Ari. One of Techs Most Ambitious Open Source Projects Puts a Software Veteran at the Helm. CNBC. CNBC, 02 May 2017. Web. 31 May 2017
2. What Is Docker. Docker. N.p, 15 Apr. 2017. Web. 31 May 2017.
SPECIAL FEATURE
ANDROID & LINUX
Create Precisely Defined Containers
Docker is a concise tool that containerizes a process
or application and isolates it from other applications. A
containerized app runs anywhere. Docker simplifies getting
an environment up and running on your machine and
provides a container system for code and a very consistent
way to get code running on a specific set up. Linux containers
have been around for years, but many use containers as
a kind of tiny server. Docker began as a tool for creating
containers for convenient, reliable, repeatable software
delivery and is meant to be as easy as possible to use. Docker
gets around the fact that software stacks today are run on
different frameworks, switching between toolchains of
different languages, and running on increasingly complex
and diverse hardware infrastructure. Docker allows people
to share containers, which has become possible as a critical
mass of people that want to share and reuse containers pull
them from Docker Hub.
The result is a new means
of delivering software that
is lighter than a virtual
machine (VM) yet sidesteps
the complexity of setting up
the run environment for the
recipient. Docker.com states,
When an app is dockerized,
that complexity is pushed
into containers that are
easily built, shared, and run.
Setting up to work on a new
codebase no longer has to
mean hours spent installing
software and figuring out
setup procedures. Code that
ships with Docker files is simpler; dependencies are pulled as
neatly packaged Docker images and anyone with Docker and
an editor installed can build and debug the app in minutes2.
www.embeddedintel.com | Embedded Intel Solutions Fall 2017 | 27
SPECIAL FEATURE

to replicate fully portable environments

between infrastructures so that dotCloud
could help customers. Sharing and assisting
others have become more complicated due
to multiple hardware platforms, appliances,
and other variables such as different
versions of software. Something that
works on your machine may not work on
anothers. A bundle of software typically
has a file extension that indicates a specific
ANDROID & LINUX

environment for unpacking and executing

it. However, if you ship that software
package, youre not sure what is on the other
end. You dont know the version or settings
of the recipients environment; all you know
for certain is that the software package
worked on your machine. Increasingly more
complex software stacks make it likely that
the recipients hardware, operating system,
and other environment variables do not
Figure 2: The entire container market (including containers, virtual-
ization, Private PaaS and others) is expected to hit $2.688 billion by
have everything that your software package
2020. (Source: 451 Research) used on your end. To solve this problem, you might have to
ship everything surrounding the application, too, down to the
Put Simply, How Does Docker Work? build, system configuration, and the version of the application
A good analogy for Docker is the shipping industry. In the and libraries.
olden days, individual items were packed on wooden ships and
individually unloaded by stevedores at the port of destination. One option is to re-create your entire system by re-creating the
As shipping got more complicated, at some point modular, environment with a virtual machine so that you have the exact
standardized shipping containers were implemented. Product environment for success for the recipient. But virtual systems
is placed in a container, sealed, put on the ship, and sent are very large, on the order of 10 MB or more, and if youre
off. A global infrastructure has adapted to this container testing a stack on 12 different virtual machines representing
including ships, portside loading and unloading equipment, 12 specific environments then youre going to need more than
train flatcars, tractor-trailer trucks, and even airplanes; all one personal computer to deploy 12 virtual machines. Virtual
are meant to accept this same container
regardless of location, company, or mode
of transportation. With Docker, the
software developer can hand off his or
her container to others to handle; others
who are experts in the infrastructure,
surrounding software, and tools. The
developer need be concerned only with
the inside of the box. Docker provides a
consistent way to get code up and running
on the developers machine yet can also
move code forward to staging, production,
or various testing scenarios.

Docker is valued at more than $1 billion

and is expected to grow in revenue to
$2.7 billion by 2020, according to 4512
Research3. Docker was born at dotCloud, Figure 3: https://docs.resin.io/understanding/understanding-
a platform-as-a-service company in 2013 out of the necessity devices/2.0.0/

3. Buckley, Kaitlin. 451 Research: Application Containers Will Be a $2.7bn Market by 2020. PRWeb. PRWeb, 10 Jan. 2017. Web. 31 May 2017.
4. https://docs.resin.io/introduction/ N.p. Web. Accessed 31 May 2017.

28 | Embedded Intel Solutions Fall 2017 | www.embeddedintel.com


machines are terrific, but they do carry a lot of baggage and
overhead that can weigh down performance.
Docker is an open collaboration with all parties involved in
creating a specific image for a specific stack and hardware
infrastructure. Docker takes advantage of Linux evolving such
that executing processes in a sandbox (a resource isolation
feature) can be achieved concisely because youre working
with low-level primitives in the Linux kernel. As far as Docker
knows, it is the only process talking to the Linux kernel and is
cleanly isolated. This means that you can deploy applications
without worrying about conflicting dependencies with other
applications. Docker can run a specific library version, while
another application runs another version of the same library
without conflict.
Docker for the Embedded Developer
You can install Docker by downloading it (as a static binary)
and installing it. Its initially kicked off as a daemon. After
the daemon is running, the client is run, and then commands
can be typed that get passed to the Docker daemon. Docker
definitely supports the 64-bit x86. The Intel Joule development
kit, well-suited to IoT applications, provides a Docker
container and uses Docker Toolkit to facilitate it. Another
company apparently incorporates Docker into its operating
system. Resin.io, a company that makes it simple to deploy,
update, and maintain code running on remote devices4uses
Docker and claims support for the full Raspberry Pi family,
Beagle Bone Black, Intel Edison, Intel NUC, Odroid C1+ and
XU4, BeagleBone Green Wireless (beta), and several other
5. https://docs.resin.io/understanding/understanding-devices/2.0.0/ N.p. Web. Accessed 31 May 2017.
SPECIAL FEATURE
embedded development boards. According to the Resin.
io site, The ResinOS is an operating system optimised for
running Docker containers on embedded devices, with an
emphasis on reliability over long periods of operationthe
core insight behind ResinOS is that Linux Containers offer,
for the first time, a practical path to using virtualisation on
embedded devices. 5
Docker is another stepping stone in navigating the next
wave of increasingly complex technology. Docker is open
ANDROID & LINUX
source and owes a great deal to the open source community
that participates in creating Docker containers, however,
Docker does have an Enterprise version with over 400 paying
customers. The Docker site includes case studies of Docker
use at Uber, MetLife, Expedia, General Electric, Cornell, Ebay,
ADP, PayPal, and several others. As for the embedded world,
lightweight containers can make test and development faster
and can add to security as VMs have done for computers by
isolating applications.
Lynnette Reese is Editor-in-Chief, Embedded
Intel Solutions and Embedded Systems Engi-
neering, and has been working in various roles
as an electrical engineer for over two decades.
She is interested in open source software
and hardware, the maker movement, and in
increasing the number of women working in
STEM so she has a greater chance of talking about something
other than football at the water cooler.
www.embeddedintel.com | Embedded Intel Solutions Fall 2017 | 29
SPECIAL FEATURE
Open Source Meets Standards: A
Platform for Fast Implementation
Mini Linux platform utilizes COM Express modules.
ANDROID & LINUX
Like it or not, embedded development is getting more
demanding. Devices like the iPad and Surface have raised
the bar for the quality of the hardware, software, and user
experience. Accelerating investment in hardware start-ups
means there are a larger number of talented and well-
funded competitors fighting over the same markets. With
heightened expectations and competition, developing
better embedded devices on shorter timelines is essential,
highlighting the importance of hardware standards and a
comprehensive ecosystem!
Figure 1: An example of a low-power consumption (5-7W) embedded
computing platform applicable to wired and mobile use. Depending
upon the processor choice (1 and 8GB RAM), it equates to consumer
laptop or small server. (Source: Embedded Now)
Today, most software engineers live in a world of open
source, cloud computing, and rapid agile development.
They can prototype applications in days by creating novel
combinations of powerful open source software, or launch a
few thousand servers in a matter of minutes. So far, these
efficiencies have been confined to the world of software
development. They havent translated over to professional
embedded development. Hobbyists benefit today from
platforms like Raspberry Pi and Arduino, which have broad
ecosystems providing real productivity gains, but these
30 | Embedded Intel Solutions Fall 2017 | www.embeddedintel.com
By Dan Demers, congatec
platforms arent appropriate for embedding in finished
devices. Professional embedded system engineers lag behind,
lacking comparable ecosystems.
One response to the gap between embedded engineers needs
and ecosystem readiness could be to leverage a standards-
based Linux platform. Such a solution capitalizes on the vast
ecosystem of open source software available to embedded
devices One aspect that an environment like this excels at
is in bringing together the best parts of WebKit for HTML
rendering and the V8 JavaScript engine. Out-of-the-box
they support audio, video, and 3D rendering with WebGL
as well as raster and vector artwork and UIs that reflow
to different screen sizes. Beautiful applications with rich
user interactions can be created with these technologies.
Moreover, these web technologies benefit from broad
support and a large development community. They surpass
other environments in the number of developers, support
resources, best practices and community activity. As it is
rare to find a task that hasnt been solved before, software
engineers can make efficient re-use of existing knowledge
and concentrate on innovating their products rather than
redeveloping code that others have already written.
Shrinking the Workload
It makes no sense for OEMs to use such environments if they
are not supported by embedded hardware platforms. It can
take hours, days, or even months to debug insufficient driver
implementations or incompatible code. One company which is
helping application engineers avoid this potential workload is
Embedded Now. Its single board computer and ecosystem of
peripherals target HTML 5, CSS, and JavaScript applications
in Linux-based embedded systems. Embedded Nows systems
come preloaded with either Lubuntu, Ubuntu 14.04 LTS
Desktop, or Ubuntu Server. Support for developers building
applications with Electron, Chromium, or the Chromium
Embedded Framework is also available. Features make the
companys Linux platforms suitable for embedded applications
include, for example, those, preventing corruption of storage
volumes, and solutions for rendering wireless networking
more robust in commercial and industrial settings.

With regard to peripherals, Embedded Now advises on
Wi-Fi or Bluetooth implementations and helps customers
develop specialized peripherals for tasks like analog to
digital conversion and motion control. As the companys
platforms are all standards-based, application engineers
on the customer side typically find that needed specific
peripherals work immediately out-of-the-box. Thats given
that the platforms use only standard interfaces (like USB
ports) and widely supported Linux distributions with
extremely comprehensive driver support.
Figure 2: The Embedded Now Piconium embedded computing plat-
form, shown here with a different cooling solution than that pictured
in Figure 1, provides multiple interfaces including 6x USB 2.0 and 1x
USB 3.0 for application specific extensions including Bluetooth and
Wi-Fi as well as 1 HDMI port. (Source: Embedded Now)
Describing the speed with which a standards-based Linux
platform can get an embedded product to market, Eric Mar-
thinsen, Chief Software Architect and Founder of Embedded
Now, notes, Our customers usually go from having nothing
to shipping production-ready devices in between three and
twelve months. Anecdotally, we are hearing that people are
shaving around twelve to eighteen months off of their engi-
neering schedule.
Modular with Linux Support from the Get Go
To expertly serve customers with application ready Linux
platforms requires concentrating on core competencies and
finding the right ecosystem partners. For its commercial off-
the-shelf (COTS) single-board computer, called the Piconium,
Embedded Now has chosen a modular approach on the basis
of the COM Express Computer-on-Module standard. This
ensures the reliability customers demand. The FCC and CE
compliant platform, which can be utilized from mobile client
devices up to micro server applications for edge computing, is
based on a COM Express Type 10 module and measures only
130 x 55 mm. Its small size means it can fit into whatever nook
or cranny applications call for. Despite its small footprint it
offers a comprehensive set of interfaces, including 2x USB 3.0,
5x USB 2.0, Ethernet, and HDMI as well as Wi-Fi and Blue-
tooth via USB extensions, and LVDS displays and cables with
touch panel support as accessories.
The Piconium can be used in nearly all applications as it can
operate even in the extended temperature range from -40 C
SPECIAL FEATURE
ANDROID & LINUX
Figure 3: A tailored OS with all components provided by the plat-
form provider is one of the essential connections that conducts the
communication between the applications and the hardware as the
major abstraction layer. It relies on comprehensive driver support
from the embedded board vendor.
to +100 C. All components and engineering are certified for
industrial use. The components, like the wide range locking
power connector, have all been chosen to withstand the most
demanding environments.
Customers can pick the appropriate Computer-on-Module with
COM Express Type 10 pinout for scaling the performance from
3rd Generation single-core and multicore Intel Atom, Celeron
processors up to modules featuring the latest 5th Generation of
Intel Atom, Celeron and Pentium processors (codenamed Apollo
Lake). Both processor technologies support the extended tem-
perature range and offer a long-time availability of at least seven
years, to match embedded application needs. With a low-power
envelope of less than 12W, fanless designs can easily be achieved
without sophisticated cooling solutions, reducing design-in
efforts. The broad prevalence of the Intel Atom technology makes
strong Linux support out-of-the-box possible. The memory is
configurable for all versions from 1GB to 8GB.
congatec module solutions
Embedded Now chose the COM Express standard because it
offers the broadest scalability for future developments up to
server grade platforms, and picked congatec as its module vendor.
We are very happy to have chosen congatec, says Marthinsen.
Prior to founding Embedded Now, my business partner and I
were customers of congatec. We selected them due to the quality
of engineering that goes into their modules and the high level
of support they provide. We consider them to be an important
strategic partner and a key component of our success.
Dan Demers is the Director, Sales & Marketing
congatec America. He holds a B.B.S degree in
International Business from Grand Valley State
University, Grand Rapids, Michigan and an
M.B.A. from Ashford University, Clinton, Iowa.
Mr. Demers has over 19 years of experience in em-
bedded computing having worked with Fortune 500 companies in
the Industrial, Medical, and Communications markets.
www.embeddedintel.com | Embedded Intel Solutions Fall 2017 | 31
Product Showcase

Intel E3800 Series Edge-Connect Architecture

Applications
Unmanned drone/robotics (air, surface, underwater)
for leak detection, security, agriculture, science
research, and energy
Mobile computing for industrial IoT, payload/mission
computers, intelligent controllers or datalogging in a
variety of rugged environments.
Portable healthcare instrumentation and equipment.
Man-Wearable Computing...especially in rugged use
scenarios.

At just 75mm x 75mm the ADLE3800SEC is ideal for rugged,

or extended temperature use in a variety of industries Mini Embedded PC: ADLEPC-1500
including: military, rugged industrial, unmanned, energy, Dimensions: 40mm x 87mm x 87mm
transportation, medical or security and surveillance. I/O: 2x 10/100/1000 LAN; 1x USB2.0; 1x
Edge-Connect Architecture provides easy expansion and USB3.0
helps reduce cabling, integration time and system size all 1x DisplayPort
while increasing quality and overall MTBF. Options: 1xM.2 KeyB socket for PCIex1 or
SATA SSD modules
ADLE3800SEC: E3845 Quad, E3827 DC Microsoft Azure Certified for loT
Front-Side I/O
2x 10/100/1000 LAN
1x USB 2.0 ADL Embedded Solutions
1x USB 3.0 855-727-4200
1x DisplayPort [email protected]
Microsoft Azure Certified for loT

Embedded Intel Solutions

Designing with delivers in-depth product, technology
Intel Embedded and design information to engineers
and embedded developers who design with
Processors? Intel Embedded processors

CA
I Santa Clara,
April 26-27 vCon.c om
www. IoT-De
NOW !
REG ISTE R

Spring 2017

Industrial IoT
Winter 2016

Strength VRs Next

Brakes
Securing
Medical IoT
Wave
Putting the ware
on Ransom
The Case
for
s: Edge Analy IoT
Autonomou s tics
ve
Intel GO Pa y Natural La
the Wa ng
Processing uage
into Its Ow Comes
n
edd edin tel.com www.em
bed
www.emb dedintel.com
Gold Spon
ors sors
Gold Spons

Subscribe Today at
Visit www.embeddedintel.com
www.embeddedintel.com Free!

32 | Embedded Intel Solutions Fall 2017 | www.embeddedintel.com


The Eyes of the IoT Rely on
Processor Innovation
Manufacturers are increasingly using connected nodes to monitor production
on the factory floor, as well as for surveillance, traffic, and retail applications.
Seeking processing power that can boost IoT board and blade
performance, manufacturers are eagerly integrating upgrades
in microarchitecture.
Earlier this year ADL Embedded announced the ADLVIS-1700
CoaXPress/CameraLink vision system. The prototype debuted
at Embedded World, in Nuremberg, Germany. At 5.0 x 7.0 x
7.6-inch, it is claimed to be the smallest CoaXPress system in
the industry. It consists of a CoaXPress board inside the vision
box (see Figure 1). The company has used the small PCIe/104
form factor, and believes it is the first to do so.
Compact and Connected
Both the ADLVIS-1700-CL Camera Link configuration and the
ADLVIS-1700-CXP CoaXPress configuration are based on an
Intel architecture (formerly known as Skylake) central processor
unit (CPU), the QM87HD Intel Core 6th Generation i7-4700EQ
with 8GB DRAM. At Embedded World, the company explained
that Skylake combines security with hardware level TPM 2.0
encryption technology and power virtualization capabilities. The
vision system also brings the speed and resolution that has only
Figure 1: The ADLVIS-1700 Vision System comprises a CoaXPress
and Camera Link technologies.
LAST WORD
By Caroline Hayes, Senior Editor, Embedded Intel Solutions
been available on desktop Personal Computers (PCs) and larger
devices to this small form factor.
The CL has a PCIe x16 EPIX Camera Link card, and the CXP
configuration has PCIe x16 Euresys two-port CoaXPress
framegrabber. There are four removable Serial Advanced
Technology Attachment (SATA) drives (two SATA II and two
SATA III) in each, and a single cable to provide power while
sending data up to 300 feet. Transfer speed is 1200MB per second
for image capture and storage. Target applications include
3D machine vision for factory automation, hyperspectral
and multi-spectral imaging, traffic surveillance, security
monitoring and control, military and defense Intelligence,
Security and Reconnaissance (ISR), unmanned drone vision,
and high frame-rate motion analysis and recording.
Industrial Controls
The company also uses dual and quad core Intel E3800-Atom
processor options in the ADLEPC-1500 embedded PC, which
is designed for unmanned, industrial controls, and robotics.
The compact PC measures 1.3 x 3.4 x 3.2 inches and has a wide
voltage range of 20 to 30 VDC, a 24V nominal input (optional
7.0 to 36V) a temperature range of -20 to +50C, and an
extended range of -40 to +70 C, for operation in a variety of
harsh environments.
The PC is based on the ADLE3800SEC Single Board Computer
(SBC), shown in Figure 2, with either the dual core Intel Atom
E3800-3827 quad core Intel Atom E3800-3845 low-power
processors to support DirectX 11, Open GL 4.0 and full
high Definition (HD) video playback. There is also on-board
DisplayPort, USB 3.0, USB 2.0, M.2 KeyB 2242 SATA, and two
Local Area Network (LAN) ports.
Another company, ADLINK Technology, Inc., also uses the
former Skylake, 6th generation Intel processor for its cPCI-
6630 CompactPCI processor blade, which targets Industrial
IoT applications in factories, industrial automation, and
security systems (Figure 3).
www.embeddedintel.com | Embedded Intel Solutions Fall 2017 | 33
 LAST WORD
Figure 2: The ADLE3800SEC SBC has dual and quad core Intel Atom
E3800 options to support graphics technologies.
This also breaks ground, as it is believed to be the first
CompactPCI blade with the 6th generation Core i7 processor
in a 6U form factor. The blade integrates the quad-core 2.8GHz
Intel Core i7-6820EQ processor and Mobile Intel HM170
chipset, with up to 32-GB of dual-channel Double Data
Rate Fourth Generation (DDR4), Small Outline, Dual Inline
Memory Module (SO-DIMM) 2133 non-Error Correcting
Code (ECC) memory. The blade supports a 64-bit/66MHz
CompactPCI bus.
Figure 3: The ADLINK cPCI-6630 is small and uses 6th generation
Intel processing technology to support graphics and connectivity
for Industry 4.0.
For imaging, the front panel I/O includes a Digital Visual
Interface (DVI)-I and DVI-D port. DVI-I is for digital and
analog signals, and DVI-D is for digital only signals. The front
panel also has three Gigabit Ethernet (GbE) powers, three USB
3.0, one USB 2.0 and an RJ-45 COM port. For storage, there is
a 2.5-inch SATA drive and a seven-pin SATA connector as well
as onboard CFast and CompactFlash option.
The Intel Core i7-6820EQ processor supports the High
Efficiency Video Coding (HEVC) video compression standard
and the blade can support three independent displays when
mated with ADLINK Technology cPCI-R6002 or cPCI-R6100
rear transition modules.
The blade requires 5V input, to provide value-per-Watt
computing power required by industrial applications, says the
company, with the computing performance of the Intel Core
6th generation processor for communications and monitoring.
34 | Embedded Intel Solutions Fall 2017 | www.embeddedintel.com
Seventh Generation Processors
The next generation of Intel Core processors, formerly known
as Kaby Lake, are exploited by congatec, in its industrial,
Thin Mini-ITX motherboard, the conga-IC175.
Figure 4: The conga-IC175 targets IoT applications, and High
Dynamic Range provides dramatic images.
This low-profile motherboard (Figure 4) features the 7th
generation Intel Core U processors for IoT connected devices.
It targets space-constrained, low-power IoT designs, with a
Subscriber Identity Module (SIM) card socket for 3G, 4G, or
NarrowBand connectivity.
With the selection of Intel Optane memory via an M.2
connector fast system boots, application starts, video
recording and processing, and software updates are enabled,
easing the throughput of IoT applications.
The Intel Core processors were chosen for use in embedded
and IoT applications. Martin Danzer, Director, Product
Management, congatec, said: The new, low-power versions
of the high-end 64-bit Intel Core processors offer a highly
configurable Thermal Design Power (TDP) of 15W, with the
flexibility to scale dissipation from 7.5W cTDP to 25W cTDP,
for an exceptional balance of power and performance.
The industrial grade, Thin Mini-ITX motherboard ships with
four dual-core variants of 7th generation Intel Core U SoC
processors. It also follows the trend for multiple displays,
connecting to the DirectX 12-capable Intel HD Graphics 620
with up to three independent displays in 4k resolution at
60Hz via two DisplayPort (DP++) and embedded DisplayPort
(eDP) or dual-channel Low Voltage Differential Signaling
(LVDS). It also has HEVC support, while the addition of
High Dynamic Range (HDR), makes video more vibrant
for a lifelike image quality, giving texture and depth for
surveillance and monitoring of areas or production lines.
Caroline Hayes has been a journalist covering
the electronics sector for more than 20 years.
She has worked on several European titles,
reporting on a variety of industries, including
communications, broadcast and automotive.