This document outlines the technical details and architecture of the Machine Monitoring Edge hardware and software required to collect data from Machines, Sensors, and other Industrial Equipment.
Machine Monitoring Edge Gateway Hardware
The Edge Gateway is used to easily connect a machine to the Machine Monitoring Cloud Service using Wifi, an Ethernet Connection to the Machine, or Cellular. The Edge can be configured as a Gateway to support up to 50 machines over a network, or installed near, and powered by a single machine as an Edge. The Machine Monitoring Edge is designed to run the Machine Monitoring Edge Software.
The Edge Gateway runs an IoT device management service called Balena. This allows for remotely keeping the devices up to date, and monitor the status of all devices. A VPN is configured from the Edge Gateway device to Balena in order to troubleshoot issues and send updates automatically. The operating system is a lightweight version of Linux.
To configure WiFi and network settings, a mobile app is available on the Apple App Store called “MachineMetrics Edge Setup”. It uses Bluetooth to recognize and configure devices when in close range. An authorized MachineMetrics Account Holder can configure the edge device using this software.
Memory: 8GB standard, expandable
MachineMetrics Edge Software
Can be run on the Edge Gateway, or a customer supplied Windows Server or PC for an extra fee. This software can run multiple Machine Adapters that can be configured remotely to collect data from machines, sensors, and other industrial equipment. This data is encrypted and streamed to the MachineMetrics cloud on Amazon Web Services on an outbound connection over port 443.
Requirements for Machine Monitoring Managed Software & Edge Hardware (recommended)
Hardware is warrantied for the duration of your contract, up to 5 years, and managed by supplier. No action is required from the customer to apply updates, and if there are any issues with the hardware during warranty, hardware will be replaced.
- An Edge device per machine where available WiFi or CAT 5/6 network with internet access is available
- One Edge Gateway per location for up to 50 machines. Machines must be accessible over the network behind an unmanaged or managed switch
Edge-to-Cloud Firewall Requirements
All communication between the edge and our services are initiated by an outbound HTTPS service over port 443. The following ports must be open (outbound):
|53||UDP||Required||DNS: used to resolve balena hostnames for connection to the balena service|
|123||UDP||Required||NTP: used to synchronize time|
|443||TCP||Required||HTTPS: used by the edge to stream machine data and to poll for updates; OpenVPN is used on occassion to troubleshoot issues with an interactive terminal|
Firewall rules must permit the following domains:
|*.MachineMetrics.com||required||Machine Monitoring Communication|
|*.balena-cloud.com||required||For remote updates|
|*.docker.com||required||For remote updates|
|*.docker.io||required||For remote updates|
|notify.bugsnag.com||optional||For bug reporting|
|*.resinio.pool.ntp.org||required||For NTP (time synchronization)|
Security is taken very seriously by us and at MachineMetrics. It's not recommended that your machine be connected to the internet or your corporate network for security reasons. Often machines run PC's with older operating systems that are more susceptible to viruses. The Edge Gateway, with dual ethernet, wifi, and dockerized containers, provides this secure barrier between the internet, your corporate network, and your machine's control.
Edge-to-Machine Firewall Requirements
For heavily managed IT organizations, a manage switch might be used to control all traffic on the network between the Edge Gateway, and the machine's control. Each machine control family communicates using their own unique protocol. Here is a list of the machine control types that we communicate with. Depending on the protocol, the network requirements for what ports are used will vary.
- FANUC FOCAS (port 8193)
- Citizen with Mitsubishi control (port 683)
- Mitsubishi (port 683)
- ADAM (Digital IO using ASCII-Modbus) (port 1025)
- Allen Bradley (Digital IO using Modbus) (port 502)
- HAAS (often one of ports 5000-5999)
- MTConnect (port 7878)
- Heidenhain (port 19000)
- OPC-UA (often but not always 4840)
It is not necessary to limit the Edge communication with the machine network through port-based firewall rules.