Professional Documents
Culture Documents
Introduction 1
Documentation 2
Release notes 3
FAQ 4
Industrial Edge Virtual Device
Operating Manual
12/2023
Legal information
Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent
damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert
symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are
graded according to the degree of danger.
DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION
indicates that minor personal injury can result if proper precautions are not taken.
NOTICE
indicates that property damage can result if proper precautions are not taken.
If more than one degree of danger is present, the warning notice representing the highest degree of danger will
be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to
property damage.
Qualified Personnel
The product/system described in this documentation may be operated only by personnel qualified for the specific
task in accordance with the relevant documentation, in particular its warning notices and safety instructions.
Qualified personnel are those who, based on their training and experience, are capable of identifying risks and
avoiding potential hazards when working with these products/systems.
Proper use of Siemens products
Note the following:
WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant technical
documentation. If products and components from other manufacturers are used, these must be recommended
or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and
maintenance are required to ensure that the products operate safely and without any problems. The permissible
ambient conditions must be complied with. The information in the relevant documentation must be observed.
Trademarks
All names identified by ® are registered trademarks of Siemens Aktiengesellschaft. The remaining trademarks in
this publication may be trademarks whose use by third parties for their own purposes could violate the rights of
the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software
described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the
information in this publication is reviewed regularly and any necessary corrections are included in subsequent
editions.
1 Introduction ........................................................................................................................................... 4
2 Documentation ...................................................................................................................................... 6
2.1 Before we start .................................................................................................................... 6
2.2 Import IEVD ......................................................................................................................... 7
2.2.1 How to import IEVD to VMware ESXi .................................................................................... 7
2.2.2 Verification & Adjustment of Resources ................................................................................ 7
2.3 Booting your IEVD ................................................................................................................ 9
2.4 Onboard your IEVD to your Industrial Edge Management (IEM)............................................. 9
2.4.1 Web Onboarding ................................................................................................................. 9
2.4.2 Local Onboarding .............................................................................................................. 10
3 Release notes ....................................................................................................................................... 11
3.1 Release Notes .................................................................................................................... 11
4 FAQ ...................................................................................................................................................... 13
4.1 General ............................................................................................................................. 13
4.2 Virtualization Platforms ...................................................................................................... 13
4.3 Connectivity ...................................................................................................................... 14
Note
The license allowes a maximum of 8 CPU cores and 64 GB main memory to be configured and
used within one virtual machine.
Security information
Siemens provides products and solutions with industrial security functions that support the
secure operation of plants, systems, machines and networks.
In order to protect plants, systems, machines and networks against cyber threats, it is
necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial
security concept. Siemens’ products and solutions only form one element of such a concept.
Customer is responsible to prevent unauthorized access to its plants, systems, machines and
networks. Systems, machines and components should only be connected to the enterprise
network or the internet if and to the extent necessary and with appropriate security measures
(e.g. use of firewalls and network segmentation) in place.
Additionally, Siemens’ guidance on appropriate security measures should be taken into
account. For more information about industrial security, please visit
http://www.siemens.com/industrialsecurity (https://www.siemens.com/industrialsecurity)
Siemens’ products and solutions undergo continuous development to make them more
secure. Siemens strongly recommends to apply product updates as soon as available and to
always use the latest product versions. Use of product versions that are no longer supported,
and failure to apply latest updates may increase customer’s exposure to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial Security RSS
Feed under
http://www.siemens.com/industrialsecurity (https://www.siemens.com/industrialsecurity)
Security Measures
To fulfill "Security Guidelines for Device Builders" the following security measures were taken
during development of the Industrial Edge Virtual Device:
Network Segmentation
IEVD prohibits general routing or bridging between connected networks by default to prevent
it to operate as a bridge between two networks and therefore overrules existing subnet
segmentations that might ensure network security policies of the users' network operators.
Hard Reset
Whenever the hard reset is triggered, it is ensured that all security-relevant information is
deleted from the device to ensure that devices can be wiped for other use cases without
retrieving pre-existing information by the subsequent user.
Handling of Onboarding Credentials
Onboarding credentials are only transferred via secured connections and are not persistently
stored within the device to prevent intruders from catching files and gain access to devices or
IEM.
Time Synchronization
Time is synchronized with IEM after onboarding to ensure up-to-date information within the
device. Initial boot sequences get passed time via (virtual) RTC of the hardware.
Storage of Credentials
Credentials and certificates are stored in a secure manner as far as in scope of the device.
Secure Logging
Device emits logs via an API to be exported by IEM in case of auditing and operational
purposes.
Trusted Deployment of Updates
Updates are deployed and applied with the validation of integrity of the update package to
prevent the execution of malicious update images.
Authentication
There are no authentication mechanisms implemented by the device itself. User only
authenticates via Industrial Edge mechanisms.
Root privileges / Runtime protection
There is no authentication to the device given to the user and therefore no gain of root
privileges possible by accessing the device itself.
Miscellaneous
Due to the virtual execution of the IEVD a secured environment is assumed. Therefore, no
strong security measures in regards of physical intrusion are taken or may be achieved by the
user with hypervisor features (e.g., encryption).
In regard to intrusion from remote the device is secured and does not provide any remote
interfaces or open ports besides Industrial Edge platform dependencies.
Note
The requirements are defined to get the IEVD up and running. Depending on your planned
Edge Apps this requirements might not be sufficient. Adjusting the values is possible
(please refer to "Adjust VM Resources" in the chapter Verification & Adjustment of
Resources (Page 7)).
Verify Import
Please verify that the virtual machine matches the Before we start (Page 6).
Make sure that your virtual network adapters are connected to the right networks.
Note
Usage of two network interfaces:
The first interface is commonly used as northbound interface and connects to IEM.
The second interface is commonly used a southbound interface for connection to the shop
floor devices.
Adjust VM Resources
If defaults are not sufficient, the resources may be adjusted to your needs in accordance with
the IEVD license conditions.
Disk size
Disk size may be increased and will be applied after reboot.
Note
Disk size may not be reduced.
Shrinking of the disk size might result in data loss/corruption.
Note
Don't power off the VM after putting it into suspend state. Please shutdown the VM properly!
Prerequisites
Your IEVD instance is connected to a network with DHCP server to obtain it's IP address from.
You have access to a generated IEM Trust json-file for your IEVD instance.
You have access to a browser that can reach the IEVD instance via port tcp/443.
Process
1. Open your browser and enter the address of your IEVD instance (e.g. https://192.168.1.10) -
see login title screen if unknown.
2. Onboard your IEVD by uploading the IEM Trust json-file.
3. Wait for the onboarding process to be completed.
Result
You've successfully onboarded an Industrial Edge Virtual Device.
Prerequisites
You have valid credentials of a reachable IEM that you want to onboard to.
You have access to the console of the virtual machine instance.
Process
1. Use the provided credentials to log into your IEVD instance:
– User: onboarding
– Password: onboarding
– Password interaction is not visible on the screen.
2. Follow the instructions on the screen and choose the onboarding path you prefer:
– Basic: Just ask mandatory information to get you onboarded.
– Advanced: Configure every possible parameter that you may configure in the web-
based onboarding process.
Result
You've successfully onboarded an Industrial Edge Virtual Device.
Introduction
These Release Notes contain important information.
The information in these Release Notes has priority over that information in the manuals and
online help with regard to legal validity.
Please read these Release Notes carefully since it contains information which might prove
helpful.
What is new?
The main changes in IEVD are as follows:
• Default memory (RAM) size of VM was increased to 4 GB.
• Resource management - Allowing app developers to request the isolation (exclusive
assignment) of CPU, NIC resources to specific application.
• Fixed a bug where WebUI gives 503 Service Unavailable after upgrading to 1.14.1-1.
• Fixed a bug where Logging and Monitoring settings may be sporadically lost.
The IEVD is based on the current version of Industrial Edge Device Kit (IEDK) that may contain
new features which can be relevant for your use case.
Please refer these websites for further details:
• Industrial Edge 10/23
(https://docs.eu1.edge.siemens.cloud/release_notes/release_notes/23_10/whats_new_in_i
e_23_10.html)
• Industrial Edge 12/23
(https://docs.eu1.edge.siemens.cloud/release_notes/release_notes/23_12/whats_new_in_i
e_23_12.html)
Update IEVD
In case you already have an onboarded IEVD running under previous firmware version, you
can execute the firmware update via IEM as described in the IEM documentation.
Note
The firmware update to V1.16.1 can be applied to both V1.12.0 and V1.14.1.
Note
It is strongly recommended to make backup copy of device in case the power shortage or
other circumstances might unexpectedly interrupt the updating process. When the update
has been completed, please validate if your virtual machine still meets the requirements
mentioned in section 2.1 "Before we start".
Note
Make sure that you have at least 4 GB of disk space available within your Edge Device to run
this update. Disk measured quantity can be easily increased by extending the virtual disk.
My IEVD does not boot with "No bootable medium found!" in Oracle VM VirtualBox. How can I
boot?
By default the imported VM will not have EFI activated in Oracle VM VirtualBox. To make it
bootable you need to enable the "Activate EFI" option within the VM settings under "System".
4.3 Connectivity