Skip to content

IEM Pro V2 - Introduction

Overview

IEM Pro V2 is the next generation of Industrial Edge Management Pro, building upon the proven foundation of IEM Pro while introducing significant enhancements in user experience, security, and operational capabilities.

NOTICE

IEM Pro V2 runs in parallel with IEM Pro V1 for several releases, allowing users to choose the version that best fits their deployment requirements and operational needs.

Key Improvements in V2

Documentation Structure

This IEM Pro V2 documentation focuses on features and capabilities that differ from or extend beyond IEM Pro V1. For common functionality shared between versions, refer to the comprehensive IEM Pro documentation.

The V2-specific documentation covers:

  • New Features: Capabilities unique to or significantly enhanced in V2
  • UI Changes: Interface modifications and new user experience elements
  • Fine-grained access control: Expanded capabilities of our Identity and Access Management
  • Improved operation efficiency: Take control by deleting unused or old app versions from the application catalog, or by creating system usage notifications to inform users.

What's New in IEM Pro v2

Industrial Edge Management Pro v2 (IEM Pro v2) is a significant evolution of the IEM Pro platform, introducing a modern, redesigned user interface alongside deep functional enhancements across security, access control, device management, application management, and operational tooling. This section provides a consolidated view of all capabilities delivered in IEM Pro v2 compared to IEM Pro v1.

1. Security and Compliance

1.1 Configurable Sideload Control

A new security control enables IT administrators to configure and restrict the sideloading of applications within the IEM platform. By default, sideloading is disabled, ensuring the system is secure.

  • IT admins can now enable or disable unauthorized sideloading via a dedicated control in IEM.
  • Achieves compliance with CRA (IEC62443-4-2:CR3.4).
  • Reduces the risk of malware deployment in production environments.

1.2 App Integrity and IE Device Image Signing

IEM Pro v2 enforces app integrity checks for signed applications, improving security for all app deployments on Industrial Edge Devices.

  • App integrity check enforced prior to deployment. Compliant with CRA (IEC62443-4-2:CR3.4).
  • Signed applications use an updated loading process to ensure container signatures are correctly stored in the IEM registry.
  • Container images are now deleted by tag (not by digest), preventing MANIFEST UNKNOWN errors when loading app versions that share images with previous versions.
  • App integrity is provided for all officially published applications from the Industrial Edge Hub.
  • Integrity is verified at two checkpoints: on IEM before the application is stored in the IEM registry, and on the Industrial Edge Device before installation.

1.3 System Use Notification (Custom Announcements)

IEM Pro v2 adds the capability to display a custom system use notification on the login page before authentication.

  • Administrators can configure a custom announcement message that is displayed to users on the login page before they access the platform.
  • Supports CRA compliance (IEC32443-4-2:CR1.12).

2. Identity and Access Management

Access and permissions are managed centrally in Identity and Access Management (IAM).

2.1 Fine-Grained Access Control and Role Management in IAM

IEM Pro v2 introduces a flexible, resource-level role-based access control system, replacing the coarse admin/user model of IEM Pro v1.

IT professionals (Admins), can define and manage roles to control what users are allowed to do in Industrial Edge Management.

  • Create, edit and delete custom roles directly in IAM
  • Define permissions based on actions on resources (e.g. action view on an application)
  • Supported resource types: Application, Device, Device Group, IEM
  • Assign roles to users centrally

This enables consistent and transparent permission management across all resources: Users can only perform actions they are authorized for. This replaces the former My Admin Groups and My User Groups from IEM Pro v1.

2.2 Role Templates for Resource Sharing in IEM

In addition to Admin managed roles in IAM, Role Templates enable Users to share resources directly within IEM. Role Templates are predefined sets of permissions for specific use cases, such as application or device group sharing. This enables user-driven sharing directly in IEM without requiring IAM configuration, providing structured and controlled access.

  • The application sharing with role templates replaces My User Groups from IEM Pro V1.
  • The sharing of device groups with role templates replaces My Admin Groups from IEM Pro V1.

2.3 New Resource Device Groups

Device Groups are a new resource type that allow organizing devices and controlling access to them.

  • A Device Group represents a logical collection of one or more devices
  • Devices can be grouped based on location, function, project or any relevant assembly
  • Device Groups serve as the basis for assigning access permissions

Managing Device Groups

  • In IEM, Users and Admins can create and manage Device Groups including:

  • Assign or remove devices

  • Assign or remove users with role templates

  • In IAM, administrators can:

  • Assign roles to users for specific Device Groups
  • Define permissions for managing devices or user assignments within a Device Group

This combination enables scalable device management and secure delegation of responsibilities.

3. Installation Guidance

Installation Guidance is available as a new feature to help validate application compatibility before deployment. This guidance is provided by the application developer in IE Hub and is visible to users in IEM.

  • Application-to-Application Dependency checks ensure that required applications and compatible versions are present before installation.
  • Application Update validation determines whether an installed application version can be safely upgraded.
  • Clear Allow, Warn, and Block results help users quickly assess deployment readiness.

This improves deployment reliability and reduces compatibility risks on the device.

4. Device Application Management

4.1 Application Version Deletion

Users can now delete old or unused versions of device applications from IEM, reducing storage usage and operational clutter.

  • Navigate to Application details page, click the dropdown next to the relevant version, and select Delete.
  • Improves operational efficiency and storage management.

4.2 Unified View for Catalogue and Project Applications

All device applications — whether from the Industrial Edge Hub catalogue or custom-developed — are now consolidated into a single unified view.

  • Eliminates the distinction between catalogue applications and self-developed project applications.
  • Provides a single, intuitive interface for managing all application types.

4.3 Direct App Pull and In-Platform Browsing

Users can now browse and pull applications directly within IEM.

  • Simplifies app distribution through direct browsing and pull within the platform.
  • Enables faster, self-service application deployment.

5. Backup and Restore

5.1 Backup and Restore Permission Simplification

The number of permissions required to perform backup and restore operations has been significantly reduced.

  • Create Backup: requires only the View and Create Backup actions for ie-device.
  • Restore: requires only the View and Restore device actions for ie-device.
  • Decreases the number of failed backup and restore operations and reduces user confusion.

5.2 Enhanced Status Messages and UI Feedback for Backup and Restore Operations

Status messages for backup and restore operations have been significantly improved with clear, actionable information and enhanced UI feedback.

  • A yellow warning pill indicates a partial job status.
  • An info message displays the backup target involved in the operation.
  • If additional errors occur, an error message is shown with detailed information.
  • Provides clearer feedback and helps users quickly understand the status and any issues during operations.

6. Storage Management

6.1 Device Application Storage Visibility

The Storage Management view now includes Device Application consumption alongside the existing firmware and backup storage information.

  • Provides a complete storage overview: Device Applications, firmware, and backups in one view.
  • Enables proactive storage planning and management.

7. Platform and Operations

7.1 Argo CD Support in IEM Pro Helm Chart

The IEM Pro Helm Chart now supports deployment via Argo CD, enabling GitOps-based deployments for Kubernetes administrators.

  • Enables consistent, secure, and automated deployments using GitOps principles.

7.2 IEM Log Settings Moved to Platform Settings

Log download and log settings have been moved from Admin Management to the IEM UI platform Settings, making them accessible to all authorized users.

  • Users can access log download and log settings directly from the platform Settings.
  • Improves accessibility and operational clarity.

8. User Interface

8.1 New Unified IEM PRO User Interface

IEM Pro v2 introduces a fully redesigned, modern, and unified user interface across the entire platform.

  • Modern and consistent UI across all modules.
  • Improved navigation and streamlined workflows for administrators.
  • The legacy Admin Panel has been removed. All management is integrated into the unified interface.

9. IE App Publisher / IECTL

9.1 Standalone-Only Model

IE App Publisher has been updated to align with IEM Pro v2. The tool now creates only standalone Device Applications. The App Projects section has been removed.

  • A new iectl iem-v2 group is introduced with commands supporting IEM Pro V2 API specifications.
  • App Projects section removed. Only Device Applications now exist.
  • Standalone applications can be uploaded directly to IEM.
  • Simplified application creation flow with fewer required parameters.

10. Feature Comparison: IEM Pro v1 vs IEM Pro v2

Component / Feature IEM Pro v1 IEM Pro v2 — What's New
HELM Chart — Argo CD Helm Chart deployment only. No Argo CD / GitOps support. IEM Pro Helm Chart now supports deployment via Argo CD. Enables GitOps-based, automated deployments.
Device Application Distribution — Direct App Pull No in-platform app browsing or pull. External tools required. Direct App Pull and In-Platform Browsing (In Progress). Enables faster, self-service deployment.
Device Applications — Sideload Control No configurable restriction on sideloading. IT admins can configure and restrict unauthorized sideloading via a dedicated IEM security control.
IEM PRO User Interface Legacy UI with separate Admin Panel and inconsistent navigation across modules. Fully redesigned, modern, unified UI. Admin Panel removed. All management in one interface.
IAM — Fine-Grained Access Control Coarse admin/user model. No custom roles. No resource-level permissions. FGAC with Role Management (Create, Edit, Delete). Actions validated per resource. Legacy Admin Panel removed.
Device Applications — Role Templates for Sharing My User Groups provided basic sharing. No version-level granularity. Role Templates for Application and Version Sharing. Successor to My User Groups.
Device Management — Device Groups No Device Groups. Devices managed individually. My Admin Groups only. Device Groups with Role Delegation. Scalable, collaborative device management. Replaces My Admin Groups.
Device Group Management No management of device group membership or permissions from within IEM. Full Device Group management: create groups, manage members, assign permissions.
Device Applications — Version Deletion No ability to delete individual application versions. Application Version Deletion available from Application details page.
Device Applications — Unified Catalogue View Separate views for Catalogue Applications and Project Applications. Consolidated single view of all device applications regardless of source.
Backup & Restore — Permissions Complex permission requirements for backup and restore. Multiple permissions needed. Simplified: only View + Create Backup (or Restore device) actions required for ie-device.
Backup & Restore — Partial Job Status Limited job status visibility. No partial status indicator. Yellow warning pill for partial status. Detailed error messages and info messages for operations.
Storage Management Storage view showed only firmware and backup data. No app storage visibility. Complete storage overview: Device Applications, firmware, and backups in a single view.
IEM Pro — System Use Notification No login-page notification or announcement capability. Custom system use notification message displayed on login page before authentication. CRA compliant.
IEM Pro — Log Settings Log download and settings located in Admin Management. Restricted access. Log settings moved to platform Settings. Accessible to all authorized users directly from the IEM UI.
Device Apps — App Integrity & Signing No app integrity check or enforced signing prior to deployment. App integrity check enforced. CRA-compliant (IEC62443-4-2:CR3.4). Updated image signing and loading process.
IE App Publisher / IECTL Supported both App Projects and standalone apps. More complex parameters required. Standalone-only model. New iectl iem-v2 group. App Projects removed. Fewer required parameters.
Application Configuration Service (ACS) Separate ACS component used to render app configurations during installation. ACS removed. Configuration integrated directly into the IEM app installation flow.

11. Deprecations and Removals

The following capabilities from IEM Pro v1 have been deprecated or removed in IEM Pro v2.

Item Status Migration
Legacy Admin UI Panel Removed Use the new Fine-Grained Access Control interface for all user, role, and permission management.
My Admin Groups Replaced Replaced by Device Groups with Role Delegation.
My User Groups Replaced Replaced by Role Templates for Application and Version Sharing.
App Projects (IE App Publisher) Removed Use standalone Device Applications only. Upload directly to IEM using iectl iem-v2 commands.
Application Configuration Service (ACS) Removed Application configuration is now handled through standard options in the IEM app installation flow.
NGINX Ingress Controller (IEM Pro) Deprecated Switch to a different ingress controller class. Removal planned in a future release.

12. Resolved Issues and Security Updates

  • Implemented security updates for underlying components.
  • Resolved an issue that caused backup or restore jobs to fail when the user session had expired.
  • Resolved an issue where backup jobs would fail if a label was assigned to the device.
  • Enhanced logging mechanisms for "Something Went Wrong" errors to enable more efficient and accurate troubleshooting.