Overview
Industrial Edge Hub
Industrial Edge Hub
- Setup
- Operation
  Operation
  - Sign Up
  - Log in and sign out
  - Home
  - Application Provisioning
    Application Provisioning
    
    Hub to Hub transfer
  - Product Management
    Product Management
    
    Overview
  - Library
    Library
    
    Library
    
    Copying an app to IEM instances
    
    Purchasing an app
  - License Management
    License Management
    
    Overview
    
    Purchased licenses
  - IEM Instances
    IEM Instances
    
    IEM Instances
    
    Managing IEM instances
  - Download Software
  - User Management
    User Management
    
    Overview
    
    Inviting a new user
    
    Managing user roles
    
    User roles
  - Hub Settings
    Hub Settings
    
    Overview
    
    Renaming hub display names
  - Notification Settings
  - Switching hub
  - Cancelling an IE Hub Subscription
  - Customer Feedback
Industrial Edge Management
Industrial Edge Management
- IEM Overview
- Setup and operate
  Setup and operate
  - IEM Virtual
    IEM Virtual
    
    Setup
    Setup
    
    General requirements
    
    Setup steps
    
    Download the OVA Package
    
    Deploy the Virtual Machine
    Deploy the Virtual Machine
    
    VMware Workstation
    
    VMware ESXi Server
    
    Provision the IEM Virtual
    
    Operation
    Operation
    
    Network configuration via console
    
    Service & maintenance
    Service & maintenance
    
    Overview
    
    Login
    
    UI
    
    Download log files
    
    Security considerations
  - IEM Cloud
    IEM Cloud
    
    Setup
    Setup
    
    Creating the IEM Cloud Instance
    
    Revealing the initial user passwords
    
    Operation
    Operation
    
    Update
    
    Delete
  - IEM Pro
    IEM Pro
    
    Introduction
    Introduction
    
    Overview
    
    Architecture
    
    General Requirements
    
    Setup
    Setup
    
    Setup Cluster
    Setup Cluster
    
    Using kOps
    Using kOps
    
    Introduction
    
    Prerequisites
    
    Creating pro Cluster
    
    Adjusting created Security Groups
    
    Using minikube
    
    Using Docker Desktop
    
    Using K3s
    
    Using openshift
    
    Deploying IEM Pro
    
    Extensions
    Extensions
    
    Logging & Monitoring
    
    Device Catalog
    
    Uninstalling IEM Pro
    
    Operation
    Operation
    
    Proxy Settings
    
    TLS Certificate
    
    IE Gateway
    
    Monitoring
    
    Planning capacity
    
    Backup & Restore
    Backup & Restore
    
    Industrial Edge Management
    
    Provisioning CLI
    Provisioning CLI
    
    Overview
    
    Installation
    
    Selecting an IEM Pro Instance
    
    Configuration Input
    
    Importing and Exporting Configuration
    
    Configuration Files
    
    Configuration Stored in Cluster
    
    Interaction with Helm CLI
    
    Configure Service Mesh
  - IEM OS (deprecated)
    IEM OS (deprecated)
    
    Setup
    Setup
    
    Setup steps
    
    Downloading the Industrial Edge Management OS
    
    Creating an IEM instance and downloading the configuration file
    
    VMware Workstation
    VMware Workstation
    
    Creating the VM
    
    Configuring the VM
    
    Installing the Industrial Edge Management OS
    
    Oracle VirtualBox
    Oracle VirtualBox
    
    Creating the VM
    
    Configuring the VM
    
    Installing the Industrial Edge Management OS
    
    VMware ESXi
    VMware ESXi
    
    Creating and configuring the VM
    
    Installing the Industrial Edge Management OS
    
    Configuring the Industrial Edge Management
    
    Activating & Installing the Industrial Edge Management
    Activating & Installing the Industrial Edge Management
    
    Activating the Industrial Edge Management
    
    Installing the Industrial Edge Management
    
    Settings
    Settings
    
    Settings
    
    Editing network settings
    
    Setting up a proxy server
    
    Configuring the Docker network
    
    Downloading system logs
    
    Adding an NTP server
    
    Certificate requirements
    
    Installing configurators
    
    Adding a relay server
    
    Operation
    Operation
    
    Overview
    
    Sign up
    
    Log in
    
    Reset password
    
    Home
    Home
    
    Home
    
    User profile
    
    Storage Manager service
    
    Catalog
    
    Statistics
    
    My User Groups
    My User Groups
    
    Overview
    
    Creating and editing an user group
    
    Roles
    
    Adding apps
    
    Inviting members
    
    Removing apps
    
    Settings
    Settings
    
    Settings
    
    Alerts
    
    Configuration
    
    Connectivity
    
    Storage
    Storage
    
    Storage
    
    Adding additional storage to the IEM
    Adding additional storage to the IEM
    
    IEM
    
    Oracle
    
    VMWare
    
    VMWare esxi
    
    System
    System
    
    System
    
    Adding and editing NTP servers
    
    Members
    
    Backup and restore
    Backup and restore
    
    Creating a backup of the IEM OS
    Creating a backup of the IEM OS
    
    via VM Workstation
    
    via Oracle
    
    Restoring the IEM OS from a backup
    Restoring the IEM OS from a backup
    
    via VM Workstation
    
    via Oracle
    
    Industrial Edge Management Services
    Industrial Edge Management Services
    
    Overview
    
    Service to Backup & Restore Edge Devices
    Service to Backup & Restore Edge Devices
    
    Overview
    
    Installation
    
    Update
    
    Configuration
    Configuration
    
    Configuration
    
    Storage size
    
    Monitoring service
    
    Backup devices
    
    Restore devices
    
    Compatibility
- Utilize
  Utilize
  - Launchpad
  - Navigation
    Navigation
    
    Top navigation
    
    Sign up & Navigation (Previous design)
    Sign up & Navigation (Previous design)
    
    Sign up
    
    Log in and sign out
    
    Reset password
    
    Home page
    
    Certificate Management
    Certificate Management
    
    Types of certificates
    
    Overview
    
    Communication relations
    
    Secure connections to the IEM
    Secure connections to the IEM
    
    Overview
    
    Importing certificates to the internet browser
    
    Alerts
    
    User profile
    
    Navigation
  - Homepage
    Homepage
    
    Discover a new experience
  - Applications
    Applications
    
    Management Applications
    
    Pre-Provisioned Applications
    
    Device Applications
    
    Install Device Applications
    
    Catalog (Previous design)
    Catalog (Previous design)
    
    Overview
    
    Importing Edge Apps
    
    Installing an app from the catalog
    
    My Installed Apps (Previous design)
    My Installed Apps (Previous design)
    
    Overview
    
    Managing an app
    
    Scheduling an app job
  - Devices
    Devices
    
    Device overview
    
    Device onboarding
    Device onboarding
    
    Overview
    
    Device configuration
    
    Device onboarding
    
    Device configuration (legacy user interface)
    Device configuration (legacy user interface)
    
    Creating the Edge Device configuration file
    
    New Edge Device - Parameters
    
    Layer 2 network access
    
    Configuring a Layer 2 network access
    
    Settings
    Settings
    
    Editing network and Layer 2 network access settings
    
    Setting up a proxy server
    
    Configuring the Docker network
    
    Downloading logs
    
    Adding an NTP Server
    
    Secure Connection
    
    Device details
    Device details
    
    Details
    
    Settings
    Settings
    
    Memory limit check
    
    Certificate
    
    Streaming logs
    
    Logging
    Logging
    
    Overview
    
    Editing log settings
    
    Device logs
    
    Application logs
    
    Backup & Restore
    Backup & Restore
    
    Configuration
    
    Backup devices
    
    Restore devices
    
    Compatibility
    
    Monitoring Service
    
    Identity federation
    Identity federation
    
    Configuration
    
    Known Issues
    
    Edge Devices (Previous design)
    Edge Devices (Previous design)
    
    Overview
    
    Managing labels
    
    Checking statistics
    
    Removing an Edge Device
    
    Adding tags
    
    Downloading IEM CA certificate
    
    Managing logs
    
    Importing certificates
    
    Enabling and disabling remote access
    
    Storing an Edge Device state
    
    Restoring an Edge Device state
    
    Edge Device system commands
    Edge Device system commands
    
    Edge Device system commands
    
    Updating an Edge Device
    
    Storing multiple Edge Device states
    
    Restoring IED states of multiple Edge Devices
  - Data Connection
    Data Connection
    
    Overview
    
    Apps for Data Connection
    
    UI of Data Connections
  - App Projects (Previous design)
    App Projects (Previous design)
    
    Overview
    
    Authorized Apps
    Authorized Apps
    
    Overview
    
    Joining other projects
    
    Creating a project
    
    Editing a project
    
    Creating an app
    Creating an app
    
    Creating an app
    
    Creating an app - Parameters
    
    Assigning labels
    
    Enabling the external configurator
    
    App details
    
    App configurations
    App configurations
    
    Creating configurations
    
    Available app configurations
    
    Versioned configuration files
    
    Template based configurations
    
    File upload configurations
    
    Add configuration to app - Parameters
    
    IE Application Configuration Service
    IE Application Configuration Service
    
    Overview
    
    Installing the IE App Configuration Service manually
    
    Integration of the IE Acs compatible app configurations
    
    Downloading and checking app configuration
    
    Installing an app from my projects
    Installing an app from my projects
    
    Installing an app from my projects
    
    Installing an app via the IE ACS
    
    Updating an app configuration via the IE ACS
    
    Privileged and network mode
    
    Updating Edge Apps via the IE App Publisher
    Updating Edge Apps via the IE App Publisher
    
    Updating an Edge App
    
    Importing an Edge App to the IE App Publisher
    
    Uploading an Edge App to the IEM
  - User Management (Previous design)
    User Management (Previous design)
    
    My User Groups
    My User Groups
    
    Overview
    
    Creating and editing an user group
    
    Roles
    
    Adding apps
    
    Inviting members
    
    Removing apps
    
    My Admin Groups
    My Admin Groups
    
    Overview
    
    Creating and editing an admin group
    
    Roles
    
    Adding an Edge Device
    
    Inviting Members
    
    Joining other groups
    
    Removing and checking Edge Devices
  - Job status (Previous design)
    Job status (Previous design)
    
    Overview
  - Admin Management
    Admin Management
    
    Overview
    
    Dashboard
    
    Edge Devices
    Edge Devices
    
    Edge Devices
    
    Downloading logs
    
    Submitted apps
    Submitted apps
    
    Submitted apps
    
    Unpublishing apps
    
    Deleting apps
    
    Registered Users
    Registered Users
    
    Registered Users
    
    Transfer IEM access
    
    Manage Roles
    Manage Roles
    
    Manage Roles
    
    Creating a role
    
    My Admin Groups
    My Admin Groups
    
    My Admin Groups
    
    Creating an admin group
    
    Inviting members to an admin group
    
    Settings
    
    Security
    
    Device Catalog
    
    Licenses
    Licenses
    
    License Management in IEM Virtual / Pro / Cloud
    
    License Management in IEM OS (deprecated)
    License Management in IEM OS (deprecated)
    
    IE Licensing Service
    
    Creating and sending license report to IE Hub
    
    Installing the IE Licensing Service
  - Platform settings
  - Identity and Access Management
    Identity and Access Management
    
    Overview of IAM
    
    Authorization concept
    
    User management
    
    Security
    
    Adding identity provider
    
    Clients
    
    Guides
    Guides
    
    Verify users email address
    
    Known issues
    
    Technical overview
    
    Known issues
    
    Best practices
Industrial Edge Device
Industrial Edge Device
- Setup and operate
  Setup and operate
- Utilize
  Utilize
  - Apps
  - Management
  - Statistics
  - Certificate Management
    Certificate Management
    
    Overview
    
    Manage IED Gateway Certificates
    
    Manage Certificate Trust Store
  - App Developer Mode
    App Developer Mode
    
    Overview
    
    Advanced View
  - Identity And Access Management
    Identity And Access Management
    
    Roles
  - My User Groups
    My User Groups
    
    Overview
    
    Creating and editing a group
    
    Roles
    
    Adding apps
    
    Inviting users
    
    Inviting registered Users
  - Catalog
  - Settings
    Settings
    
    Configuration
    
    Connectivity
    Connectivity
    
    Network and Layer 2 network access
    
    Proxy settings
    
    Docker network settings
    
    Registered ports
    
    System
    System
    
    System
    
    Enabling app developer mode
    
    Members
    
    Registered users
    
    Logging & Monitoring
    Logging & Monitoring
    
    Overview
    
    Stream based Logging
    Stream based Logging
    
    Metrics Service overview
    
    Destination
    Destination
    
    Management
    
    Specs
    
    Examples
    
    Creating metrics configuration
    
    Export & Import configuration
    
    Global Settings & Limitations
    
    Metrics data
    
    Prometheus Support
    
    File based Logging
    
    Resource Manager
  - Edge Device Notifications
  - Storage manager service
  - Audit Event
Security
Security
- General Data Protection Regulation (GDPR)
- System Overview
- Certificates
- Operational environment - Example
- Contacted domain names
- IP protocols and ports
- Industrial Edge components - Security measures
  Industrial Edge components - Security measures
- Setup guidelines and recommendations
  Setup guidelines and recommendations
  - Setup guidelines and recommendations
  - General recommendations
  - Network security and segmentation
  - Identity and access management
  - Secure channels and encryption
  - Security logging and monitoring
  - Backup and restore
  - Attack Surface Reduction
  - Patch management
    Patch management
    
    Overview
    
    Information on updates
    
    Patch management
  - Malware protection
  - Secure app development
  - App security App security
    Table of contents
    
    Protection of self-developed apps
    
    Access control of self-developed apps
    
    Data protection
    
    Encrypted communication between Edge Apps
    
    Secure exposure of app communication
    
    App secrets and other confidential information
    
    App installation information warnings
Updates & Migrations
Updates & Migrations
- Overview
- Updating the IEM Pro
- Updating the IEM Virtual
- Updating the IEM Cloud
- Updating the IEM OS (end-of-life)
  Updating the IEM OS (end-of-life)
- Updating Configurators (end-of-life)
- Updating Device Applications
- Updating Edge Devices
- Relocating Edge Devices
- Migrate to Management Apps
Support

App Security¶

Protection of self-developed apps¶

Customers are responsible for implementing all required security measures protecting their self-developed apps with regard to security, and for preventing unauthorized access to their own apps by applying suitable access control measures to their exposed application workload.

Access control of self-developed apps¶

Customers are responsible for the access control of each developed app and for preventing unauthorized access to their apps. This applies to device-internal app-to-app communication and communication from/to services running outside the device.

Data protection¶

In Industrial Edge, customers have the possibility to store data outside of Edge Devices such as in their backend services running for instance on cloud infrastructure operated by the customer.

Customers are responsible for the confidentiality, integrity and availability (CIA) of data stored outside of Industrial Edge Devices and for preventing unauthorized access to the stored data.

Encrypted communication between Edge Apps¶

Customers are responsible for implementing encrypted and secure communication channels (e.g., HTTPS using TLS 1.2) for their apps.

Secure exposure of app communication¶

To secure the exposure of apps to the outer world, apps can use the platform provided reverse proxy.

Apps may directly expose communication interfaces by passing the proxy. In that case, the app needs to secure the communication properly.

Ephemeral (random) ports exposed by applications should be confined to the secure boundaries of the Industrial Edge Device — for example, for local WebUI, local engineering or debugging purposes.

App secrets and other confidential information¶

Application-specific secrets (passwords, tokens, private keys) must NOT be stored inside the container images belonging to an Industrial Edge App. They must also NOT be in the docker-compose file. They should be stored in the app-specific cfg-data directory or any other persisted volume on the Industrial Edge Device. Access credentials required for accessing an app or by an app must be created as device-specific credentials and must NOT be shared via multiple devices.

App installation information warnings¶

Customers can install any app on their IEM. To help keeping the system secure, a warning is showed when installing the app. Problematic app capabilities such as privileges, open ports and the app signature state are here visible.

opa warning

Non-critical apps also show any app information.

opa install