Find place for your discussion in the netPI Forums
netPI is a Raspberry Pi 3 B architecture based platform for implementing Cloud, Internet of Things and Industry 4.0 customized
Edge Automation projects safely over containerized software utilizing Docker. Hilscher designed it in cooperation with Element14,
the Raspberry manufacturer, and upgraded it specially for industrial use. Its single-circuit board combines the Pi 3 B
circuitry, its standard interfaces, Hilscher's multi-protocol Industrial Network SoC netX plus two extra Industrial Ethernet
ports. By design netPI's overall software architecture complies with the Cyber Security Standard IEC 62443 for Industrial
Automation and Control Systems to counter threats such as unauthorized accesses, software manipulation and eavesdropping
and relies on a security enhanced Linux. Default access for configuring and managing it is granted via a web-based GUI.
Additional software and applications can only be applied by accredited users using the preinstalled Docker virtualization
environment in isolated and safe containers to be inline with the security concept.
netPI is a Docker host. Docker is a software that packs applications into containers and runs them as they would run on system-level but isolated in their private virtual environments. Any container is launched from a specific image template that is a software snapshot of everything the container needs to run autonomously such as operating system, directories, tools, applications, user-added files and configuration settings. When a container is created Docker virtualizes an instance of the self-contained image and adds dynamic aspects to it like an own drive volume, network stack, namespaces and control groups. This form of isolation allows to run multiple containers at a time without influencing each other or the Docker host. Image templates are portable and can be exchanged across registries. This enables distributing and shipping ones work to everybody either in privat or public manner. For easy on-board Docker management netPI provides the Docker web UI portainer.io as front end to the user.
With Raspberry the focus is "the affordable PC for everybody" with an open and customizable software ecosystem like Raspbian OS. The brilliant playground concept at platform's best price/performance ratio is encouraging the community to the day realizing even the most unusual computer projects with it. But openness embeds drawbacks. When applications are directed to the industry security is coming significantly to the fore. In the majority of today's Raspberry projects the provided software 1.) is a chaotic mix of multiple components embedding unpredictable security risks and 2.) has never been assessed and designed concerning security at all.
netPI however is different and its security concept was considered from the beginning. Docker plays a significant role in this concept.
Docker starts containers with a white list restricted set of capabilities to make the Docker host system immune to external exposures by default. But Docker is running as root and could pass this privilege and others on to a container. However the simple example of a containerized web server application binding just a specific port on providing its web content makes clear that in nearly 100% of all cases giving privileges is not needed at all. Security comes first here. Even if the web server is perfectly operating, an intruder would never succeed to become system root independent how vulnerable it is if the container is of type non-root. So with Docker security is just a matter of provided container privileges. The IEC 62443 claims to live a consequent asset life-cycle security and risk management in an administered way. It prescribes that only suitably trained and accredited personnel are entitled to manage as critically identified components such as Docker. So netPI's security rises and falls with the administrators responsible for its setup.
There are two possibilities dealing with container images. Either you use already built images with ready-made applications or you build own images fitting your demands.
Building an own image is easy. An image needs a base and in best case it consists just of that. The base consist usually of an operating system like Ubuntu, Debian or CentOS. Those and many more are offered prebuilt on Docker's public registry Docker Hub ready for pulling. Naturally the well-known Raspbian is provided too. On top of this image you can add and install everything your application shall consist of. When ready you make the final commit of your customized image. You can keep it private or upload it to the registry for others.
netPI is a Docker host only. You can deploy images and run containers from them but you cannot build images on-board. netPI's security concept prohibits SSH servicing and hence you can't get access to Docker build commands. Since containers run the same on any compatible hardware use a Raspberry Pi 3 instead for image development. We feel $30 for the consumer Pi is a low and riskless invest for getting familiar with Docker, making usability and performance tests of applications before moving them onto the professional netPI. Try it out today and install Docker with a single command on your Pi as described here.
Node-RED is today's best web browser-based toolsuite for developing Cloud, Internet of Things and Industry 4.0 projects in an intuitive way. "Clicking" together logical data relations of heterogeneous services by leveraging pre-built blocks of code named "Nodes" in a flow-based manner is achieving such a high abstraction degree that even amateurs quickly understand its principle and can develop impressive data flows rapidly. In seconds data from one source such as TCP/IP, HTTP, MQTT, Email, serial etc. can be brought into a context and linked together with data from any other sources to a destination by simple mouse clicks. The Raspberry organization recognized the simplicity of Node-RED as well and made it an integral part of their Raspbian (desktop version). Renowned manufacturers such as IBM, Microsoft and Amazon discovered it for their own use and offer nodes establishing communication links to their Cloud solutions free to download. The community counts over 1000 nodes meanwhile which underlines the power of Node-RED. Its widespread use, its JavaScript programing language basis, its ease of use, the very minimal to no coding were reasons for us to offer netPI's features in samples of Node-RED nodes inclusive their source code.
The netPI RTE 3 device features a multi-protocol controller netX supporting the most common Industrial Ethernet or Fieldbus protocols as a slave/device. A simple input and output memory buffer exchanges IO data between a bus master and an application program transparently. Switching between different protocols is just a thing of loading and starting the chip with a different firmware. For immediate use a reference implemenation of the protocols PROFINET IO device and EtherNet/IP adapter are available as Fieldbus nodes for Node-RED with a link to the source code. C code based running examples for the protocols PROFINET, EtherCAT, EtherNet/IP, Modbus TCP and POWERLINK are made public as well for supporting programmers dealing with own applications.
netPI RTE 3 features an FRAM (NVRAM) to store frequently changing data non-volatile where a normal NAND FLASH comes to its limits. A sample container with two FRAM nodes written for Node-RED in Javascript are providing random read and write access to this memory. With the linked container's source code programmers have an easy life in abstracting the FRAM access logic and transforming it to another programming language.
For maximum connectivity netPI features an expansion slot at its bottom where different networking modules named NPIX (NetPIeXpansion) can be applied to. Sample containers with a Node-RED implementation mostly in focus enable their immediate use. The source code is always linked and serves as programming reference for other programming scenarios. The NPIX board/slot dimensions and connector pinout are public for everybody allowing the development of own designs with our help. Today's available modules are:
RS232 serial interface | NIOT-E-NPIX-RS232 |
---|---|
RS485 serial interface | NIOT-E-NPIX-RS485 |
CAN 2.0A/B | NIOT-E-NPIX-RCAN |
4 Digital Input/Output | NIOT-E-NPIX-4DI4DO |
NPIX slot evaluation board | NIOT-E-NPIX-EVA |
Main Processor | Broadcom BCM2837, 64Bit quad-core @1.2Ghz |
---|---|
RAM Memory | 1 GByte |
FRAM Memory | 8 KByte (RTE 3 only) |
FLASH Memory | 8 GByte, MLC NAND (384TBW) 32 GByte, pSLC NAND (1920TBW) |
Interfaces | 4 x USB 2.0A (max. load 1A), 1 x HDMI, 1 x Wifi/BT |
Real-time clock | supercapacitor buffered (7 days backup) |
Industrial Network SoC | netX 51 (RTE 3 only) |
Ethernet | 1 x RJ45 standard, 10/100Mbit/s 2 x RJ45 industrial, 10/100Mbit/s (RTE 3 only) |
Indicators | 8 LEDs, 2 programmable (RTE 3) 4 LEDs, 2 programmable (CORE 3) |
Dimensions | 140 x 35 x 105 mm (H x W x L) |
---|---|
Enclosure | Metallic, top hat rail-mountable, IP 20 |
Weight | 400g |
Power Consumption | min. 4,2W (no USB), max. 9W (USBs max. load 1A) |
Temperatures | -20°C ... +60°C operating, -40°C ... +85°C storage |
Approvals | CE, FCC, UL, KCC, RED |
EMC | EN 55011:2009, IEC 61000-6-2/3:2005, EN 61131-2 |
Shock and Vibration | IEC 60068-2-27:2008-02, IEC 60068-2-6:2007-12 |
Operating System | Yocto based Linux, Kernel 4.9.x or higher (AppArmor secured) |
Docker | 18.09.2-ce or higher with portainer.io web UI |
Need help with netPI development? Find below the resources needed for starting your own projects.
All netPI models can be purchased via the netIOT Shop (shipps globally). If you want to order larger volumes, feel free to contact us
At the netIOT Shop you can order your netPI and accessories - globally
To the netIOT Shop