Smart Update

Secure Update Management for your industrial shopfloor

You have full control over the firmware of your machinery

Field of application

The application area of the Smart Update is the typical industrial shopfloor. Many individual machines – from HMIs (Human Machine Interfaces) to gateways to entire robot arms – form a well-coordinated production line, the lifeline of any manufacturing industry.

In modern production lines, all these systems are not just initially tuned to each other once, but continuously fine-tuned and networked with each other. At the heart of these systems is the firmware provided by the machine manufacturer.

The up-to-dateness of this firmware is a decisive factor in determining the range of functions provided by the machines, the software errors it contains and also the associated safety risks, which is why regular software updates are a must. Some machine manufacturers already offer – more or less integrated – solutions for their devices and make the firmware available online for end customers.

The convenience of automatic updates, which we know from office IT and smartphones and which has been a matter of course in this domain for years, is currently still missing to a large extent in OT.

Machine downtimes due to updates and errors or damage in the production line due to incompatible updates are among the horror scenarios of every operator. Every minute the production line is down costs cash – so reliability is one of the highest commodities. So what is the reality of this process today?

The reality of software updates on the shopfloor can be roughly depicted in two scenarios or a combination of both.

Scenario 1
Modern fully integrated machine park

Each component of a manufacturer has an integrated update solution. The machine operator manages the firmware status of his machines via manufacturer-specific applications and can update them in a controlled manner.

As long as the number of different machine manufacturers is manageable, this is a good situation. Problems arise when the machine operator has to keep track of a large number of different portals/applications, or the manufacturer software does not address compatibility with each other.

Scenario 2
The update process is manly manual

A technician from the machine manufacturer is ordered to the company and he rattles through machine after machine on the store floor in order to manually install the updates (e.g. via USB sticks).

In most cases, the firmware is first installed on test systems, which must run without errors for some time before the firmware is released for the store floor. The update process itself is repeated in the course of this – sometimes over several days.

This is a time-consuming and usually error-prone process.

This is where Smart Update comes into play.

The concept

The approach for the secure firmware update system “Smart Update” is based on our own development, based on established IT and industry standards.

Our goal with this system is to give the machine operator back full control over the firmware versions of his machines – independent of manufacturers.

This is achieved by registering the (test) machines in the Smart Update System and defining the source of supply of the firmware.

With this information, depending on the technical interface, a live overview can be generated that shows the current firmware status of the machine and the possible updates. But this is only the beginning.

Software Repository

The update system itself generates an independent, device-specific firmware repository.
It manages the current firmware version, previous versions and possible updates.

This is vital for incremental updates and especially for device recovery processes and rollbacks.

Security

The system uses current encryption methods for secure communication and management of the devices.

A quarantine repository ensures clean separation of potentially malicious and verified firmware.

Reliability

Smart Update has the option of performing health checks on various connected machines.

Depending on the type of machine, simple network pings or complex machine-specific functions can be integrated here.

These can be executed automatically with each update to verify the completeness of the installation and – if required – to perform rollbacks.

Heterogeneity

By using vendor-independent software such as Smart Update, devices from different manufacturers can be managed and organized in one software.

There is no vendor lock-in, heterogeneous system landscapes are thus efficiently managed.

Dependencies of different software versions or dependencies between devices can also be modeled in the system.

RBAC

Not every user should be able to trigger updates? Do you also want to map your company structures in the system and set up release processes?
This is possible with Role-Based Authorization Control (RBAC).

Lightweight

Due to its efficient architecture, the Smart Update System can be operated not only on industrial PCs, but also on SOCs or edge devices.

If desired, the dashboard can also be displayed as a web application on mobile devices via a secure HTTPS connection.

Logging

A complete logging mechanism of the processes ensures transparency and traceability of the history.

Especially in the context of audits and device certifications, device-specific logging is extremely helpful.