This document outlines the technical details and architecture of the MachineMetrics Edge hardware and software required to collect data from Machines, Sensors, and other Industrial Equipment.
MachineMetrics Edge Hardware
The MachineMetrics Edge is used to easily connect a Machine to the MachineMetrics Cloud Service using Wifi, an Ethernet Connection to the Machine, or Cellular. The Edge can be configured as a Gateway to support up to 50 machines over a network, or installed near, and powered by a single machine as an Edge. The MachineMetrics Edge is designed to run the MachineMetrics Edge Software.
The MachineMetrics Edge runs an IoT device management service called Balena. This allows MachineMetrics to remotely keep the devices up to date, and monitor the status of all devices. A VPN is configured from the Edge device to Balena that MachineMetrics manages in order to troubleshoot issues and send updates automatically. The operating system is a lightweight version of Linux.
An authorized MachineMetrics Account Holder can configure the Edge Device using the Edge Management Application.
Memory: 2GB standard, expandable
MachineMetrics Edge Software
Can be run on the MachineMetrics Edge, or a customer supplied Windows Server or PC for an extra fee. This software can run multiple Machine Adapters that can be configured remotely to collect data from machines, sensors, and other industrial equipment. This data is encrypted and streamed to the MachineMetrics cloud on Amazon Web Services on an outbound connection over port 443.
Requirements for MachineMetrics Managed Software & Edge Hardware (recommended)
Hardware is warrantied for the duration of your contract, up to 5 years, and managed by MachineMetrics. No action is required from the customer to apply updates, and if there are any issues with the hardware during warranty, hardware will be replaced.
- A MachineMetrics Edge per machine where available WiFi or CAT 5/6 network with internet access is available
- One Edge with increased capacity (called the MachineMetrics Gateway) per location for up to 50 machines. Machines must be accessible over the network behind an unmanaged or managed switch
Edge-to-Cloud Firewall Requirements
All communication between the edge and our services are initiated by an outbound HTTPS service over port 443. The following ports must be open (outbound):
|53||UDP||Required||DNS: used to resolve balena hostnames for connection to the balena service|
|123||UDP||Required||NTP: used to synchronize time|
|443||TCP||Required||HTTPS: used by the edge to stream machine data and to poll for updates; OpenVPN is used on occassion to troubleshoot issues with an interactive terminal|
Firewall rules must permit the following domains:
|*.balena-cloud.com||required||For remote updates|
|*.docker.com||required||For remote updates|
|*.docker.io||required||For remote updates|
|notify.bugsnag.com||optional||For bug reporting|
|*.resinio.pool.ntp.org||required||For NTP (time synchronization)|
Security is taken very seriously at MachineMetrics. It's not recommended that your machine be connected to the internet or your corporate network for security reasons. Often machines run PC's with older operating systems that are more susceptible to viruses. The MachineMetrics Edge, with dual ethernet, wifi, and dockerized containers, provides this secure barrier between the internet, your corporate network, and your machine's control.
Edge-to-Machine Firewall Requirements
For heavily managed IT organizations, a manage switch might be used to control all traffic on the network between the MachineMetrics Edge, and the machine's control. Each machine control family communicates using their own unique protocol. Here is a list of the machine control types that we communicate with. Depending on the protocol, the network requirements for what ports are used will vary.
- FANUC FOCAS (port 8193)
- Citizen with Mitsubishi control (port 683)
- Mitsubishi (port 683)
- ADAM (Digital IO using ASCII-Modbus) (port 1025)
- Allen Bradley (Digital IO using Modbus) (port 502)
- HAAS (often one of ports 5000-5999)
- MTConnect (port 7878)
- Heidenhain (port 19000)
- OPC-UA (often but not always 4840)
It is not necessary to limit the Edge communication with the machine network through port-based firewall rules.