Download as PDF, PPTX
![© 2022, Amazon Web Services, Inc. or its affiliates.
Eurotech’s key activities
@Embedded World 2023
Eurotech & InoNet
[ hall 3 booth #153 ]
Robotic arm demo:
AI on the edge & digital twin
in the cloud
Show edge computing / AI vision and IoT
capabilities of our edge devices (real-time
detection on the edge and digital twin
creation and remote management
in the cloud).
arm booth
[ hall 3 booth #153 ]
AWS booth
[ hall 4 booth #550 ]
Eurotech AWS Ducati Live demo
Purpose: The demo shows how a Substation Bay Control
Unit can be easily connected to an IoT Gateway and be
remotely controlled and monitored with a few easy steps,
leveraging the power of the integration between ESF and
AWS IoT Greengrass. From Zero-Touch-Provisioning to a
fully functional web dashboard and upstream integrations,
using a ReliaGATE 10-14, ESF, EC, and AWS IoT Greengrass.
ABB AWS Live demo
The demo shows a remote monitoring application on ABB
Electrification devices. It employs a Eurotech gateway
(ReliaGATE 10-14) connected to one (or more) ABB devices.
The data from the ABB devices are collected by the gateway and
sent to the Cloud (integration with Eurotech Everyware cloud and
AWS services), where they are displayed on a dashboard.](https://image.slidesharecdn.com/enablingsupplychainflexibilityandiotscalewithzerotouchprovisioning-230720113140-ac511ef3/75/Enabling-supply-chain-flexibility-and-IoT-scale-with-zero-touch-provisioning-13-2048.jpg)
Uploaded byEurotech
Enabling supply chain flexibility and IoT scale with zero touch provisioning
This document discusses zero-touch provisioning for IoT devices using device identities and Amazon Web Services IoT services. It describes how device identities can be provisioned at each stage from manufacturing to deployment to enable secure connectivity and management over the device lifecycle. The document outlines a demo showing how Eurotech edge devices can be provisioned and connected to AWS IoT Greengrass and AWS IoT Core without manual configuration through zero-touch provisioning of device identities.
More Related Content
Similar to Enabling supply chain flexibility and IoT scale with zero touch provisioning
Enabling supply chain flexibility and IoT scale with zero touch provisioning
- 1. © 2022, AmazonWeb Services, Inc. or its affiliates. © 2023, Amazon Web Services, Inc. or its affiliates. Enabling Supply Chain Flexibility and IoT Scale with Zero Touch Provisioning S E S S I O N 1 . 2
- 2. © 2022, AmazonWeb Services, Inc. or its affiliates. Speakers Ben Cooke Partner Solutions Architect IoT & Edge Thomas Lorenser Director GPC Compute Marketing ARM Marco Carrer CTO Eurotech
- 3. © 2022, AmazonWeb Services, Inc. or its affiliates. IoT Device Birth to Service Journey Component Supply Chain Manufacturer Distributor Integrator Installer Months to Years A lot can change with a business in this time…
- 4. © 2022, AmazonWeb Services, Inc. or its affiliates. IoT Device Birth to Service Journey Fleet Operator Device Manufacturer ≠
- 5. © 2022, AmazonWeb Services, Inc. or its affiliates. IoT Device Life-Cycle Use Cases 2. Offline provisioning in the supply chain 1. Provisioning device at time of install 3. Factory refurbishment and migration of previously fielded devices 4. Disaster recovery orchestration
- 6. © 2022, AmazonWeb Services, Inc. or its affiliates. The device identity “blob” Device Identifier(s) – Serial Number, etc Device Root Identity Cert Device Service Cert Device Root Pub/Priv Keys Device Service Pub/Priv Keys Factory Meta Data – Default SW Version, config, etc Cloud Meta Data – Groups, roles, account, etc Device Manufacturer Fleet Operator Operational Meta Data – SW Version, config, etc
- 7. © 2022, AmazonWeb Services, Inc. or its affiliates. Secure Device Identities (DevIDs) IEEE 802.1AR Secure Device Identity § Globally unique-per-device identity § Unique-per-device secret (private key) § Cryptographically bound to a device § Public X.509 certificate w/ certificate chain Initial Device ID (IDevID) § Attests Supply-Chain and Device Platform Integrity § Installed by OEM and signed by OEM CA § Certificate w/ device serial number, SAN, and Certificate Policy § Certificate never expires Local Device ID (LDevID) § Attests Device Ownership § Signed by Device Owner § Installed by Device Owner or OEM/Distributor on behalf of Device Owner § Certificate long-lived Operational Device Identity (OpDevID) § Authentication Credentials for IoT Service Connectivity § Signed by Device Owner CA trusted by IoT Service § Enrolled by the device firmware § Certificate short-lived
- 8. © 2022, AmazonWeb Services, Inc. or its affiliates. Device Identities EK EK TPM Endorsement Key TPM Endorsement Certificate Seeded at TPM manufacturing Certificate managed by TPM manufacturer IDevID IDevID signing and attestation key IDevID Certificate signed by OEM Seeded at Device Manufacturing Certificate managed by OEM PKI Certificate never expires LDevID LDevID signing and attestation key LDevID Certificate signed by customer CA Seeded at Device Enrollment. Certificate managed by Customer PKI Certificate long-lived OpDevID Operational Device Identity (OpDevID) OpDevID authentication key OpDevID Certificate signed by Customer CA used by the IoT Service Seeded at Device Provisioning. Certificate managed by Customer PKI Certificate short-lived TPM 2.0 Control Domains Endorsement Hierarchy (EH) Owned by TPM Manufacturer and OEM Platform Hierarchy (PH) Owned by OEM Storage Hierarchy (SH) Owned by the end- customer Secure Device Storage
- 9. © 2022, AmazonWeb Services, Inc. or its affiliates. Manufacturing Facility OEM IDevID Seed IDevID Key Enroll IDevID Certificate with OEM PKI Store IDevID Cert in TPM PH Distributor Facility Global Distributor LDevID Seed LDevID Key Enroll LDevID Certificate with Customer PKI Store LDevID Cert in TPM SH Customer Site Local Distributor Install AWS IoT Greengrass Configure AWS IoT Endpoints Configure Network Access Configure Edge Application(s) Installation Site Field Installer OpDevID Seed OpDevID Enroll OpDevID Certficate with Customer PKI AWS IoT Core Just-in-time provisioning (JITP) Create the AWS IoT Thing Create policy for IoT Thing Attach policy to OpDevID Update AWS IoT Greengrass Remote Updates Repurposing Decommissioning Over-the-air updates maintain the device secure Device Certificates are renewed by device firmware with the corresponding PKI through the EST protocol Repurposing within an organization restores the post-enrollment device state Decommissioning restores the post-manufacturing state Manufacturing Enrollment Commissioning Provisioning Management IoT Thing IoT Shadow AWS IoT Greengrass AWS IoT Core AWS IoT Provisioning Lambda Device Life-Cycle
- 10. © 2022, AmazonWeb Services, Inc. or its affiliates. From this… 1. Download AWS IoT Greengrass 2. Install AWS IoT Greengrass 3. Follow link to instruction 4. Configure AWS IoT Greengrass nucleus 5. Create the AWS IoT Thing 6. Create the certificate from a private key in an HSM 7. Create a CSR for the AWS IoT Thing 8. Create a Certificate for the AWS IoT Thing 9. Create policy for IoT Thing and attach it to certificate 10. Import the AWS IoT Thing Certificate into the HSM 11. Update the AWS IoT Greengrass Core configuration Demo … to Zero-touch AWS IoT Secure Provisioning 1. Commission 2. Provision 3. Connect Secure Zero-Touch Provisioning
- 11. © 2022, AmazonWeb Services, Inc. or its affiliates. Demo Architecture Eurotech ESF and AWS IoT Greengrass Standard PKI Hardened Everyware Linux (based on Yocto) Secure Hardware (Secure CPU, TPM 2.0) Digital Twins Wires Secure Firmware (u-boot, ARM Trusted Firmware) Updates Diagnostics IEC 62443-4-2 PSA Level 1 PARSEC Log Analytics Fieldbus Protocols Security Manager Application Services Device Management Services Connectivity Services EST Enrollment AWS IoT Core Connector Everyware Software Framework AWS IoT Greengrass AWS IoT Greengrass Nucleus AWS IoT Core AWS IoT SiteWise AWS IoT Device Defender Client device auth MQTT Bridge MQTT Broker AWS IoT Device Defender AWS IoT Device Shadows Device Management Remote Access AWS IoT Analytics EST MQTT MQTT REST Any other device and sensor Meters Motor controllers Breakers and switches
- 12. © 2022, AmazonWeb Services, Inc. or its affiliates. Demo Video
- 13. © 2022, AmazonWeb Services, Inc. or its affiliates. Eurotech’s key activities @Embedded World 2023 Eurotech & InoNet [ hall 3 booth #153 ] Robotic arm demo: AI on the edge & digital twin in the cloud Show edge computing / AI vision and IoT capabilities of our edge devices (real-time detection on the edge and digital twin creation and remote management in the cloud). arm booth [ hall 3 booth #153 ] AWS booth [ hall 4 booth #550 ] Eurotech AWS Ducati Live demo Purpose: The demo shows how a Substation Bay Control Unit can be easily connected to an IoT Gateway and be remotely controlled and monitored with a few easy steps, leveraging the power of the integration between ESF and AWS IoT Greengrass. From Zero-Touch-Provisioning to a fully functional web dashboard and upstream integrations, using a ReliaGATE 10-14, ESF, EC, and AWS IoT Greengrass. ABB AWS Live demo The demo shows a remote monitoring application on ABB Electrification devices. It employs a Eurotech gateway (ReliaGATE 10-14) connected to one (or more) ABB devices. The data from the ABB devices are collected by the gateway and sent to the Cloud (integration with Eurotech Everyware cloud and AWS services), where they are displayed on a dashboard.
- 14. © 2022, AmazonWeb Services, Inc. or its affiliates. Thank you! © 2022, Amazon Web Services, Inc. or its affiliates.