How an edge controller can survive the factory floor

Your PLC strategy won’t save you: What machine builders must demand from edge controllers

Key Highlights

  • Utilizing hardware-backed cryptography via an onboard trusted platform module (TPM 2.0) is essential to safeguard TLS/SSL private keys and out-of-production credentials when transmitting data to cloud or MQTT brokers.
  • Deploying edge hardware directly on-machine requires rugged, fanless enclosures with severe environmental ratings (up to IP69K and wide temperature ranges), whereas inside-cabinet installations can rely on lighter IP20 protection and controlled thermal management.
  • Running concurrent vision and AI workloads on cost-sensitive edge hardware requires strategic kernel preemption or dedicated entry-level accelerator cards like Hailo to handle resource-heavy model inference without throttling localized control tasks.

Chris Barber is product marketing specialist for control systems at Phoenix Contact USA.

For security, should an edge device support hardware-accelerated encryption, such as TPM 2.0, for TLS/SSL certificates when pushing data to the cloud or an on-premise MQTT broker?

Chris Barber, product marketing specialist for control systems, Phoenix Contact USA: Yes, most edge devices support hardware-backed cryptography via a trusted platform module (TPM). They can include TPM 2.0, which can be used to protect secure sockets layer/transport layer security (TLS/SSL) private keys and certificates when communicating securely with cloud services or on-premise message queuing telemetry transport (MQTT) brokers. The device information and passwords are often already stored inside the TPM out of production.

Edge controllers often run much hotter than traditional programmable logic controllers (PLCs) because of their high-performance processors. Why is it important to know thermal limits?

Chris Barber, product marketing specialist for control systems, Phoenix Contact USA: Knowing the thermal limits of an edge controller is critical because heat directly affects reliability, performance, safety and lifespan. 

Knowing thermal limits allows you to design proper cooling and enclosures, avoid throttling and fail fast shutdowns, maximize controller lifetime, maintain reliable, real-time performance and scale edge workloads safely.

What environmental and industrial certifications—temperature range, vibration resistance, IP rating, UL/CE compliance—does the hardware need for on-machine deployment on factory floors? What about inside machines?

Chris Barber, product marketing specialist for control systems, Phoenix Contact USA: On-machine deployments demand sealed, vibration-rated, wide temperature hardware, while inside machine installations rely more on cabinet design and thermal management, but still require full electromagnetic compatibility (EMC) and safety compliance.

Typical on-machine requirements include:

  • temperature: –25 °C to +60 °C
  • vibration/shock: IEC 60068-2, IEC 61131-2
  • ingress protection: IP65, IP67/IP69K for washdown
  • EMC/noise immunity: IEC 61000-6-2/-6-4
  • regulatory: CE, UL/cUL 61610-1 (std. Locations); UL/cUL 61010-2-201, Class I, Div. 2 (hazardous locations)
  • design: sealed housing, fanless, locking connectors.

Typical inside-machine requirements include:

  • temperature: 0 °C to +55 °C
  • vibration: moderate (IEC 60068-2)
  • ingress protection: device: IP20, cabinet provides IP54/IP65
  • EMC: same industrial standards as on-machine
  • regulatory: CE, UL/cUL 61010-1 (std. Locations).

Get your subscription to Control Design’s daily newsletter.

Machines can live for 20 years or longer, but software moves much faster. A clear update path is essential to keep the machine from becoming a security liability. What should be the guaranteed long-term support (LTS) window for a Linux kernel and security patches?

Chris Barber, product marketing specialist for control systems, Phoenix Contact USA: Exclusive use of long-term supported operating systems like Windows IOT LTSC or Linux Ubuntu PRO offers long life spans and guarantees long-term security patch support.

How do compute resources, such as CPU architecture, cores, RAM or storage, affect the ability to run analytics, vision or AI workloads locally?

Chris Barber, product marketing specialist for control systems, Phoenix Contact USA: Management and allocation of system resources apply to more than just analytics, vision and AI. But, in this context, vision and AI consume a lot of resources. While the vison system is doing its thing, analytic tasks that might run concurrently will most likely be slower since they must wait for resources to be freed. Large AI models need more RAM. Edge compute tasks will also need RAM. If the AI workload uses most of the RAM available, then edge compute task will have to wait until more RAM is freed up.

Of course, adding additional CPU cores, RAM and storage comes with an increased cost. Manual allocation of resources to tasks and kernel preempting, especially on systems with limited resources, can help keep resources available to the processes when they execute.

A cost-efficient way to support AI tasks like inference/anomaly detection is adding an entry-level accelerator card from Hailo. Training AI models is more resource-hungry and should ideally be done on IPC systems that deliver more processing power than what is typically available at the edge.

How does an edge controller handle data buffering and store-and-forward functionality if connectivity to the cloud or enterprise systems is interrupted? What should the local storage capacity be for that data in case of a signal drop?

Chris Barber, product marketing specialist for control systems, Phoenix Contact USA: There is probably not a one-size-fits-all answer. The quality of the communication channel and the availability of a backup channel could have an impact on the space requirement for local data storage. Also, the frequency of data sampling and the volume of each dataset that is being generated defines the storage space requirement. Aside from local storage space, it is beneficial to have a secondary storage capability that can be sized by the customer.

About the Author

Mike Bacidore

Editor in Chief

Mike Bacidore is chief editor of Control Design and has been an integral part of the Endeavor Business Media editorial team since 2007. Previously, he was editorial director at Hughes Communications and a portfolio manager of the human resources and labor law areas at Wolters Kluwer. Bacidore holds a BA from the University of Illinois and an MBA from Lake Forest Graduate School of Management. He is an award-winning columnist, earning multiple regional and national awards from the American Society of Business Publication Editors. He may be reached at [email protected] 

Sign up for our eNewsletters
Get the latest news and updates