netPI is a Raspberry Pi 3 B architecture based platform for implementing Cloud, Internet of Things and Industry 4.0 customized Edge Automation projects safely over containerized software utilizing Docker. Hilscher designed it in cooperation with Element14, the Raspberry manufacturer, and upgraded it specially for industrial use. Its single-circuit board combines the Pi 3 B circuitry, its standard interfaces, Hilscher's multi-protocol Industrial Network SoC netX plus two extra Industrial Ethernet ports. By design netPI's overall software architecture complies with the Cyber Security Standard IEC 62443 for Industrial Automation and Control Systems to counter threats such as unauthorized accesses, software manipulation and eavesdropping and relies on a security enhanced Linux. Default access for configuring and managing it is granted via a web-based GUI. Additional software and applications can only be applied by accredited users using the preinstalled Docker virtualization environment in isolated and safe containers to be inline with the security concept.
Industrial graded
netPI features hardware upgrades that vastly improve the platform for industrial use.
Design
8 layer PCB design (6 with Pi 3 B) for best EMC compliance and heat dissipation
Cooling concept for full 1.2GHz quad-core CPU performance up to 50°C without throttling
Peripherals
8GB industrial grade long-life FLASH memory with guaranteed constant BOM
Real-Time Clock (RTC) with 7 days maintenance-free supercapacitor based buffering
8KB extra FRAM for storing data non-volatile at high frequencies (model RTE 3)
Connectivity
netX51 multi-protocol Industrial Networks Controller for Fieldbus and Industrial Ethernet (model RTE 3)
Two extra Industrial Ethernet ports for protocols such as PROFINET, EtherNet/IP, EtherCAT, POWERLINK, Modbus/TCP and more (model RTE 3)
Expansion slot for additional plug-in modules such as RS485, RFID, Analog, Digital I/O and more
DIN rail mountable robust metallic housing for longevity in industrial environments
Environments
On-board WiFi/BT radio antenna extended beyond chassis for best wireless coverage
EMC compliant to latest standards
Shock and vibration compliant to latest standards
Extended temperature range -20°C to 60°C
24 Volt DC powering
Secured infrastructure
netPI features default system security to countermeasure today's cyber threats.
Design
Yocto project based customized Linux, Kernel 4.9.x or higher
Integrity
Constraint checking of the validity of the booted software through keys
Coordinated installation of system updates and patches through signed packages only
Ignoring removable media such as USB sticks prohibiting infiltration of malware
Authentication
Obligatory password authentication with key strength calculator
User and role management prohibiting unauthorized access to preinstalled software
Confidentiality
Protection of the transmission route to the web GUI by TLS 1.2 encryption (https)
NGINX application as reverse proxy for centralized SSL certificates offloading and handling
Non-installed SSH server to prohibit accesses from remote through a console
Non-installed sudo command to prevent getting root privileges
Restricted Data Flow
AppArmor security framework restricted preinstalled components through access profiles
Physical segregation of IT and OT networks by two separated network controllers (model RTE 3)
Preinstalled Docker for additional container-isolated applications over web GUI client portainer.io
Technical Details
Main Processor
Broadcom BCM2837, 64Bit quad-core @1.2Ghz
RAM Memory
1 GByte
FRAM Memory
8 KByte (RTE 3 only)
Flash Memory
8 GByte, MLC NAND (3000w/e)
Interfaces
4 x USB 2.0A (max. load 1A), 1 x HDMI, 1 x Wifi/BT