Secure Data Service and NIS2 as Components of the Digital Service Portfolio – How Machine and Plant Manufacturers Can Digitalize

Hello and a warm welcome to everyone here live at SPS 2024! I’m delighted to welcome all of you to our session today. We’re doing a live podcast straight from the fair for the IoT Use Case Podcast, and I’m especially pleased to have both of you here with us. We’ll get to the introductions shortly and also dive into a specific practical use case from VOLLMER, which we’ll discuss in more detail in just a moment. Let’s kick things off with a brief round of introductions. Vanessa, could you tell us a bit about who you are and what you do?

Vanessa

Hello everyone. My name is Vanessa Kluge, and I work as a Product Manager for digitalization products at Kontron AIS, with a particular focus on device management here at the fair. That’s one of the topics we’ll be diving into more deeply today.

It’s great to have you with us today! Kontron AIS has been part of our network for a while, and we have many exciting episodes online – feel free to check them out. Let me pass it over to you: Who are you, and what are you focused on today?

Holger

My name is Holger Wußmann, and I’m the Managing Director of Kontron Electronics, a company within the Kontron Group specializing in hardware. I’ve been with the company for 16 years, working in the IoT space for the last 10.

Today, we’ll discuss machinery and plant engineering, and how this industry can implement and leverage digital services, including those driven by regulatory requirements. We’ve brought along an example from VOLLMER, a grinding machine manufacturer, if I remember correctly. Let’s dive right in. Could you briefly share how this collaboration came about? We see the logos of Kontron and Kontron AIS here. How are you connected, and why are you here together today?

Vanessa

Yes, we essentially combined our strengths. We’ve been working on these topics – hardware and software – on different levels for years. I believe that only through this combination can we create powerful solutions for customers in machinery manufacturing. We ultimately came together through a mutual client.

Very nice. Just to give a quick overview, Kontron AIS is more on the software side. Could you briefly explain what AIS does specifically and what Kontron covers overall?

Vanessa

Kontron AIS mainly develops industrial software – from machine control to complex systems that automate production processes, up to factory automation. Currently, we’re also involved with edge devices, particularly in device management.

Holger, would you like to add anything to that?

Holger

Gladly. I can speak for both the Kontron Group and Kontron Electronics. Within the Kontron Group, we cover everything on the electronics side, from small embedded solutions to server hardware. At Kontron Electronics, we specialize in ARM hardware and embedded software. So our two companies complement each other well. We joined the Kontron Group in 2018, and Kontron AIS came on board in 2019. We quickly recognized the value of working together. This partnership is also a strategic development to provide a comprehensive service offering that maximizes customer benefits. That’s why we collaborate closely in the IoT space.

Very nice. I’m always interested in practical examples. You’ve brought along the project with VOLLMER. The visitors here can see an image of the machine above, along with one of your gateways and some technologies. Could you share with us what the project with VOLLMER is about?

Holger

VOLLMER has been our client for 30 years—they’re actually our second client by customer number. We started working on IoT with them around 2017, learning a lot along the way. Initially, we collaborated with custom hardware and software from a former sister company.

Together, we went through several development stages, so today VOLLMER uses our standard products, which we bundle with software from Kontron AIS. For 30 years, we have been a manufacturer of control systems and a partner of VOLLMER—a partnership that has taken on the quality of a multi-generational friendship. We’ve supported VOLLLMER in their journey through digitalization and IoT.

You mentioned digitalization: many machine builders are now adding digital interfaces to their machines and developing digital services for their customers. What specifically have you implemented with VOLLMER in terms of digitalization, and what makes this project unique?

Holger

Early on, around 2016/2017, VOLLMER recognized the need to establish a data collection infrastructure, even without knowing the specific long-term value it would offer their customers.

And by infrastructure, you mean on-site at the customer’s location?

Holger

Exactly, at the end customer’s site, so they can equip their machines with secure networking capabilities and edge computing power. Over time, applications have been developed that provide real value and are now successfully marketed.

Vanessa

I think VOLLMER recognized early on that much of the sensor data collected by their machines wasn’t being utilized by end customers. However, this data provides valuable insights into production processes and can offer learning opportunities—both for development and for the customer to prevent potential failures, for instance. VOLLMER identified this gap and wanted to create a tool or additional service to make these unused data available, thereby generating real added value.

Exactly, you’re talking about value generation. What typical use cases is VOLLMER implementing for their customers, or what are they aiming to achieve? Could you tell us more about that?

Vanessa

VOLLMER initially developed a gateway solution as an entry-level package and then built a platform called IoT Hub on top of it, offering various applications and services. They defined an OPC UA interface to capture all data and visualize it on the IoT platform. On top of that, they introduced a notification service that alerts users to any changes in the machine, allowing for quick response times. But VOLLMER thought even further: as these data are processed, they want to provide updates and ensure that firmware remains up-to-date. They not only want to keep the machines up to date but also provide customers with continuous updates—and that’s where our solution comes into play.

I see. We can see above that Docker containers are one of the technologies being used. Before diving into the technology itself, let’s discuss VOLLMER’s challenges and vision. What new challenges are emerging for VOLLMER as a machine builder? Is it only about the updates, or are there also business considerations?

Holger

A machine builder like VOLLMER faces various challenges today. On the one hand, they want to offer modern business models but have a very long-lasting installed base in the field. This means that in the coming years, a lot of retrofit business is expected to make older machines internet-capable. Remote services have been a topic for years, but many users prefer to disconnect the network and only connect it for targeted remote diagnostics. Transitioning to continuous and secure operations requires numerous measures, especially the provision of secure solutions—that’s the infrastructural side. Furthermore, the update and patch service must be reliably ensured over years and even decades. Additionally, it’s necessary to provide a separate computing unit outside the machine—since it’s often certified—where applications can run. These applications process and analyze data, draw valuable insights, and thereby create additional value for the end customer, which also serves as a business model for VOLLMER.

So the business use case revolves around new business models and data collection—classic applications like condition monitoring, fleet management, or asset management. In other words, knowing where each machine is, what condition it’s in, and how failures can be monitored. Technically, it’s about data collection and providing updates. That’s ultimately the focus of this project, correct?

Vanessa

Exactly. I’d even go a step further. Security is a central concern for VOLLMER as a manufacturer, but also for operators who use the machines. With rising security standards, securing the supply chain is becoming increasingly important as well. VOLLMER is part of this chain and bears responsibility. We, as suppliers, are also involved in the supply chain since we provide hardware and software. All parties must contribute. It makes sense that VOLLMER is planning ahead and setting up the infrastructure accordingly.

As suppliers, we aim to design our products to make a significant contribution here.

I’d like to expand on that because security is an important topic that’s also driven by the EU, specifically with NIS2. Could you elaborate on this? NIS2 is an EU directive that regulates cybersecurity and sets specific requirements. What challenges does NIS2 bring for your customers?

Holger

The first challenge is simply being aware that NIS2 exists and understanding the responsibilities it entails. Smaller mid-sized companies, in particular, often aren’t up-to-date with the regulations—though that’s not the case with VOLLMER, it’s generally a matter of knowledge since staying on top of all regulations is challenging. We see it as our role to inform our customers and highlight their obligations. Globally, it’s about operating secure networks, minimizing damage from cyberattacks, and, as managers, taking personal responsibility to implement the latest technology and all possible security measures. This responsibility lies both with end customers and with machine manufacturers, who need to secure the machines they sell or secure their installed base if they’re offering digital services that may access customer networks. This potentially creates vulnerabilities that must be addressed.

That’s an important point. For anyone listening who wants to dive deeper into NIS2, it might be worth stopping by your stand in Hall 7, where you can go more in-depth, as NIS2 is quite complex. I’ve already done a podcast episode on this topic—feel free to subscribe and check it out.

Holger

Another point that concerns us at the hardware level: we don’t just supply hardware, we also provide an operating system with it. In the past, it was a simple Linux; now it’s KontronOS—a hardened Linux derivative that we’ve specially configured. We are committed to providing an update and patch service over the years to keep the devices equipped with it safe in operation.

Vanessa

In addition to network security, which Holger mentioned, program and overall system security play a crucial role. This is about risk management: How do we implement patches, conduct security scans, and inform the end customer about potential risks? Documentation, like the so-called SBOM, is essential. Many of these areas are quite complex, and we aim to provide basic functionalities and services in each of these areas.

I’d like to touch on another point—the topic of security updates and how they are applied to devices. VOLLMER likely has hundreds of machines in operation. How was this handled in the past? Generally, a service technician would have to go on-site, perhaps with USB sticks, to update a device. Could you tell us a bit about why this isn’t ideal and how companies are approaching this today?

Holger

Looking back to the early days of our business relationship with VOLLMER, we’re talking about a time when EPROMs were packed in tubes and shipped globally to install updates in controllers. Of course, that’s a thing of the past now. Today, we’ve reached a point where tools from Kontron AIS, like KontronGrid—a device management software—are in use. This eliminates the need for on-site USB work or manual updates on individual machines. Instead, the entire fleet can be centrally managed, allowing for targeted updates in specific regions or a test group before rolling out globally. All selection options are available to manage the process efficiently and with minimal labor from a central location.

Vanessa

Exactly, and it’s no longer done on an ad-hoc basis but is much faster and more flexible. Updates can be tested first on smaller groups of devices to ensure everything works smoothly. Additionally, the customer has control over when to apply updates, making it easier to fit updates into the production schedule, reducing downtime and interruptions. This is a major benefit for better planning.

Holger

We’ve also implemented all fallback mechanisms, with a dual-partition system that protects the running system until the new update is fully unpacked, verified, and launched. This ensures no devices are lost in the network.

So, my impression is that the goal is to digitize on-site manual checks and allow for seamless digital updates. This, of course, ties into the use case for minimizing downtime. Condition monitoring makes it possible to anticipate certain issues before they arise, allowing for security and software updates—the patches you mentioned—to be applied continuously. When updates aren’t applied promptly, security vulnerabilities can arise, making various forms of cyberattacks possible, which could ultimately lead to time losses and, in the worst case, significant damage.

Holger

Exactly, with our tools, customers can deploy updates in an automated and timely manner, significantly reducing security vulnerabilities.

Vanessa

Another advantage is gaining a better overview of the entire fleet. Often, there’s a lack of information on the status of the installed fleet and its applications, and a comprehensive view is missing. Our tool also helps improve coordination in remote support, especially when multiple experts need to work on a service case simultaneously. This way, we can find solutions for the customer more quickly and efficiently.

Since we’re here at the fair and you’re showcasing your products, could you explain in more detail the solutions VOLLMER is using to tackle these use cases and challenges?

Holger

VOLLMER uses the box displayed above—a small, AMX-based Linux device equipped with KontronOS and Docker Compose infrastructure. This combination enables them to implement the functions VOLLMER needs, and your tools are part of the setup as well.

Vanessa

Exactly, we have an agent installed on the edge device that connects it to the cloud. The device management is cloud-based and handles the administration. Once the device is registered and appears in the system, I can see all devices and access their master data. Additionally, all applications developed by VOLLMER, like monitoring data for improved control over production processes and enhanced operational safety, are run as Docker containers. This way, I can see which Docker container is installed on each device and update these applications as needed. The operating system running on the firmware—KontronOS—forms the foundation for secure application operation. It allows only essential updates and uses a Yocto Linux-based operating system. We’ve also implemented redundant partitions to ensure fallback mechanisms. This setup provides the flexibility to expand applications as needed.
Integration with Docker Compose is also possible, simplifying the build process of container applications. This is especially useful for VOLLMER since their software team already has experience with Docker Compose and wants to maintain this workflow. So, it makes sense to provide this flexibility and streamline the process.

In summary, we have KontronGrid as the hardware, running KontronOS as the operating system.

Holger

KontronGrid is the device management tool.

Device management, exactly. Data collection takes place, among other things, via OPC UA, but your devices also support other standards depending on what the customers need.

Holger

To return to your question about our solution and what we’re showcasing at the fair: We currently offer bundles—preconfigured solutions that save customers setup costs. These solutions are scalable in both processing power and the architecture of microprocessors. We offer ARM-based and x86-based solutions, scalable according to the requirements of the applications the customer wishes to run.

Everything comes with KontronOS, which bridges the gap between open source and a reliable update service. Our main goal is to offer a secure, regularly updated solution, along with hardware that arrives pre-configured and ready for immediate use.

Nice. Now, perhaps two final questions. The first concerns data analysis. VOLLMER has built its own business model and offers a starter kit for its customers. Do you also handle data analysis—does that happen via KontronGrid, or is it managed by VOLLMER with their own software?

Vanessa

In this case, VOLLMER handles the data analysis themselves. They’ve created their own IoT platform and use Node-RED for evaluations. But theoretically, we could take on that role as well. We have an additional product that interacts with KontronGrid, functioning like a modular platform that can be expanded for telemetry data analysis or machine-related correlations.

Great, and one last exciting question: What best practices or things to avoid can you share from this project with VOLLMER?

Holger

The journey with VOLLMER was long, and we both learned a lot along the way.

After all, it’s a partnership.

Holger

Exactly, a partnership. The insights we gained along the way might not even be as relevant today. We’ve now reached a point where we can offer complete bundles. The most important point is: you just have to start and gather your own experiences. The necessary tools are available and can be used immediately without hassle. Often, the ideas for added value only emerge through working with the infrastructure. By using it practically, you start to recognize additional possibilities.

And it’s certainly important to leverage new technologies like Docker containers to achieve scalability. Today, we’re talking about hundreds of machines; soon, it could be more. Such technological learnings can also be drawn from this. That’s what you’re here for as a partner—to contribute these best practices.

Vanessa

Absolutely, and our core competency also lies in our integration capabilities and the customization we can provide at the hardware level, along with our expertise in data capture and processing. The openness of both partners to explore new avenues was also key. We consistently listened to the customer’s needs, which led us to integrate Docker Compose—a solution that wasn’t initially on our radar. This flexibility has benefited both of us and ultimately created added value.

Holger

Another key factor is the merging of IT and OT, where two different worlds often collide. For us, it’s different because we speak our customers’ language and have been supporting them in automation technology for years. We have a deep understanding of their machinery and business, which makes it easier for us to support a variety of customers—not just machine builders but also building technology providers, device manufacturers, and medical technologists. Since we know their applications well, we don’t come in as purely IT experts who may not understand the specific needs of the customer; we bring in-depth knowledge of their requirements.

You indeed serve a wide range of customers and have numerous references available online. Each customer brings different requirements, yet your products are applicable to a variety of use cases. One last question: What’s planned for the future? You mentioned a long partnership. What’s on the agenda for next year? Can you give us a sneak peek?

Holger

What VOLLMER has planned remains confidential—that’s for the customer to share. However, we have certain technologies on our own agenda, including 5G communication and artificial intelligence, or AI. We’ll continue to equip our edge devices. Kontron already offers proprietary 5G solutions and has the expertise to set up 5G campus networks. We’re heavily focused on AI and have the processors needed to offer products with these capabilities.

Very nice.

Vanessa

I believe we’re heading towards even greater modularity. Beyond Docker container management and the operating system’s update capabilities, we’re moving towards bootloader and BIOS levels to ensure that the correct OS is securely deployed on the right device. Such compatibility testing enhances security. Additionally, we’ll continue to open up and offer alternatives to Docker to give customers more flexibility in development and deployment.

That sounds very promising. I look forward to getting an update on this soon. Thank you both very much—I found the discussion fascinating, and I appreciate that you shared this case with us. It’s not always easy to get client permission to discuss these projects, so this is a truly exciting customer case among the many you have. For everyone listening live, I’ll link your contact details in the show notes. Thank you both for being here! I’ll give you the last word. Many thanks from my side!

Holger

Thank you for having us and for allowing us to present our ideas and activities. I’d encourage anyone involved in IoT and seeking support to visit our booth. We have a lot to show and share and look forward to new collaborations.

Vanessa

I can only agree—come and visit us!

We look forward to the exchange, want to learn new things, and, most importantly, understand the current challenges. A big thank you to VOLLMER for allowing us this opportunity—it shows the mutual trust we have. Thank you, Madeleine!

Thank you!