Nerve Node software is installed on an edge device. The system is Linux-based with a User Space that makes use of a real-time hypervisor and Docker container support. In addition, Nerve Node software contains all services for communication with the Management System, remote access, logging, monitoring and patching.
The Nerve Management System is an on-premise or cloud-based software for central management of connected nodes. It enables users to update Nerve Node software and deploy workloads, as well as offering remote connection to nodes for device monitoring and central logging.
The User Space is the place where all user applications (known as workloads) can be installed and run on nodes. Workloads can be Docker containers, virtual machines or CODESYS 61131-3 Soft PLC applications.
The Workload Repository holds the workload images and configurations that are available to deploy to nodes. Here, users can define settings and parameters for each workload. It also supports versioning of workloads for application updates.
Nerve Data Services are a collection of features supporting users with data connectivity, storage and visualization. A multi-protocol data gateway is available on each node. Data storage and visualization are available on each node and in the Management System. The integrated Soft PLC can also be used to connect to fieldbus devices. Nerve Blue comes with an SDK to easily create Python applications that communicate with the Data Services.
Nerve Blue integrates a CODESYS Soft PLC supporting PROFINET, EtherCAT and Modbus protocols at cycle times down to 1 ms. Using the Soft PLC users can collect data and pre-process in IEC 61131-3 languages or run control applications for machines.
Management Services comprise all features that enable users to remotely manage their fleet of devices in the field. Management Services include device monitoring, centralized logging, remote screen viewing and remote network access, which offers similar functionality to an integrated VPN.
Node Services are installed on Nerve Nodes and act as the counterpart to the Management Services. Node Services include the software components necessary to enable remote monitoring, logging, and remote access from the central management system. Node Services also provide the local graphical management interface (Local UI).
The Nerve Management System can be controlled via an API to enable automation of repetitive tasks or integration in a CI/CD pipeline.
The Nerve Management System User Interface provides an intuitive overview of all central Management System functions.
The Local User Interface provides manageability of individual nodes in case access to the central Management System is not available.
A Nerve Node can run multiple workloads (applications) on one device. Workloads can be hosted as Docker containers, virtual machines and 61131-3 CODESYS applications.
Containers as workloads
Nerve Nodes support Docker containers as workloads. Containers run in non-privileged mode for security reasons.
Virtual machines as workloads
Nerve Nodes support multiple virtual machines as workloads. Existing solutions can be migrated into Nerve without requiring any modifications. Virtual machines can be created on a node, then pushed to the Workload Repository in the Management System and distributed to all nodes worldwide.
61131-3 applications as workloads
Nerve Nodes support CODESYS 61131-3 applications as workloads. 61131-3 applications can be programmed and tested using the CODESYS IDE on a Nerve Node, then a workload can be created and distributed to other nodes.
Docker volumes for persistent storage
Nerve supports named Docker volumes to provide persistent storage for applications.
Device passthrough for virtual machines
Devices that are connected to Nerve Nodes can be assigned and made available to Virtual Machines.
All workloads in the Workload Repository are available for deployment to nodes. Users can define settings, parameters and versioning for each workload.
Docker containers on connected nodes can be managed centrally from the Management System or locally at the edge. Docker containers can be pulled from your private registry or from Docker Hub.
Full encapsulation of workloads
When workloads are created, they can be fully encapsulated with all the parameters needed for installation. This ensures that software deployment is straightforward for service personnel.
Workloads can be updated with new versions. This ensures that the Workload Repository does not get cluttered when applications are continuously improved and updated.
Workload versions can be marked as released. A released workload cannot be modified. This ensures clarity about which exact configuration of a workload is deployed.
The Nerve Management System provides a central point for managing all connected nodes. Users can manage nodes, update firmware, monitor device status and deploy and manage workloads. It is available as a hosted service run by TTTech Industrial, or for on-premise installation.
Nerve Devices are securely onboarded in the Management System during the installation process.
Nerve displays the online status and resource consumption of devices in a user definable hierarchy.
Nodes can be classified using labels. These can be used in combination with so-called “selectors”, ensuring that a workload can only be installed on nodes with the corresponding labels. Labels can be viewed, added, deleted and merged in the Management System.
Nerve Node software (Base System) running on edge devices can be updated via the Management System. Nerve supports A/B updates which permit safe rollback to the previous version.
Application life-cycle management
Nerve enables not only the installation and deletion of applications to/from nodes, but also allows applications to be started and stopped remotely via the Management System.
Local acknowledgment for modification of 61131-3 applications
Nerve can be configured to require local acknowledgment for modification of 61131-3 applications. Where the integrated CODESYS Soft PLC is being used to control machine movements or critical operations, administrators can require that modifications are only made when a local user actively permits the change.
Nerve Data Services are a collection of integrated applications that offer data transport, analytics and visualization solutions for users.
Data ingestion and transport
The integrated Nerve Gateway collects and forwards data from connected devices. The CODESYS Soft PLC can also be used to connect via fieldbuses.
Storage and visualization
A Time-Series Database and open-source visualization system are integrated on Nerve Nodes and in the central Management System. These systems can be easily integrated with user applications running on the node.
Controlled retention policy
Nerve enables users to configure the retention time of the integrated Time-Series Database to ensure that storage is never filled up unintentionally.
Data push to cloud or server
The Nerve Gateway is freely configurable to push data to any MQTT broker or into any SQL or influxDB, even if it is outside the Nerve system.
Analytics application integration
Analytics applications can be run as workloads making use of the data infrastructure provided by Nerve (or other data sources if desired). The Nerve data format is open and well-documented so applications can be configured to work with the data from the integrated Time-Series Database or use the MQTT broker provided.
Pre-configured NodeRed workload
Nerve offers a pre-tested open-source NodeRed application, enabling graphical configuration of basic data manipulation and transfer.
SDK for Python
Nerve offers a Python SDK which enables users to start creating applications that can work with data provided by Nerve Data Services.
The Nerve Gateway collects data from various sources, normalizes it to a JSON format and pushes it to a number of data sinks for further processing. The gateway can be used to push data to the Nerve Management System or other systems.
Gateway configuration using JSON
The Nerve Gateway can be configured from within the Management System and the local user interface using a structured JSON format.
Periodically triggered connection
Gateway operation is triggered periodically (down to 1 ms cycle time).
The Nerve Gateway supports access to Modbus TCP sensors natively, without the need of using the Soft PLC as fieldbus gateway.
S7 connection access
The Nerve Gateway supports direct access to Siemens S7 PLCs on their S7 comm interface.
OPC UA server connection
The Nerve Gateway supports collection of data from OPC UA servers. The Nerve Gateway supports authentication via username/password and certificates.
Subscription to MQTT/JSON
The Nerve Gateway can subscribe to MQTT brokers. The data must be structured in the normalized JSON format.
Integrated OPC UA server
The Nerve Gateway integrates an OPC UA server which is freely configurable. This server can be used to create full-feature OPC UA interfaces to machines.
The normalized JSON data format includes a timestamp. If supported by a protocol (i.e. OPC UA PubSub), the timestamp is taken from the message received by the Gateway. If the protocol does not provide timestamps, a timestamp is taken upon reception of a frame at the respective Gateway Input.
Publish and subscribe to OPC UA Pub/Sub
The Nerve Gateway supports the new OPC UA Pub/Sub standard
Nerve integrates Grafana for dashboarding on each node and in the Management System.
Preconfigured data sources
Nerve has preconfigured data sources for Grafana that allow data provided through the Nerve Gateway to be accessed without further configuration.
Alarms on data
The integrated Grafana can create various types of alarms on the data in the database. You can use this feature to notify service personnel if your configured triggers fire.
Nerve integrates Soft PLC that can be used to access fieldbus-level sensors and actuators. It can also be used for running machine control applications.
CODESYS Soft PLC
The integrated CODESYS Soft PLC (Version 3.5) is fully managed and applications can be distributed to nodes via the Nerve Management System.
1 ms cycle time
The CODESYS Soft PLC runs down to 1 ms cycle time, taking advantage of the extraordinary computational power of Intel CPUs.
The Soft PLC supports multiple fieldbus protocols. It can act as an EtherCAT master, PROFINET master and PROFINET device.
High speed connection to influxDB
Nerve provides a connector from the CODESYS Soft PLC directly to an influxDB Time-Series Database, optimized for high throughput. Using an Intel Atom class CPU, more than 10,000 samples per second can be pushed into the database.
Retain variable support
The CODESYS Soft PLC includes retain variable support. Nerve provides a library to help users with this feature.
Dedicated fieldbus port
Hardware permitting, Nerve supports a dedicated, high speed network port for the fieldbus connections from CODESYS.
Nerve includes a wealth of features to ensure that the system always operates securely and keeps production data secure.
Simple device updates
Firmware updates can be rolled out with the click of a button, ensuring that systems are kept up-to-date and patched.
Separation of applications
Workloads in Nerve run as virtual machines or Docker containers. This ensures that workloads are well isolated so that they cannot interfere with each other.
Nerve users and API clients are subject to Role-Based Access Control. Administrators can manage permissions in the Management System.
Nerve has been penetration tested by Limes Security GmbH, a well-known Austrian company focusing on industrial security.
Nerve Nodes offer full functionality even when not connected to the Management System for whatever reason. When a node comes online, the Management System syncs to the node and recognizes any modifications made while it was disconnected.
Disconnection from the Management System
Devices can be disconnected from the Management System to ensure that nodes are only online when needed or to avoid unnecessary connections fees.
Intermittent and slow connections
Nerve is designed to deal with intermittent and slow connections. After a connection is lost, data is stored locally and synced with the Management System upon reestablishment of the connection.
Local user interface
Nerve provides an HTML-based local user interface to manage nodes without connection to the central Management System.
Local workload management
The local user interface permits adding, starting, stopping and deleting workloads just like the central management system does. A service engineer can export a workload from the management system to his laptop, take it to the node which is offline and install it through the intuitive user interface.
Local software repository support
For working with bad connections or working with many nodes in one network, it may be useful to run a software repository at the node. Nerve supports even that.
Nerve integrates a full-featured remote access system which allows users to view the screens of virtual workloads.
Remote Tunnel (VPN)
Remote tunneling is like a VPN, but with a narrower scope, specifically configured for one application. This ensures that specific services are only exposed through the remote tunnel, rather than to the network in general like in a VPN solution. Remote tunneling can be used to connect to a shell, a web-UI or an FTP server running in workloads or even on external devices in a node’s network.
Configuration of remote access from within a workload
Remote access can be configured when creating a workload in the Nerve Management System. Remote access to the workload is then available whenever it is deployed to a node. No additional configuration is necessary.
Remote connection manager for Windows and Linux
The Nerve Connection Manager automatically opens when starting remote tunnel access to a Nerve Node. The Connection Manager must be installed locally on a PC to use remote tunnel access. The Connection Manager is available for Windows and Debian-based Linux operating systems like Ubuntu.
Remote screen access
Nerve integrates a remote screen viewing solution in the Management System. It runs directly in the browser and can be used without installation of a client on a PC. Nerve supports VNC and RPD (Windows Remote Desktop Protocol) connections.
Remote shell access
Nerve integrates a remote shell access directly from within the browser for workloads and external devices. Alternatively, the remote tunnel feature can be used to bring the SSH connection or console port to a PC.
Remote access to virtual machines without VNC or RDP server activated
Nerve permits remote access to the screens of virtual machines even if they do not have a VNC or RDP server running themselves. This feature is only available for virtual machines running on Nerve Nodes. External devices still require a VNC or RDP server activated to access them.
Accessing external devices
Remote viewing in Nerve does not only cover access to workloads and nodes. Users can easily configure external sources for remote access, like a Windows PC running a RDP server or a device with SSH access. Nerve offers a secure hub for remote access to all devices in the machine or production network.
Launch all remote access through a browser
The remote access features (screen viewing, shell access, remote tunneling) are all available directly from within a browser, fully integrated in the Management System.
Local acknowledgment for remote access
Nerve can be configured to require local acknowledgment for remote access. If activated, a user needs to accept a request for remote access on the node. This ensures that no one sees or interferes with production.
Nerve includes a logging subsystem in the cloud which can capture logs from all nodes and the Management System.
Nerve provides logging services based on the well-known KIBANA system. All system events, node events and applications are logged centrally. Pre-configured dashboards allow users to get started quickly without prior experience of using KIBANA.
Logging from within applications
Nerve provides the infrastructure to log the messages and errors of your application. You just need to configure your application to log into a Linux Syslog service and Nerve will ensure your logs can be accessed centrally.
Nerve provides a comprehensive networking subsystem which permits users to control the connection between workloads, and from workloads to external devices.
Configurable networking for workloads
Nerve Nodes have pre-configured integrated networking, providing IP-level network communication between workloads and to the external networks connected to the edge device.
Access through NAT
Workloads can connect to virtual networks which are behind a NAT (network address translation) system that hides their internal IP address.
Access to external ports
Workloads can connect to virtual networks that are mapped to external ports of the edge device.
Communicate over internal links
Nerve provides virtual networks which are node-internal only. These can be used to communicate between individual workloads.
Nerve includes a Role-Based Access System to control the access for individual users to certain features of the Management System.
Nerve user management follows the RBAC concept. Users are assigned to roles. Roles are given rights for specific actions.
LDAP can be used to connect the Nerve user management to a company’s active directory service. Users, their roles and their passwords are managed through LDAP. The definition of the rights for specific roles stays within Nerve.
Nerve can be managed through an API for automating repetitive tasks or for connecting the Nerve Management System to other systems.
Nerve rights management extends to the Management System API. Users can control the permissions of other software controlling the Nerve Management System through the API. For example, a script controlling the automated build process of user software could be given the rights to create a workload, but not to deploy it.
Firewall friendly connection
Nerve Nodes only connect to the Management System through port 443, enabling access from anywhere with https connection.