Intended Use and IT Security Instructions

This section provides crucial safety and security information and recommendations to help you configure your Welotec IoT Edge Gateway (Edge Gateway) for optimal security in your deployment.

Intended Use

This section specifies the intended use and essential operating conditions for your Welotec IoT Edge Gateway (hereinafter referred to as “Edge Gateway”).

The Edge Gateway is consisting of a compute hardware and the Yocto-based Linux OS “egOS”. While the Edge Gateway itself has a limited and well documented feature set, applications can be deployed to the product exclusively as Docker Containers - these applications are not being delivered or maintained by Welotec, but by the customer himself or a third party chosen by the customer. In general the OS feature set is identical for all the models of the Edge Gateway Series, the scope of the features depends on model due to differences in interfaces.

The Edge Gateway is designed for use as a dedicated control, monitoring, and data acquisition unit within the enclosed control cabinet of a machine. Its primary function is to execute specific machine-control software, process operational data, provide human-machine interface (HMI) functionalities, and/or facilitate communication within the industrial automation environment. The Edge Gateway is exclusively intended for continuous operation within a controlled industrial setting.

The intended use of the Edge Gateway is strictly defined by the following conditions and requirements:

Physical Security and Installation Environment

  • Enclosure: The Edge Gateway must be permanently installed within a secure, locked control cabinet (e.g., meeting IP54 or higher protection class) that provides adequate protection against dust, moisture, mechanical impact and unauthorized access.

  • Controlled Access: Access to the control cabinet and its wiring must be restricted to authorized personnel only. Physical security measures (e.g., key locks, access control systems) are mandatory.

  • Environmental Conditions:

    • Temperature: The Edge Gateway must operate within the specified ambient temperature and humidity range as outlined in the technical specifications. Adequate ventilation or active cooling within the cabinet must ensure these limits are not exceeded. This includes accounting for the unit’s own thermal dissipation and that of all other components in the cabinet.

    • Vibration and Shock: The Edge Gateway must be mounted securely within the cabinet to minimize exposure to excessive vibrations and mechanical shock, adhering to the manufacturer’s specifications.

    • Cleanliness: The inside of the cabinet must be kept free of dust, debris, and contaminants that could impair cooling or lead to electrical shorts.

EMC compliant electrical Installation and Power Supply

This product is designed to meet EMC standards when installed according to the following instructions. Failure to adhere to these instructions may result in the equipment failing to meet compliance standards and can cause interference with other devices. The installer is responsible for ensuring the EMC conformity of the final system.

  • Power Supply: The Edge Gateway must be connected to a dedicated stable and filtered power supply within the specified voltage range. To ensure operational reliability and meet EMC requirements, the power source must provide adequate filtering against surges, transients, electrical fast transients (EFTs), and conducted RF noise common in industrial environments. An Uninterruptible Power Supply (UPS) is highly recommended to protect further against power fluctuations and outages.

  • Wiring: All wiring connecting to the Edge Gateway must comply with applicable industrial wiring standards, be properly insulated, strain-relieved, and protected against mechanical damage.

  • Grounding: The unit must be properly grounded according to the installation manual, typically via a low-impedance connection to the control cabinet’s central grounding point.

Functional Safety

This unit is not certified as a standalone component for functional safety applications (e.g., SIL, PL).

Intended Use: The unit is intended for standard control and monitoring. It must not be used as the sole or primary controller for safety-critical functions (e.g., emergency stops, safety interlocks, light curtains, burner controls).

System Integration: Safety-related control logic must be executed by dedicated, certified safety controllers (e.g., Safety PLC, safety relays). This unit may be used to supervise or monitor a safety system (e.g., for HMI visualization or data logging) via a non-safety-rated communication channel, but it must not be part of the safety-critical control loop. The failure of this unit must not lead to a loss of the primary safety function.

Qualified and Trained Personnel

  • Installation, Configuration, and Maintenance: All installation, configuration, maintenance and troubleshooting on the Edge Gateway and its connections within the control cabinet must be performed exclusively by qualified, trained, and authorized technical personnel. This personnel must possess proven expertise in  electrical systems, IT hardware, and cybersecurity best practices.

  • Security Awareness: All personnel interacting with the Edge Gateway or the network it is connected to must receive regular training on IT security awareness including password policies and reporting suspicious activities.

Secure Configuration

Secure Configuration: The Edge Gateway’s operating system, firmware, and installed applications must be configured according to secure hardening guidelines, including disabling unused services, ports, and protocols, and enforcing strong password policies.

Please refer to the section “Cyber Security” for further details.

Network Segmentation and “Defense in Depth” IT Security Principles

  • Network Segmentation: The unit and its control network must be isolated from all other networks (e.g., corporate, guest, public internet) using industrial firewalls and network segmentation. Direct connection to the internet is considered misuse unless done via a secure, managed gateway.

  • Defense in Depth: A multi-layered security approach (“Defense in Depth”) must be implemented for the entire system. This includes:

    • Network Security: Industrial Firewalls (e.g., Next-Generation Firewalls) at network boundaries, strict firewall rules (whitelist approach – only allow explicitly required traffic), VLANs for segmentation.

    • System Security: Configuration hardening (minimum services, disabled unnecessary ports), regular security updates and strong password policies.

    • Application Security: Secure configuration of all industrial applications, disabling default credentials, and ensuring application-level security features are enabled.

    • Data Integrity: Measures to ensure data integrity and availability (e.g., backups, redundant systems where appropriate).

    • Physical Security: see above

  • Access Control: Remote access to the Edge Gateway (if required) must be strictly controlled, using secure connections, multi-factor authentication, and granular user permissions. Unnecessary remote access functionalities must be disabled.

Non-Intended Use

Any use of the Edge Gateway that deviates from the conditions described including but not limited to:

  • Operation outside the specified environmental limits.

  • Operation without a secure, enclosed control cabinet.

  • Operation in hazardous locations (e.g., explosive atmospheres) for which the unit is not explicitly certified.

  • Installation or maintenance by unqualified personnel.

  • Connection to an unfiltered, unstable, or non-grounded power source.

  • Direct connection to unsecured corporate networks or the internet without adequate protective measures.

  • Installation of unauthorized software.

  • Bypassing or disabling of security features (e.g., firewall).

  • Failure to implement a cyber security management plan (patching, hardening, access control).

is considered non-intended use and may result in:

  • Damage to the Edge Gateway or the machine.

  • Compromised data security and integrity.

  • Serious personal injury or death.

  • Failure to comply with regulatory requirements.

Exposed Interfaces and Services

In factory default setting the following interfaces and services are exposed:

Interface

Comment

Service

LAN 1 … 3

SSH

COM 1

not available in EG400 Mk2

CLI

USB 1 … 4

only 1 interface in 4GB Version

n/a

HDMI

not available in 4GB Version

CLI

DI / GND

not available in 4GB Version

n/a

DO / GND

not available in 4GB Version

n/a

SW / GND

Power Switch

n/a

In general available services highly depend on running applications and device configuration.

Cyber Security

Edge Gateways are being delivered with “egOS” - a Linux operating system designed specifically for edge applications with the highest security requirements. Its stability, reliability and security are achieved through regular updates and patches. The system is optimized for building a scalable IIoT infrastructure with integrated cloud connectivity and container runtime, and fully manageable via SMART EMS.

The following points have to be taken into consideration for secure installation and operation of the Edge Gateway:

Secure Boot

The Edge Gateway is equipped with Secure Boot mechanisms.

Storage Encryption

The Edge Gateway’s Storage is Encrypted.

Use Strong Passwords

Strong passwords are the first line of defense against unauthorized access. If you want to use password based access it is recommended to:

  • Change the factory default password on first login

  • Use passwords with a minimum length of 12 characters or more

  • Use a combination of uppercase and lowercase letters, numbers, and special characters (e.g., !@#$%^&*)

  • Do not use easily guessable patterns, such as sequences (e.g., “123456”, “abcdef”), repeated characters (e.g., “aaaaaa”), or dictionary words

System Hardening

The Edge Gateway’s configuration must be hardened by:

  • Enforcing strong, unique passwords for all accounts.

  • Implementing a least-privilege access model for users and applications.

  • Configuring the OS-level firewall.

Patch Management

A robust process must be in place for testing and deploying security patches for the operating system and all deployed third-party applications. This process must be compatible with the operational constraints of the industrial environment. We recommend using SMART EMS for automated configuration and firmware updates as well as template-based management of devices.

Physical Security

Use of the locked control cabinet (see Section 3) to prevent unauthorized physical access and tampering (e.g., via USB ports) is a critical part of the security model.

Vulnerability Handling

Welotec has implemented a Coordinated Vulnerability Disclosure Policy - please visit the following site for further details: https://welotec.com/pages/coordinated-vulnerability-disclosure-policy