Skip to content

Setup Industrial Asset Hub

Configure users

Security advice

The credentials for a Server user are created as a self-service function via the Xcelerator Admin Console. Industrial Asset Hub administrators must be aware of the sensitivity of server user credentials and take responsibility for their secure handling, transport, storage and sharing. It is strongly recommended to:

  • Encrypt the credentials on transfer
  • Store them at a secure location
  • Restrict the access

Users and roles

Once a user has been added to the Xcelerator Admin Console, they will have access to the Industrial Asset Hub application. By default, the first user to access the IAH becomes the Administrator. All subsequent users of the application will automatically be assigned the role with the least permissive privileges. The IAH administrator can reassign roles to users as required and extend the functionality that users can access.

For more information, refer to the API definition of the authorization service or to the Access management.

IAH setup with Industrial Edge

The Industrial Asset Hub (IAH) provides transparent status of field devices connected via the applications SIMATIC Automation Tool and Asset Gateway installed on Industrial Edge Devices (IED). The SIMATIC Automation Tool allows connection to assets on the same network as the IED. This manual describes the onboarding of the IED and these applications to the IAH.

Note: All following actions done with the IAH UI can also be done with the API. See Programming Interface.

Industrial Edge Setup

The Industrial Edge environment, Industrial Edge Management and Industrial Edge Devices shall be set up in accordance with the Setup guidelines and recommendations of Siemens Industrial Edge.

To allow connectivity with the Industrial Asset Hub backend please ensure the network endpoints are reachable according to the Network security overview.

Onboarding the IED to the Industrial Edge Management (IEM)

This documentation describes the steps to onboard an IED to the IEM for your convenience. For more information, please visit the online documentation of Siemens Industrial Edge. Details are provided under the section Get Started & Operate.

The IED needs to be onboarded to the Industrial Edge Management. The IED has to be connected to a network, that can reach the IEM as well as the IAH, as well as to the network allowing to reach the assets.

Note: Use Google Chrome as other browsers may encounter compatibility issues.

To onboard the IED perform the following steps:

  1. Get the IP address and MAC address. One way of obtaining this information is to connect a screen to the IED and startup the IED. When started up, the IED displays its IP address and MAC address on the screen. Alternative methods can also be used, like a switch management system. Both information, you will need for the onboarding, so please remember them. Connect your computer to a network, that can reach the IEM as well as the IED and enter the address of the IED, for example https://<Industrial Edge Device IP>.
  2. Connect to the IEM, for example https://<Industrial Edge Management System Address>.
  3. On the UI of the IEM, navigate to Edge Devices and add a new Edge Device (IED) via press + (New Edge Device) at top right corner.
  4. Give the Edge Device a name, specify a username and a password. The username and password are required to connect to the IED.
  5. Press Next, add a network and the MAC address of the IED to complete configuration.
  6. On the IED, import the onboarding file.

Configuring the IED

The IED needs a network configuration, especially a layer 2 network allowing to connect the SIMATIC Automation Tool to the assets.

The following figure shows an example network architecture. This example contains an Industrial Edge Device, which has the IAH applications installed. Network discovery for assets which are connected on the cell level requires the configuration of Ethernet communication layer 2 access. The Asset Gateway needs connectivity to the Industrial Asset Hub services in the cloud.

uml diagram

Figure: Example Network Architecture


To configure the network, perform the following steps:

  1. Connect to the IED.
  2. On the IED, complete the configuration of the network, configuring the layer 2 network allowing to be accessing the assets. The result should look like the figure below.


Figure: Network configuration of the IED

GRPC Registry Configuration in Asset Gateway

To support communication with other applications installed on the IED (e.g. Asset links), the correct grpc registry must be set in these applications:

  • Host name: grpc-server-registry
  • Port: 50051

Deploying the applications to the IEM

The Asset Gateway application must be deployed on the IEM. Also, additional Asset links can be used for the asset discovery, e.g. SIMATIC Automation Tool or Asset Link SNMP.

Figure: Applications in the catalog of the IEM

Deploying the applications to the IED

The Asset Gateway application must be deployed on the IED. Additional Asset links, e.g. SIMATIC Automation Tool or Asset Link SNMP, can be deployed for the asset discovery. The following describes the deployment of the SIMATIC Automation Tool, Asset Link SNMP, PROFINET Asset Service and Asset Gateway.

Deploying the SIMATIC Automation Tool

The applications can be procured from the Industrial Edge Marketplace. Please assign the application to your Industrial Edge Management that you will use for Industrial Asset Hub Gateways.

To deploy the SIMATIC Automation Tool perform the following steps:

  1. Go to IEM / Catalog and click on SIMATIC Automation Tool. The details window will open.
  2. Press Install. The Install App dialog opens.
  3. Select the correct IED, and press Install Now.
    Figure: Install dialog of the SIMATIC Automation Tool

The applications can be procured from the Industrial Edge Marketplace. Please assign the application to your Industrial Edge Management that you will use for Industrial Asset Hub Gateways.

Use the access code 6496 if required for purchasing in the Marketplace.

To deploy the Asset Link SNMP perform the following steps:

  1. Go to IEM / Catalog and click on Asset Link SNMP. The details window will open.
  2. Press Install, then Next in the dialog.
  3. Select the checkbox left to snmp.json, then the Edit icon (pencil) at the right.
  4. An editor window will open, add the relevant SNMP discovery profiles and press Update.
  5. Select the correct IED, and press Install Now.

Note: The SNMP configurations from snmp.json are applied for the scan. If no configuration is provided, it defaults to V1 and V2c settings with the public community string.

Figure: Install dialog of the Asset Link SNMP


Figure: Configuration dialog for the Asset Link SNMP

Example SNMP json
{
    "discovery_profiles":[
        {
            "version":"SNMP V2",
            "readCommunity":"public",
            "writeCommunity":"private",
            "port":161,
            "timeout":2000,
            "retry":3
        },
        {
            "version":"SNMP V1",
            "readCommunity":"public",
            "writeCommunity":"private",
            "port":161,
            "timeout":2000,
            "retry":3
        },
        {
            "version":"SNMP V3",
            "readCommunity":"public",
            "writeCommunity":"private",
            "port":161,
            "timeout":2000,
            "retry":3,
            "userName":"",
            "contextName":"",
            "engineId":"",
            "securityLevel":"AuthPriv",
            "authProtocol": "SHA",
            "authPassword":"",
            "privProtocol": "AES256",
            "privPassword": ""
        }
    ]
}


Deploying the PROFINET Asset Service

To deploy the PROFINET Asset Service perform the following steps:

  1. Go to IEM / Catalog and click on PROFINET Asset Service. The details window will open.
  2. Press Install.
  3. Select the checkbox left to connector-config.json, then the Edit icon (pencil) at the right.
  4. An editor window will open, replace cssvcregistry by grpc-server-registry and press Update.
  5. Press Next.
  6. Select the correct IED and press Install Now.

Deploying the Asset Gateway

The applications can be procured from the Industrial Edge Marketplace. Please assign the application to your Industrial Edge Management that you will use for Industrial Asset Hub Gateways.

Use the access code 2392 if required for purchasing in the Marketplace.

The Asset Gateway deployment consists of two parts:

  1. Add an Asset Gateway and download a gateway-config file or recreate a gateway-config file for an existing gateway in the IAH app.
  2. Deploy the Asset Gateway with the gateway-config file in IEM.


To add an Asset Gateway and download a gateway-config file into the IAH app, follow these steps:

  1. Open the IAH application and log in.
  2. Navigate to the Gateway configuration page.
  3. Click the button at the top right.
  4. Enter the name of the Asset Gateway. Optionally, a description can be added.
  5. For Access groups, if the feature is not used, leave the input field blank. The Asset Gateway is automatically assigned to the default Access group. Enter an Access group to use the feature. In case a new Access group name was entered, the Asset Gateway will disappear until the user is assigned from your administrator to the new Access group.

  6. Click 'Add and download' to receive the gateway-config file including the registration token. The downloaded configuration file expires after 30 minutes. It will then become invalid. A new configuration file can be created with a validity of 30 minutes.


    Figure: Add asset gateway dialog

  7. Once the new Asset Gateway has been added, an entry with status 'Onboarding pending' is added to the Gateway configuration page list.

Note: Duplicate Asset Gateway names are allowed as the Asset Gateway ID can be used as a unique identifier.

To recreate a gateway-config file of an existing gateway in the IAH app, perform the following steps:

  1. Navigate to the Gateway configuration page.
  2. Open the Asset gateway details of the Asset Gateway and navigate to the Connection section.

  3. Click the Create new button to recreate a gateway-config file.


    Figure: Recreate Asset Gateway configuration in Asset gateway details

  4. Confirm the recreate gateway-config file dialog and download the new file.


    Figure: Asset Gateway recreation dialog

Note: Once the status of the Asset Gateway is established the recreate is not possible anymore. Delete and add the Asset Gateway again to obtain a new config file.


The next step is to establish a trusted connection between the physical gateway and the logical entity created in the UI.

Note: Layer 2 configuration is required for the Asset Gateway installation as mentioned in Configuring the IED

To deploy the Asset Gateway to the IEM using the gateway-config file, perform the following steps:

  1. Go to IEM / Catalog and click on Asset Gateway. The detail window will open.
  2. Press Install. The dialog Install App will open.
  3. Select the checkbox left to gateway-config.json, then the Edit icon (pencil) at the right.
  4. An editor window will open.
  5. Copy the data of the downloaded gateway-config file to the open editor from your IEM.
  6. Click Update to perform the onboarding of the related Asset Gateway.

  7. Press Next and select the correct IED. Then press Install Now.


    Figure: Asset Gateway Installation

  8. A successful Asset Gateway onboarding can be verified by reloading the Asset list. The hourglass icon indicating a pending onboarding process will disappear.

Note: In some cases it may be necessary to restart the gateway app after modifying the gateway-config.json file for the changes to take effect.

Update the Asset Gateway

To update the Asset Gateway version of the IED in the Edge Management perform the following steps:

  1. Go to IEM / Catalog and click on Asset Gateway. The detail window will open.
  2. Press Install. The dialog Install App will open.
  3. Leave the gateway-config.json unchecked and click Next.
  4. Select the Edge Device from the list and click Install Now. The update job is now started. The status can be seen on the Job status page.

Deleting an Asset Gateway

For deleting an Asset Gateway, please refer to the following section: Deleting gateway.

Checking the connectivity of the SIMATIC Automation Tool to the assets

  1. Use a browser to connect to the URL/IP address of the IED.

    After a successful installation you will see the apps on the IED (see figure below). Figure: Apps in the IED


  2. To check the connectivity of the SIMATIC Automation Tool, click on the corresponding icon.

  3. This will open a dialog box, then press RESCAN. This will display the associated assets.


    Figure: Assets shown by SIMATIC Automation Tool

  4. The connectivity check sometimes blocks the device discovery process. Therefore, to enable the discovery of IAH, re-start the application SIMATIC Automation Tool.

    Figure: Dialog to restart the application SIMATIC Automation Tool

Checking the connectivity of IAH to the IED

After successfully onboarding and configuring the IED and applications, you should check the asset discovery.

To start the initial asset discovery, perform the following steps:

  1. Open the IAH Inbox page.
  2. Press Scan.
  3. In the Scan network dialog, select an Asset Gateway and an Asset link, e.g. SIMATIC Automation Tool.
  4. Press Scan. The scan progress is reported and when complete, the connected assets are displayed.

Note: If SNMP is selected as Asset link, a valid ip-range of the device to be discovered is required to start the scanning.

Any questions left?

Ask the community