Nerve Features

The hypervisor's hardware-based separation provides perfect isolation for real-time performance, reduces complexity and significantly increases run-time security.

Nerve DNA, short for Deterministic Node Automation, is a mechanism for simplifying edge commissioning and scaling roll-out agendas. Using a declarative approach to configuration, the user can list all applications and configuration definitions in a DNA file. The DNA file is sent to the edge devices for application.

Nerve incorporates a wealth of features to ensure that the system is always secure and that production data is protected. All connections are secured with TLS. Nerve is regularly penetration tested. Software processes comply with IEC62443 4-1.

Nerve Nodes provide full functionality even if, for whatever reason, they are disconnected from the Management System. When a Node comes online, the Management System synchronizes with the Node and recognizes any changes made while it was disconnected.

Nerve can be managed through an API for automating repetitive tasks or for connecting the Nerve Management System to other systems.

All system events, audit logs, edge events and applications are logged centrally. Pre-configured dashboards allow users to get started quickly.

Nerve Edge SW can run on any IPC. For guaranteed real-time performance a device qualification service is available. Nerve without real-time capabilities can be used as VM in virtualized environments.

Production mode hardening: Additional platform protection through a mode where every operational state of the Edge is closely monitored.

Offline operation: For critical applications where data must not leave the premises, Nerve offers a local operation option.

Read-only file system: Critical parameters and the operating system are stored on a write-protected partition – changes during operation are excluded.

Network separation: Following the “Least Possible” principle, applications receive only the resources and access required for execution.

Encrypted communication: All connections from the Edge to the Management System are secured. Communication occurs exclusively via an outbound port and is protected by secure WebSockets (TLS 1.2).

Integrity and authenticity of every component: Secure Boot and disk encryption form the foundation. Applications and configurations are regularly verified for authenticity.

Signed configuration: The YAML file (DNA) used for configuration is signed, ensuring the Edge is in the intended state and the configuration’s authenticity can be verified at any time.

Central update mechanisms: Software and security updates can be rolled out securely and selectively – not just for individual applications but for the entire operating system.

Fine-grained security parameters: Nerve offers numerous runtime parameters to enhance security – e.g., configuring the number of parallel logins per user or active remote tunnels to the device.

Extensive logging – not just for forensics: The platform meticulously logs every state change of the Edge and applications, as well as every configuration change. Logs are designed to provide valuable insights for maintenance during operation.

Security information and event management via OpenSearch plugins: All logs are stored in OpenSearch. The platform offers various extensions to detect security anomalies automatically or semi-automatically.

Docker container management   

• Nerve Edge can run standard Docker containers. Docker images are securely stored in Nerve's Management Systems registry for distribution to the Edges. Nerve allows to apply persistent configuration files that include specific settings. 

Virtual machine management 

• Nerve Edge can run virtual machines in its hypervisor. Applications and operating systems can be migrated from existing solutions into Nerve. 

CODESYS Applications - 61131-3  

• Nerve Edge supports CODESYS 61131-3 PLC applications as workloads. 61131-3 PLC applications can be programmed and tested using the CODESYS IDE.  

The workload repository in Nerve's Management System holds all applications and their configuration. Workloads are applications with additional parameters needed for their installation and runtime Edges get workloads only from the central repository to ensure security and manageability.

Secure roll out agendas can be driven with the Nerve Management system. Roll outs can include all Nerve Edges worldwide or target only individual Edges. Service personnel can immediately use the Edge after roll-out.

The Nerve Data Gateway can be configured to read data from multiple sources and forward it to deployed applications or clouds. It is configurable for multiple sources and destinations. The data gateway is optimized for high performance, enabling fast cycle times down to 1ms. It is graphically configurable for ease of use. 

The Data Gateway also includes advanced OPC UA server and client functionality. Both server and client support encryption and authentication using certificates or username/password. 

The Data Gateway supports MQTT as an input and output protocol, again with certificate and username/password based security features. Data is formatted in JSON and includes accurate timestamp information. 

For high performance data exchange between applications and the analytics applications, the Data Gateway allows the use of ZeroMQ.

The Data Gateway can send data directly to third-party clouds, such as the Microsoft Azure IoT Hub, giving you a head start on your applications on Microsoft Azure.

Nerve has built-in visualisation for data at the edge. For this purpose, an unmodified Grafana system is integrated. It uses the built-in databases as data sources.

You can connect to services running in workloads, the CODESYS runtime running on the Edge, or the Service OS of the Edge itself. Remote tunneling can be used to connect to, for example, a web-based user interface (UI), a command line or a FTP server.

The tunnelling mechanism can also be used to access and configure devices in an edge's network. For example, engineering tools can access the local OPC UA Server.

Nerve gives you remote access to workload screens and shells right in your browser. This also allows you to observe the boot and shutdown process of a workload.

Nerve integrates the CODESYS runtime inside the Service OS isolated from other processes. CODESYS applications are written in 61131-3. The runtime can be reached with Remote Services and the CODESYS 61131-3 PLC applications can be distributed to nodes via the Nerve Management System and are fully managed.

The Soft PLC supports multiple fieldbus protocols. It can act as an EtherCAT master, Modbus Master, PROFINET master and PROFINET device. Nerve supports a dedicated, high speed network port for the fieldbus connections to CODESYS.

The CODESYS Soft PLC runs down to 1 ms cycle time, taking advantage of the computational power of Intel CPUs.

The CODESYS Soft PLC includes retain variable support. Nerve provides a library to help users with this feature.