Advantech EdgeBMC

Revolutionizing Edge Computing Management

The Advantech EdgeBMC introduces a cutting-edge hardware solution for remote management tailored to the needs of edge computing. This system harnesses the power of Out-of-Band Management (OOBM), creating a dedicated and secure management channel that operates independently of the traditional internet connection. This innovation allows for unprecedented remote management capabilities, enabling administrators to maintain control over devices even in scenarios where the operating system or BIOS is unresponsive.

Always-On Networking

Ensuring 24/7 Network Viability and Manageability

To guarantee around-the-clock network performance and manageability, it is crucial to establish a strong networking connection. This can be achieved by integrating both in-band and out-of-band subsystems. Implementing these subsystems ensures continuous network operation and facilitates effective network management, regardless of the status of the primary network infrastructure.

Shorten MTTR

Remote Monitoring and Control at the Hardware and Firmware Levels

Enable remote monitoring and control capabilities at both the hardware and firmware levels for your device. This functionality is available even when the system is powered off or out of service, as long as it is connected to AC power. This feature ensures continuous access and control over your device for maintenance, updates, and troubleshooting purposes, enhancing the reliability and efficiency of your operations.

Cybersecurity Protection

Implementing PFR with Advantech EdgeBMC

Advantech EdgeBMC employs Platform Firmware Resilience (PFR) to ensure the integrity and security of system firmware. It integrates a Root of Trust (RoT) and adheres to NIST 800-193 guidelines for authentication. This approach assures comprehensive protection, detection, and recovery of firmware components.

Seamless Integration with DeviceOn

No matter if you're using in-band or out-of-band communication, setting up is effortless. Simply install the SUSI driver and DeviceOn Agent on the in-band OS. Once connected to the DeviceOn Server, it automatically initiates a secure provisioning handshake with the EdgeBMC. This process utilizes TLS v1.3 encryption, guaranteeing the security of your information.

info

DeviceOn Server Deployment on Locally or Public Cloud

For the EdgeBMC, the DeviceOn server can be deployed locally or in the cloud, and it is not limited to the same network segment as the device. The only requirement is that the device has an available outbound connection on port 80 or 443.

After successfully completing the device onboarding process, the EdgeBMC interface is activated, indicated by the EdgeBMC icon lighting up.

Supported Hardware

For more comprehensive information, please visit the landing page.

• AFE-E350
• AIMB-292
• ARK-1251M
• MIO-5354
• MIO-5379
• AFE-R360
• AFE-R760

Integration with DeviceOn

Advantech's EdgeBMC offers complete integration with DeviceOn, empowering users with full control over the current features.

1. Power Management (Out-of-Band)

   

   • Power On
   • Power Off
   • Reboot

2. Sensor Monitoring (Out-of-Band)

   

   • Real-time displaying various sensors in chart diagram.
   • Sensors depends on hardware.

3. BIOS Console Redirection

   

   • 1. Configurable function toggle. User can choose to enable/diable BIOS console redirection.
   • 2. Operation area. After reset device to BIOS and mouse click in this frame, user can remotely control BIOS through keyboard.

4. Remote Flash BIOS

   

   • Limited to specific models. Please contact us to get the latest support model list.
   • Digital signature technology is employed to ensure the authenticity and integrity of the BIOS Image.
   • During BIOS image deployment, data security is guaranteed through encrypted transmission channels and multiple layers of security verification.

Step-by-step: Remote flash BIOS

Step 0: Preparation

• The BIOS image to flash.
• Private key and certification file. Below is sample script to create new private key and certificate.

  openssl req -x509 -newkey rsa:4096 -nodes -keyout private_key.pem -out certificate.pem -days 30

Step 1: Certificate Management

Certificate for verifying uploaded BIOS image in both DeviceOn Server side and edge device side.

1. Open upload dialog.
2. Delete selected certificate.
3. Search box.
4. Uploaded certificate list.
5. Next stage.

Click the upload button to open dialog.

1. Download the sample file for generating digital signature.
2. Generating digital signature. Click the copy button to copy sample script and adjust to fit your files' name.

   openssl dgst -sha256 -sign private_key.pem -out sign_this_sample.sig sign_this_sample.bin

3. Name of the uploading certificate.
4. Open dialog to choose certificate file.
5. Open dialog to choose generated digital signature file.
6. Click button to upload.

After upload and pass verification, the certificate will show in list.

Step 2: BIOS Image Management

BIOS image for deployment to devices.

1. Open Upload dialog.
2. Delete selected BIOS image.
3. Search box.
4. Uploaded BIOS image list.
5. Previous stage.
6. Next stage.

Click the upload button to open dialog.

1. Alias name.
2. Version string.
3. Certificate for verifying this BIOS image.
4. Target for filtering specific devices.
5. Update level.
6. Open dialog to choose BIOS image.
7. Click button to upload.

After upload, the BIOS image will show in list and waiting for verification. Only verified BIOS images can be choosed to deploy.

Click Verify BIOS to open dialog.

1. Download the manifest file for generating digital signature. This manifest file is unique and calculated from the uploaded BIOS image in previous step.
2. Generating digital signature. Click the copy button to copy sample script and adjust to fit your files' name.

   openssl dgst -sha256 -sign private_key.pem -out firmware.manifest.sig firmware.manifest.bin

3. Click button to upload.

After upload and pass verification, the status will be VERIFIED. This BIOS image is ready for deployment.

Step 3: BIOS Image Deployment

Deploy BIOS image to device.

1. Current BIOS in device.
2. Select BIOS image.
3. Downlaod button.
4. Previous stage.
5. Next stage.

Click button to start deployment.

The execution time of this operation depends on the network environment. Deployment took approximately 30 minutes in the Advantech lab.

Step 4: Flash BIOS

Flash BIOS image to device. The device must be POWER OFF for this operation. Ensure that the device is already shut down or is ready for power-off.

1. Installable BIOS image which is already stored in the device.
2. Flash parameters.
3. Start button. This operation will forcely power off the device.
4. Previous stage.

Follow hint to enter parameters, then click button to start flash BIOS.