The present embodiments relate to a network device and a method for operating a network device for an automation network.
Intelligent field devices and controllers in an automation network communicate both deterministically via synchronous and asynchronous real-time communication as well as by non-deterministic methods (e.g., using the object linking and embedding for process control (OPC) protocol). Most control programs for such field devices and controllers are designed and compiled with a standardized programming language (e.g., according to IEC Standard 61131). The interaction of field devices and the control in a controller, for example, is configured with an engineering tool such as Step7 and also with the respective device descriptions. In this way, deterministic real-time applications are planned and implemented with exact timing in order thereafter to be loaded onto the field device. Subsequent modification of this real-time application or of the corresponding application image for a field device or a controller (e.g., via the OPC device communication) may not be provided.
To facilitate the modification of configurations or software lifecycle management of real-time applications in field devices and controllers, the real-time application running in the devices may be deactivated, or the field device itself may be deactivated. Alternatively, the system concerned may be reconstructed. In each case, the function of the real-time application in question is significantly affected.
For conventional, non-real-time embedded devices in embedded systems, it is known for a switching to take place from one to another image of the real-time application. Alternatively, the switching may take place from one storage area to another. In such a case, the field device concerned may be rebooted when updated by such an image exchange.
Conventional operating systems used in the office environment, such as Windows or Linux, allow certain operating system updates or updates of virus signatures to be carried out while the system is in operation, and allow the system to continue to be used without restarting. However, these are not safety-critical, real-time applications, as is often the case with field devices.
For updating of key material in embedded devices, mechanisms are known in which two sets of requisite keys are provided in parallel, these having a validity period assigned. When one key set expires, a second key set is activated. The expired key set is updated without real-time requirements and is available when the currently valid key set expires. Such a process is, for example, standardized in the building automation control network (BACnet) protocol for BACnet security. BACnet is supported by building automation or risk management devices.