Ability™ Developer Portal
Try Sandbox for free
Get a month of free access to ABB Ability™ Platform to learn and experiment!
API Playground
Play with ABB Ability™ Platform APIs (no time limits)

# Factory Automation Release Notes

The Factory Automation feature for ABB Ability™ Platform consists of three components:

  • Certificate Manager Web Interface (UI)
  • Certificate Manager API
  • Factory Proxy

This page presents you with release notes regarding all these components.

# 23.1.1 Factory Automation

Updated component: Cerificate Manager UI 23.1.1

# New Features

# [108198] PLAT-I-271 - Support for IDevID (802.1AR) standard

# New Functionality

Ability to fetch an Evergreen certificate (IDevId) with support to add a SAN URI

# Resolved Issues

# [105611] - Serial Port connection is unstable

Communication between serial devices from Factory Proxy Module was unstable. This issue is now fixed and there is successful communication between all the configured devices.

# [102449] - Big space in a log

The logs had unexpected spaces between 2 words. This issue has been fixed now.

# [95577] - Access Token acquisition fails constantly

Proxy was not able to get token from AAD. This issues has been fixed now.

# [95543] - A typo in token acquisition error message

Token acquisition was failing, making it impossible to retrieve app credentials from the TPM. This issue has been fixed now.

# [112302] - Factory Proxy container couldn't be recovered after the IPC

After operating for a while, the IPC Machine—which is running a factory proxy—ran into a memory-full issue. This issue has been fixed now.

# [93183] - Factory Proxy installer reserves the ports for local host usage similar to Ability Edge which is not required

Similar to Ability Edge, Factory Proxy reserves the ports when they are not needed. Now that this has been resolved, just the ports required for internal use are reserved.

# [120241] - Error Logs for Certificate Sign Request not displaying in Module Logs

The module was made to wait for a response while sending a certificate sign request for an IDevID certificate without adding any required parameters. This issue has been fixed now.

# [120663] - CMAPI doesn't allow old profiles to be included while updating old proxies or creating new proxies

When updating the existing proxy and making new proxies, there were various issues that appeared. Now, this is resolved.

# 21.4.1 Factory Automation

Updated component: Cerificate Manager UI 21.4.1

# New Features

# [81385] - Various security improvements

# New Functionality
  • Updated Microsoft Azure Storage SDK packages for Node.js and JavaScript to the newest version
  • Updated GraphQL-related packages to the latest version to minimize the impact of known vulnerabilities
  • Added events emitted by the Portal application to collect audit logs

# [83798] - Internal infrastructure changes

# New Functionality

The Certificate Manager Portal infrastructure is now based on Azure Kubernetes Services instead of Azure App Service Environment. Removing this dependency will allow a future Global update to use more cost effective components.

# 21.3.1 Factory Automation

Updated component: Factory Proxy 1.0.1

# Factory Proxy 1.0.1

# Resolved Issues

# [90281] - Factory Proxy cannot handle the removal of existing modules

Factory Proxy was not handling the removal of existing modules properly when the configuration was updated to remove the module. This issue is now fixed.

# [90283] - Factory Proxy does not validate mandatory parameters properly

Factory Proxy wasn't validating the Image field and other mandatory parameters before creating the service. This issue is now fixed.

# [92709] - Response timestamp is not formatted in ISO format

This issue is fixed, and the timestamp in the successful response payload is in ISO format.

# [93120] - Factory Proxy exception while getting enrollment status request when count = 1000

"Error while copying content to a stream" exception occurrences in the factory proxy logs. This was happening when attempting to process the Enrollment Generate request where count = 1000.

The issue was not observed in this version of the Factory Proxy.

# [93269] - Deadlock when restarting the broker due to the issue with the MQTTnet library

When the proxy tried to send a response to the module upon restart, the unavailability of the broker due to, e.g. a broker update, was resulting in a deadlock in the MQTTnet library, causing the proxy to hang forever. This prevented it from forming a connection with the broker and responding to requests from the module. The temporary workaround was to restart the factory proxy if the broker connection fails continuously.

This issue is now fixed. The MQTTnet is upgraded to 3.0.16.

# Known Issues

# [95568] - Factory Proxy - not authorized error - unable to connect with a broker

If the authentication between proxy and broker fails after the Factory Proxy image was updated via CM Portal, a restart of the broker container is required.

# [96218] - Failed to retrieve swarm key after an abrupt shutdown (B&R 3100)

This issue is under investigation.

# 21.2.1 Factory Automation

# New Features

# [66998] - Factory Proxy for Manufacturing Workflow Automation (Ability PKI Automation)

# New Functionality

Factory Proxy is a part of the Ability PKI Automation systems, which serves as a client to the Certificate Manager Service, which is hosted in the Ability Global plane.

Factory Proxy provides MQTT-based connectivity to the custom modules (developed by ABB Bussiness Areas) to enable the devices to obtain Ability PKI Certificates during manufacturing.

It accesses Certificate Manager APIs securely for enrollment code and certificate sign request. It uses docker swarm container orchestration and supports Ubuntu 20.04 operating systems.

The client credentials and docker registry credentials are stored securely in TPM and follow ABB MCSR requirements and best practices regarding the secure design. Ability PKI Automation system consists of the following elements:

  1. Factory Proxy Installer - a Debian package that helps the user install required components and do the necessary configurations of factory proxy for the first time.
  2. Factory Proxy Docker Image - a runtime Docker image that is cloud managed and configurable using APIs in Certificate Manager.
  3. Factory Proxy Broker - a Mosquitto MQTT Broker that enables publish/subscribe messaging communication between factory proxy and custom Bussiness modules using Factory Proxy Module APIs.

# [74945] - Certificate Manager API

# New Functionality

Certificate Manager API is a cloud service dedicated to managing Ability PKI certificate enrollments as well as storing internal data about Factory Proxy. API clients can perform the following operations:

  • store Ability PKI profiles
  • store information about factory proxies
  • enrollment codes generation with automatically generated device identifiers in the Global ID Service.
  • Ability PKI certificates signing

# [79335] - First release of Certificate Manager Portal providing workflows for the roles of: PKI Admin, Production Admin, Revocation Admin

# New Functionality

The Certificate Manager Portal provides functionalities that are mapped to specific roles defined by Azure Active Directory groups (PKI Admin, Production Admin, Revocation Admin). This web application consumes Certificate Manager API to provide the following capabilities:

  • Authentication via Azure Active Directory credentials within 'ABB' Tenant
  • Authorization based on predefined roles: PKI Admin, Production Admin, Revocation Admin
  • PKI Admin cases:
    • list, view, register, and update Certificate Profiles
    • Update Ability PKI API Key
  • Production Admin cases:
    • list Certificate Profiles
    • list, view, register, update and delete Factory Proxies
    • retrieve Certificate details of a Device

# Known Issues

# [90628] - Proxy does not load when turning off Hyper-V Virtual Machine

When using the "Turn off" option in the running factory proxy Hyper-V Virtual Machine, the proxy does not load upon restarting the virtual machine. This issue occurs only in Hyper-V environments. The recommended way to stop the Hyper-V Virtual Machine is to use either the "Shut down" or "Restart" menu options.

# [92709] - Response timestamp is not formatted in ISO format

The timestamp in the successful response payload is not in ISO format. This will be addressed in the next update.

# [93120] - Factory proxy exception for get enrollment status request when count is greater than 1000

An "Error while copying content to a stream" exception occurs in the factory proxy logs. This happens when attempting to process the Enrollment Generate request where count is greater than 1000. This will be addressed in the next update.

# [93269] - Issue in MQTT .NET library used by proxy results in deadlock when broker restarts

When the proxy tries to send a response to the module upon restart, the unavailability of the broker due to, e.g. a broker update, results in a deadlock in the MQTT .NET library, causing the proxy to hang forever. This prevents it from forming a connection with the broker, and respond to requests from the module. The temporary workaround is to restart the factory proxy if the broker connection fails continuously.

# [93416] - Enrollment list contains operationIds made by another proxy when module id is the same

The problem reveals itself in the following situation:

  • proxy 1 is created with application A
  • proxy 2 is created with application B
  • proxy 1 and proxy 2 create an enrollment operation, each providing the same module Id value (module Id is not restricted and can be any string)

When using either application A or B to list the enrollment operations, both applications can see each other's enrollment operations which belong to the same module Id. When module names are different, enrollment operations lists are filtered properly.

Last updated: 3/2/2023, 10:41:38 AM

Deprecations

Feedback