Edge Device Security
The MachineMetrics Edge device is a hardened, purpose-built data collection appliance on your shop floor. This page covers how data is transmitted, buffered, and protected on the Edge.
Data Transmission
Edge to Cloud
All Edge-to-cloud communication uses HTTPS (port 443), TLS 1.2+ encryption, and unique device API keys. Data is transmitted outbound only (application data flows from Edge to cloud).
Buffering & Backfill
During internet outages (Edge still powered), data is buffered locally on the Edge device and backfilled when connectivity restores. During power loss or local network issues, data cannot be captured and is not recoverable.
MachineMetrics can only backfill data that was successfully captured by the Edge device. Extended outages may result in permanent data gaps.
Device Security
| Feature | Description |
|---|---|
| Encryption | All data encrypted in transit (TLS) — no plaintext |
| Inbound | Limited to secure firmware/software updates (no general-purpose open ports) |
| No OS Access | No terminal login capability |
| Service Isolation | Each service runs in isolated Docker containers |
| Hardware Keys | Unique private key per device |
Network Architecture
- Data flow: Application data is sent outbound to the cloud; Edge initiates those connections
- Updates: Inbound access is required for firmware and software updates; limited to the update channel
- Network isolation: Separate interfaces for machine network and internet
- VPN for maintenance: Secure tunnel for remote diagnostics (limited access, MFA required)
Device Hardening
- External boot options disabled in BIOS
- No user accounts or interactive logins
- Minimal Linux operating system
- Automatic OTA firmware updates for security patches
- Configuration stored in cloud (easy device replacement)
- Data may reside briefly on the Edge during collection and transmission but is not retained long-term
- Device API keys can be revoked remotely if compromised
Will I lose data if I lose internet connectivity?
Short-term outages: No. The Edge device buffers data locally and backfills when connectivity restores.
Extended outages or power loss: Data generated while machines cannot communicate with the Edge device is not recoverable.
Related Articles
- Data Handling & Privacy — Data ownership, cloud storage, retention
- Network Requirements — Firewall rules, ports, bandwidth
- Security Overview — Certifications, encryption standards