By Benson Hougland, Opto 22

In part 1 of this article, we introduced the dilemma faced by a glass products manufacturing company in Ohio: data from manufacturing lines needed to appear in a web-based user interface (UI) the company’s supervisors already used. In this month’s conclusion, we’ll see how an EPIC system offers significant options for automation and IIoT projects that help future-proof this investment. 


Unlike older automation controllers, an EPIC device includes tools to help you make your system as secure as possible. Security starts when you are required to set up an administrator account before you can use the device—there is no default username or password. A firewall is built in, communications are encrypted, user authentication is required, and inbound connections are blocked by default. It’s still your responsibility to follow best practices and ensure the security of your system, but an EPIC device gives you the tools to help. 

Gateway Functions

Because it has more than one independent network interface, an EPIC device can keep your control system network segmented from untrusted networks. An untrusted network, for example, would be a company computer network with an internet connection, which might be accessible by unauthorized users, including hackers.

Included HMI

Visualization to the system is built into an EPIC. The included HMI runs on the EPIC’s integrated touchscreen or remotely on any brand computer or mobile device with a web browser. You determine the data that appears in the HMI, which is not limited to the EPIC but can include any data and controls from equipment, software, and online sources that are appropriate for your project and your users. You also control all user access rights to the HMI, based on role. 

Glass Manufacturer: Solution

Data Communications

When data from an EPIC device needs to be used in other systems or software, many methods are provided to do so, including ports on the controller and a variety of software and protocols to make data transfer easier.


An EPIC system is modular, so I/O can be changed or added to meet changing needs. More EPICs can be added when your application grows. An EPIC device can act as a supervisory controller for other EPICs or industrial controllers, or each EPIC can run independently and share needed data. 


For traditional real-time control, an EPIC system offers reliable I/O channels and multiple options for control programming, including flowchart-based programming and familiar standard languages like ladder logic and function block diagram. 

Software Upgrades

Like a smartphone or computer, an EPIC device can be updated to add new features just by installing a software upgrade. You don’t have to replace hardware or change field wiring, and you don’t even have to be where the EPIC is located, although you can be if you wish. Upgrades are installed through the EPIC’s web-based management program, either from the EPIC’s onboard touchscreen or from a computer or mobile device.


So how could an EPIC device help our glass products manufacturer and our OEM with their projects?

Glass Manufacturer

The glass products manufacturer already uses PLCs to control their existing manufacturing lines. An EPIC device can connect to these existing PLCs and communicate their data. 

The manufacturer won’t need to purchase PLCs for the new lines they’re going to add, however. EPIC processors can be used instead, connecting directly to sensors and actuators to provide control, while communicating data wherever it is needed. 

Because the EPIC provides data in standard engineering units, no conversion software is required. Once configured with plain-language names, I/O channels are available automatically as tags in all EPIC software, so no spreadsheets are needed to keep track of points.

Incorporating production goals and sales from the company’s database is simpler with an EPIC, which includes software such as Node-RED to acquire that data through pre-built nodes. Data from all sources—PLCs, sensors and devices wired to the EPIC, and the company database—is easily made available to authorized users in the EPIC’s HMI software. 

Using EPIC devices also makes future changes or expansion easier and more secure. In addition to providing connections to PLCs and databases, an HMI, and real-time control, an EPIC can also move data among OPC servers, business systems like MES and ERP, and cloud services and software. 

Data from new sources can be added to the system without middleware. IIoT connections are encrypted and authenticated. New data, controls, and authorized users can be easily added to the HMI, with changes pushed out to users. You can see the possibilities in the image on the previous page. 

With an EPIC device, the OEM can use a pub/sub communication method, like MQTT, to acquire data from ovens at customer sites, without compromising security.


The OEM’s engineers discovered the solution to both their security and cost concerns when they learned about EPIC devices.

An EPIC at the oven replaces the PLC or industrial PC—or both—that used to be required. The EPIC is wired directly to sensors and actuators in the oven and provides control, monitoring, data processing, communication, and visualization in a single unit.

For control programming, the OEM can use flowcharting, IEC 61131-3 languages, or Secure Shell access (SSH) for a custom program running on the Linux OS. For an improved HMI, the OEM has choices:

  • On smaller ovens, the EPIC’s built-in touchscreen can provide local visualization.
  • On larger ovens, an industrial monitor can be added, plugged into the EPIC’s HDMI port. 
  • For all ovens, the OEM can build a secure web-based HMI for use on computers and mobile devices. This HMI can be used by customers and also by the OEM.

Because the EPIC’s system management software is web-based, the OEM can apply software updates and manage the oven from their location, rather than having to go to the customer’s site.

Secure Data from Customer Sites

Perhaps the greatest advantage of an EPIC device for the OEM, however, is the ability to get the data they want from their ovens at customer sites, without causing security issues for the customer. 

In addition to the usual request/response method for data communication, an EPIC offers another method: publish/subscribe. 

Publish/subscribe, or pub/sub, works by setting up a central broker, either on premises or in the cloud. The broker handles all data communications. Each data source sends data to the broker only when it changes (report by exception). Equipment and software that need data subscribe to only the data they need, and they receive it from the broker only when it changes. 

Most important from a security standpoint, all communications are device-originating, outbound-only connections from the EPIC to the broker over secure, encrypted connections. (Secure, device-originating, outbound connections are normally permitted by most IT departments.) Once initiated, data can flow in both directions. Firewalls allow outbound communications, so there’s no need to open unsecure ports in firewalls. Security is maintained and IT involvement is reduced.

Because it greatly reduces network traffic and maintains security, a pub/sub communication method is ideal for remote locations. With an EPIC at their ovens, the OEM can set up a pub/sub broker at their facility or in the cloud and transfer data from ovens at customer sites, via outbound communications, anywhere they need to use it. For example:

  • In the HMI for monitoring and controlling
  • In a database for analysis to improve oven design
  • In software for tracking individual customer service
  • In online artificial intelligence and machine learning services for analyzing wear and determining preventive maintenance schedules, or predicting when failures might occur to reduce or eliminate downtime.


The first EPIC device on the industrial automation market comes from Opto 22, a controls manufacturer with more than forty years of experience, who designed their groov EPIC® system to meet the present and future needs of automation engineers. Their EPIC device was released in May 2018, and quarterly software updates since then continue to add significant features.

Manufactured in the U.S.A., Opto 22’s groov EPIC has the characteristics of an edge programmable industrial controller discussed in this article. A short list of its hardware features includes:

  • Open-source Linux® OS, industrial quad-core ARM® processor, solid-state drive, 6 GB user file space 
  • Two independent Gigabit Ethernet network interfaces, plus HDMI and USB ports for an external or touchscreen monitor, serial networking, WiFi adapter, or other uses
  • Integrated high-resolution color touchscreen for system configuration, management, and HMI
  • Guaranteed-for-life I/O modules (discrete, analog, serial) with 8-24 channels per module and a wide variety of signal types. I/O is hot-swappable and self-discovering. Channel-to-channel isolation is available.
  • Stainless-steel 4-, 8-, or 16-module chassis, DIN-rail or panel mounted, with integrated power supply (AC, DC, or pass-through)
  • Easy-access spring-clamp terminals with a covered wireway; 28–14 AWG wire
  • Wide -4 to 158 degrees Fahrenheit (-20 to 70 degrees Celsius)  
  • UL Hazardous Locations approval and ATEX compliance

This EPIC device also offers an array of software for control programming, HMI development and runtime, and data sharing (all software is included in the EPIC processor’s purchase price except as noted):

  • Web-based system management software for tool-less configuration, commissioning, and debugging, onboard and from anywhere on the network 
  • Flowchart-based control programming with optional scripting 
  • Support for all IEC 61131-3 compliant control languages, including Function Block Diagram (FBD), Structured Text (ST), Sequential Function Charts (SFC), and Ladder Diagram (LD) through the CODESYS® Development System
  • HMI software for building and securely viewing operator interfaces from the EPIC’s touchscreen and from any mobile device or PC with a web browser
  • Ignition Edge® (a product of Inductive Automation®) to connect to any OPC UA server, with OPC-UA drivers to Allen-Bradley® and Siemens® PLC systems and Modbus®/TCP devices (extra cost)
  • Publish/subscribe method for efficient data communications (MQTT transport protocol with Sparkplug payload; extra cost)
  • Open-source Node-RED for wiring together APIs, cloud applications, and databases using pre-built nodes
  • RESTful API to the EPIC processor and HMI software
  • Optional secure shell access (SSH) for developing and running a custom application using C/C++, Python, or other languages (extra cost)


As we’ve seen, EPIC devices offer a new kind of industrial controller—an edge programmable industrial controller that not only gives automation engineers real-time control for all kinds of traditional automation applications, but also positions them to be able to provide the IIoT and data-based tasks companies want to do now. 

EPIC devices free you to focus on what you want to do: connect legacy systems and smart systems, get data, transform it into actionable information, visualize it when and where you want, and perform real-time control. 

Because EPIC systems are so scalable, they can be applied to smaller applications and then expanded with virtually no limitation. You can see how EPIC can work for you before committing significant resources.

An EPIC device offers a simple, secure, maintainable, and cost-effective solution for data communication. If solving your latest challenge involves complex steps, expensive middleware, or security issues, take a look at an EPIC device. You may very well find it can shrink those steps, reduce your costs, and help provide the security you need.


Siemens Digital Industries Software, a business unit of Siemens Digital Industries, is a leading global provider of software solutions to drive the digital transformation of industry, creating new opportunities for manufacturers to realize innovation. With headquarters in Plano, Texas, and over 140,000 customers worldwide, we work with companies of all sizes to transform the way ideas come to life, the way products are realized, and the way products and assets in operation are used and understood. For more information, visit

With thirty years’ experience in IT and industrial automation, Benson Hougland drives strategy for Opto 22 products connecting the real world to computer networks. Hougland speaks at trade shows and conferences, including IBM Think, ARC Forum, and ISA. His 2014 TEDx Talk introduces non-technical people to the IoT. 

Opto 22 designs and manufactures industrial control products and Internet of Things platforms that bridge the gap between information technology (IT) and operations technology (OT). Based on a core design philosophy of leveraging open, standards-based technology, Opto 22 products are deployed worldwide in industrial automation, process control, building automation, industrial refrigeration, remote monitoring, and data acquisition applications. For more information, call 951.695.3000 or visit

Did you enjoy this article?
Subscribe to the FREE Digital Edition of Modern Pumping Today Magazine!