M2M Blog Article
Programming M2M Terminal Devices: INSYS-Sandbox
Routers used for remote maintenance and remote operation are usually "bored"!!
Their capacity is designed for using fast WAN connections such as; DSL, HSPA or LAN and operating
through encrypted VPN tunnels. However, the high capacity necessary for this is not always
demanded. The devices could take on additional tasks that would otherwise require the purchase and
installation of additional hardware.
Carrying out additional tasks and saving time and effort in the process
Functions that have historically been carried out by external hardware (data logger, small industrial
PCs, etc.) or additional software (data analysis, protocol conversion, FTP, etc.) can often be done very
easily using the INSYS sandbox. The benefits being:

Saving acquisition and maintenance costs for the external components

It is possible to use leaner control centers since data evaluation/filtering is carried out locally

Troubleshooting and spare part procurement become easier (only one contact person)

Adverse installation conditions are avoided (decreased energy requirements, smaller power
supply, fewer cables and less heat generated in the control cabinet).
INSYS sandbox for stand-alone solutions, industry solutions and OEMs
This is the objective of the sandbox found in devices supplied by INSYS icom [Figure 1]:
It is an area separated from the router (chroot jail) that can be used by the user, just like an
independent Linux machine with user rights. Programs or scripts that enhance the functionality of the
router can run in this sandbox. The separation of the router functionality and the sandbox environment
means that the router cannot be disturbed inadvertently by the user. The developer does not need to
know anything about complicated firewall rules, WAN protocols, VPN technologies, etc. It can be used
as if a separate router is connected upstream.
PA_en_M2M-Blog_INSYS-icom-Sandbox_final_RTO.docx / Printed: 25.06.2013 14:05:00
www.insys-icom.de
1/9
Here are a few examples of how the sandbox can be used to solve application tasks:
"Change message" task
A device in the LAN of the router can dispatch e-mails, but the user also wants to receive an SMS
message.
Solution with Python: A small e-mail server is running in the sandbox that accepts e-mails and also
stores the subject as an SMS message. The router will then dispatch this message. An SMTP server
can be implemented with Python that outputs the subject of the mail into a file – the code required to
acheive this is not even half a screen page! Extensions by additional recipients or editing the texts can
easily be added.
"Monitoring" task
A device in the LAN or WAN displays condition information via an HTTP interface. An e-mail or SMS is
to be sent when a value is exceeded. [Figure 2]
1
2
Solution with shell: OpenSource tools such as; wget or cURL can be used to retrieve and
evaluate the HTTP interface of the device regularly from the sandbox. An application in the sandbox
consisting of the simplest case of a shell script that uses "wget" to retrieve the information, evaluates
the information with "grep" and generates an SMS with "echo" that will be sent by the router. An
altrnative alarm is possible using a tool such as- "email". Such a simple shell script consists of a few
lines only.
A more complex implementation with integrated web interface for configuration is available for free to
3
demonstrate how the sandbox can contribute to a functional enhancement of the router.
"Managing files" task
A device located on the LAN side of the router generates more files than it can store permanently.
Solution with OpenSource software: An FTP server can be operated in the sandbox. Apart from its
4
configuration, there is no need for programming. Small and simple FTP servers are available as
OpenSource such as. "bftpd".
1 wget:
http://www.gnu.org/software/wget
http://curl.haxx.se
3 free sandbox image "HTML-Watcher": http://www.insys-com.com/icom/en/lsolutions/sandbox-apps
2 cURL:
PA_en_M2M-Blog_INSYS-icom-Sandbox_final_RTO.docx / Printed: 25.06.2013 14:05:00
www.insys-icom.de
2/9
General task "capturing, storing, visualising data"
A device connected to the serial interface sends measured values continually that are to be captured,
evaluated, visualised or archived.
Solution with C, C++, Python, Perl or Java: The serial interface redirected to the sandbox can be
opened using one of the many programming languages available for the sandbox. The further
treatment of the interface is the same as developed on a Linux desktop PC. Even databases like e.g.
5
SQlite that is suitable for the embedded field can be used in the sandbox for storage. Following
capturing and processing of the data, it can be visualised using an embedded web server.
"Setting time via GPS" task
Devices that are only online from time to time or don't have an Internet connection at the planned sync
time, cannot always synchronise their system time via NTP. Devices with GPS can use this as a
redundant time reference.
Solution: A short code is installed in the sandbox. This reads out the GPS time and writes a sync file
for setting the system time. The time is set with an accuracy of one minute in the attached example
[Figure 4].
Why so much effort, we already have the "cloud" now?
Of course, many of the above examples can also be realised without local intelligence. But there are
some limitations depending on the WAN connection used, such as:

Low band width e.g. for GPRS

Traffic – this may be expensive in particular for international mobile connections

Connections via PSTN, ISDN or even CSD are rarely permanently online

Latency times as they can occur with GPRS or UMTS

Availability of the WAN connections or the cloud services
4 small
FTP server: http://bftpd.sourceforge.net
database SQlite: http://www.sqlite.org
5 embedded
PA_en_M2M-Blog_INSYS-icom-Sandbox_final_RTO.docx / Printed: 25.06.2013 14:05:00
www.insys-icom.de
3/9
The task of filtering or evaluating the data that is not carried out locally must be performed centrally by
a much more powerful system.
How do I develop scripts or programs for the INSYS sandbox?
6
Ready-made sandbox images from INSYS can be downloaded and installed on INSYS icom devices.
They can be modified for demonstration purposes and used as basis for completed applications.
There are images for script language adepts (Bash, Python, Perl). They all contain an SSH server that
allows you to login to the sandbox and program locally on the device immediately. Alternatively, it is
possible to develop a script on the PC first and then copy it to the sandbox for testing.
C or C++ is more suitable for maximum performance. The basic image that provides a lean minimum
environment as a basis for your own programs is recommended for this. C or C++ programs must be
cross-compiled. INSYS provides an SDK for this. It's installation is basically limited to unpacking the
7
packet and creating two environment variables. It is based on the ELDK from DENX and provides
libraries and tools that allow you to run the first C program "Hello World" in the sandbox. More
8
information is available in the form of FAQs . A detailed tutorial helps users with little or no crosscompiling experience.
The resources that can be used in the sandbox depend on what the respective hardware provides and
what is allocated to the sandbox:

serial interface(s) e.g. for MoRoS, IMO, SDSL

IP sockets, e.g. UDP, TCP (no raw sockets for which root permissions are necessary)

I/Os (can be addressed via MCIP 9), e.g. for MoRoS

I2C bus, e.g. for IMO and QLM-W

GPS, e.g. for MLR

100 MByte flash memory that can be deleted from the firmware interface

50 MByte flash memory that can be used exclusively from the sandbox (protected against
reset to default values)
6 Sandbox
images, FAQ and Tutorial and SDK: http://www.insys-tec.com/sandbox
DENX: http://denx.de
8 FAQ and Tutorial: http://www.insys-icom.com/icom/en/knowledge-base/sandbox/FAQ
9 MCIP: a minimalistic IPC protocol: http://sourceforge.net/projects/mcip
7 Company
PA_en_M2M-Blog_INSYS-icom-Sandbox_final_RTO.docx / Printed: 25.06.2013 14:05:00
www.insys-icom.de
4/9

1 MByte temporary file system (tmpfs)

ARM9 CPU (depending on model 166 MHz to 400 MHz)

approx. 10 MByte RAM
Once the development is completed it is very easy to create a sandbox image. An initial image will be
unpacked on a Linux computer for this. Then all files that are no longer used will be deleted and all
new programs, scripts, libraries, etc.will be added. The image can be created by packing it as tar-gz –
And that's it!!
Help, tips
The sandbox area provides the user with a very versatile and powerful tool – it is possible to be a bit
unsure of the best way to develop an application. In particular providing a secure application for data
10
(data protection, data security), industrial systems must not have any loop holes!
INSYS icom can help professionally with sandbox training
11
and project support with the assistance of
one of our sandbox experts or within the "Certified Partner" program.
12
Author
Michael Kress
Development
INSYS MICROELECTRONICS GmbH
IT security: http://www.insys-icom.com/IT-security
Sandbox trainings: http://www.insys-icom.com/icom/en/services/training-courses/sandbox
12 INSYS Certified Partner Program: http://www.insys-icom.com/icom/en/solutions/sandbox-partner
10
11
PA_en_M2M-Blog_INSYS-icom-Sandbox_final_RTO.docx / Printed: 25.06.2013 14:05:00
www.insys-icom.de
5/9
Figures
Figure 1 - Routers of INSYS icom with sandbox
PA_en_M2M-Blog_INSYS-icom-Sandbox_final_RTO.docx / Printed: 25.06.2013 14:05:00
www.insys-icom.de
6/9
Figure 2 - Position of the sandbox in the router firmware
PA_en_M2M-Blog_INSYS-icom-Sandbox_final_RTO.docx / Printed: 25.06.2013 14:05:00
www.insys-icom.de
7/9
PA_en_M2M-Blog_INSYS-icom-Sandbox_final_RTO.docx / Printed: 25.06.2013 14:05:00
www.insys-icom.de
8/9
Figure 3 - Monitoring the HTTP interface using the example of a flood gauge
Figure 4 - The terminal excerpt shows (orange) the time before and (blue) the time after.
Contacts
Product and Partner Management for INSYS Sandbox
Melanie Sternecker
[email protected], +49 941 5869 2-520
Editorial
Robert Torscht
[email protected], +49 941 5869 2-460
German original editon
http://m2m-blog.de/2013/06/10/programmierung-von-m2m-endgeraten-in-der-linux-sandbox/
PA_en_M2M-Blog_INSYS-icom-Sandbox_final_RTO.docx / Printed: 25.06.2013 14:05:00
www.insys-icom.de
9/9