Technical Keynote

60 min video  /  49 minute read
 

Speakers

Colby Clegg

Chief Executive Officer

Inductive Automation

Carl Gould

Chief Technology Officer

Inductive Automation

Jason Waits

Chief Information Security Officer

Inductive Automation

Kathy Applebaum

Software Engineering Department Manager

Inductive Automation

Paul Griffith

Senior Software Engineer II

Inductive Automation

JJ Coffman

Senior Software Engineer II

Inductive Automation

Developing industry-defining software is no easy task, but someone has to do it. Join our Development team as they highlight recent improvements and upgrades, current developments, and a behind-the-scenes peek at the future of Ignition before answering questions directly from the Ignition community. 

Transcript:

00:00
Carl Gould: Hey. Good morning everybody.

00:11
Colby Clegg: Alright. Hey, welcome to day three.

00:17
Carl Gould: So this morning we have a bit of a presentation prepared. We're gonna go over some things that we've done in [Ignition] 8.1, some things that are coming as well as plans for [Ignition] 8.3, and the timeline I promised yesterday.

00:29
Colby Clegg: That's right. And so we're gonna have a lot of time for questions as always. So start thinking about those. And when the time comes, I'll let you know how that works. There are some runners, I think you've done this thing before in the other sessions.

00:41
Carl Gould: And as the seats imply, we're gonna bring out a panel of experts to help us answer questions because we forget things sometimes.

00:45
Colby Clegg: That's right. Alright, let's get going. So, let's begin by talking about Ignition 8.1. It's been under continuous development for about three years now, and during this time our mission has been to maximize stability, diagnosability, and performance characteristics like scalability and connectivity.

01:00
Carl Gould: So we wanna start with a very brief roundup of some of the big enhancements that we added to 8.1 this past year. There was a number of features that we added that help you digest and work with large projects and large interconnected systems. So we have the Configuration Explorer, which helps you understand how a complex Perspective view is configured without having to dig down through the component hierarchy. We've got the UDT Hierarchy Explorer, which helps you digest complex data models. And we have the Gateway Network Map, which helps you understand how big interconnected systems of gateways are communicating with each other. So all of these features, of course help you, but not accidentally, they also really help our support team jump into big systems and quickly understand what's going on.

01:50
Colby Clegg: Yep. So we also added two new device drivers: IEC 61850, and the Mitsubishi MELSEC Driver. So this is part of our long-term effort to continue to expand the range of Ignition's native communication protocols, because of course, the more data we can pull into Ignition, the more we can do with it.

02:14
Carl Gould: We've also added a modern mechanism to interface securely with email servers for sending out alarms and reports, a bunch of application customization options in Perspective. And we really improved the Vision Module's ability to operate as an HMI in non-English speaking locales with a customizable onscreen keyboard.

02:31
Colby Clegg: So like we said, we just wanted to do a very quick recap of 8.1 because we don't wanna spend too much time on these features because you can go out and read about them on our website, on our blog posts, and I hope above all you've already been using them.

02:51
Carl Gould: Yeah, we're really happy with how 8.1 has shaped up and before we can call it done, there's a few more features that are in flight right now that we want to tell you about that are coming real soon.

03:02
Colby Clegg: So, continuing what I just highlighted about drivers, we've got two more coming up. First, we've got a dedicated Allen-Bradley Micro800 Series Driver. Yeah. So the people have been connecting these devices right now over Modbus and that's okay, but it doesn't support some important things like browsing and strings. So obviously by connecting over Ethernet/IP, we can offer a lot more. We're also releasing a completely rewritten DNP3 Driver. So... sure.

03:37
Carl Gould: Everyone loves DNP3.

03:37
Colby Clegg: Yeah. So this isn't a new driver except for it is because now we've rewritten it to introduce some important features like event-based polling, unsolicited messaging, and then retrieving those sequence-of-event buffers.

03:52
Carl Gould: Perspective is getting a brand new Map Component. This one's gonna be based on Google Maps API, this API offers some additional map capabilities compared to our existing Map Component. Things like configuration through KML and support for additional layering and overlays and directions, as well as a much more sophisticated and capable interaction event model. This feature's actually done already, it's in the nightlys right now and it'll be in 8.1.33.

04:19
Colby Clegg: On the EAM front, which is the Enterprise Administration Module, if you're not aware. We have a relatively simple but very impactful update. So one of EAM's most important features is the ability to help administrate remote systems and upgrade those remote systems. Although those upgrade files can be pretty large. And so customers who are on unreliable networks were really having a hard time getting their files transferred successfully. So we've gone in there and adjusted it to be able to support file transfer resuming so that if there's a problem it can just pick up where it left off and deliver more reliably. So that's gonna be a huge impact. It's a small thing, but it's a huge impact on all those customers who are trying to take advantage of that use case, right?

05:01
Carl Gould: We also have a really important security update coming. So there's a whole bunch of different places in Ignition where we read network input and we interpret it as objects. And there's this category of vulnerability where an attacker might be able to replace one of those objects in that stream with something malicious. Now, up until this point, we've mitigated and protected against these types of attacks by ensuring that we're always reading streams from authenticated sources, basically preventing the attacker from getting into the stream in the first place, which is good, but we have a sort of new more fundamental fix for this entire category of vulnerability coming, where at a platform-wide level, we filter the objects coming in from all the streams and we only accept objects known to be safe ahead of time. So this is pretty important because 40% of the vulnerabilities reported against Ignition actually fall under this category. So again, we've already reported, I'm sorry, we've already fixed all of the reported vulnerabilities that have been found in this category, but with this fix coming, we eliminate the entire vector completely so that they can't pop up again in the future. And last but certainly not least, we have what we're calling the Tag Reference Tracker. I don't even need to explain it, the people know.

06:27
Colby Clegg: We'll skip the next few slides. It's alright you guys. So, we know you've been waiting for this, it's the oldest, most highly upvoted feature on our ideas portal, our ideas forum, and it gets down to that age old question that philosophers and control systems engineers have been asking since the dawn of time. "How is my tag used in my system?"

06:51
Carl Gould: Yeah, so answering this question in Ignition really is not trivial. So Ignition's, part of its charm is all of this dynamic configuration and reusable pieces, right? We've got all these building blocks like templates and views and UDTs and all of that reusability comes with a lot of indirection, and that's all great. We all use that to great effect to build big systems quickly, but it comes at a bit of a cost. And the cost is the ability to inspect your configuration and answer this question. You can't really look at the configuration of an Ignition system and confidently predict where a tag will be used when that application is run.

07:30
Colby Clegg: That's right. So we take a different approach with this feature and instead of trying to statically analyze your project's configuration, which is, as Carl said, pretty much impossible, and this guy wrote an academic paper on static analysis. But anyhow, what we did instead was track all the reads, rights, and subscriptions of the tag so that as the system is used, it indexes all of those references and where they came from. So that then in the designer when you go into the Tag Diagnostic tool, you can see in real time who subscribed, where they're coming from, and where the recent events have happened.

08:04
Carl Gould: Yeah, it's gonna be real nice.

08:06
Colby Clegg: Stamp of approval from Phil Turmel.

08:09
Carl Gould: Yeah, Phil seal of approval. So the feature is done, it's gonna be in 8.1.34, it's in testing right now, and over 300 of you patient contributors on the ideas forum will get your upvote given back to you when we mark it finished. So with this batch of features we just described, active feature development for 8.1 comes to a close. We've put a lot of work into 8.1 over the past few years, and we really feel like 8.1 is in a great position to ride out the remaining three years of its LTS lifespan. Of course, the release train keeps going, we keep fixing bugs, we keep responding to vulnerabilities if they pop up. But major feature development comes to a close and we set out as we keep saying, to specifically improve the stability, the scalability, and the diagnostic capabilities of 8.1. And I really feel like we've achieved those goals.

09:05
Colby Clegg: Well, Carl, would you call it mission accomplished?

09:10
Carl Gould: Well, if we learned anything from this episode of history, maybe that's not a wise claim to make and the work is never quite done, but sure. Let's take it for now.

09:27
Colby Clegg: Alright, well let's pivot to a few other points that aren't related directly to the software itself, but are more in the architecture space. Yesterday in the main Keynote Carl rehighlighted [Ignition] Cloud Edition, which launched this year. When we talk about Cloud Edition, we always do it in the context of this complete ecosystem because, as I mentioned in my opening section yesterday, these are tools upon which to build and the more flexible the tool, the more opportunities there are to build, which has always been our goal. But this morning we wanna highlight a couple of exciting steps we're taking to reinforce the entire ecosystem. So Carl, why don't you tell us about what we're doing with Cloud?

10:07
Carl Gould: I'd be happy to. So as we keep saying, Ignition is really an industrial application platform and in nearly every case, the application you're building on that platform is designed for and used by a single organization. So they might design it and build it themselves. They might use a systems integrator to build it, but in either case, the application, the license of Ignition and the infrastructure is theirs. It's that organization's. So what if you wanted to design an application using Ignition, host it, and then sell the use of that application to multiple end user organizations as a service? So we call this idea multi-tenant hosted architecture, and it's not a new idea. Many of you have asked us about this exact type of use case over the years. The problem has been that until now, you couldn't do this because we specifically disallowed it in our license agreement. And I'm happy to announce that we're changing that. Yeah. It's pretty exciting.

11:16
Carl Gould: So we've decided to allow multi-tenant hosted applications using Ignition Cloud Edition as long as the end users don't have access to the designer or the gateway config UI because then it kind of messes up the whole licensing model as well as some other reasons. But as long as you follow those two restrictions, so Cloud Edition only and no designer access, then it's game on for this idea. So of course there's some challenges to build performant and secure multi-tenant hosted applications, just like there's challenges in building all kinds of applications and we are working on a white paper right now that we will be publishing to help provide some guidance in those areas.

11:52
Colby Clegg: Yeah, what I love about this is that it gets us back to our central belief that the more that we get out of your way, the more innovation can happen. And so I said the applications are where the real value is and this is a big step forward in providing you more power and flexibility in building and delivering incredible Ignition Cloud applications. Okay, so coming back to the entire ecosystem, we've talked about Cloud, we talk a lot about standard Ignition and we will more here shortly, but what about [Ignition] Edge? What's going on there?

12:23
Carl Gould: So we launched Edge five years ago. This is just as IIoT was about to take off. And I think that for a lot of us, Edge and MQTT were really the missing pieces that helped make IIoT a reality. So Edge has been a big success and in addition to the success of the data collection piece, Edge Panel offers a really compelling offer for local visualization and control. And it's been a big hit for building HMIs. So overall, Edge plays a really vital role in a lot of the distributed architectures that we see being showcased here.

12:55
Colby Clegg: Yeah, but can I tell you a secret? It is a pain to sell. See, the functionality of Edge has expanded over time and we've tried to be as flexible as possible with that, but it's resulted in too many combinations of options and that can be confusing. It leads to sales guides like this one and if it looks complicated it is, but it really shouldn't be. And so, this is a trap we fall into once in a while because of course we're always expanding our offering and we're trying to maintain flexibility, but it leads to complexity over time. And once in a while we have to step back and simplify things, which is exactly what we're doing this morning. So today, we're doing a few things. First of all, we're getting rid of device limitations and tag limitations. So now Edge is unlimited. Next, all of the add-ons that we offer, EAM, Sync services, Compute, they're all wrapped into each edition of the product now. But hold on, there's more. We're also including MQTT Transmission [Module] in all editions of the product as well. So you don't have to choose between that or not. And how many editions of the product are there? Two, very simply, Ignition Edge IIoT, Ignition Edge Panel.

14:23
Colby Clegg: And best of all, we've tried to choose prices for these that were very attractive and much lower than all that functionality would've been before. And so this is what people are doing with the software and now we've made it even better. Panel, as I said, includes IIoT now, making that HMI easily play into all of these modern architectures.

14:41
Carl Gould: Right. So these two changes allowing multi-tenant hosted architectures and simplifying Edge are gonna be available in the next few weeks and taken together, I really think they reinforce this whole picture we're creating where Ignition can provide the right pieces and build value at each layer of the infrastructure stack. So now let's transition into the other big changes we can make to improve the whole picture, which is the future of the software itself.

15:08
Colby Clegg: Yes. So let's jump into 8.3. Yesterday Carl discussed at a high level the timeline and some of the key features of Ignition 8.3. So today we're gonna dive deeper. We can start with the timeline because it's a little bit more nuanced than just saying next year.

15:22
Carl Gould: Right. So I said yesterday, the second half of next year, which is true. But there's a number of key milestones. Yeah, it's not, that's a pretty big target. But there's some key milestones, some nuance there that I want to explain. So one of the things to understand about 8.3 is that it represents a pretty significant change to the platform, and that means a big change to a whole bunch of important APIs within Ignition. Now, end users don't have to care about this. You won't even notice when 8.3 comes out, you'll just benefit from increased functionality. But if you're a module author, and I know there's quite a few module authors in the room today, you're gonna have to care about this because you're going to have to adjust all your modules to be compatible with 8.3. And we want to give you at least six months to do that, which means if we want to have a release by the end of the year, which we do, we need to get that API stabilized and released in some sort of early access preview for module developers by June or July. So that's our first key milestone, is that early access. And then we want a public beta out by this time next year.

16:25
Colby Clegg: Alright, so now if you'll allow me to make a little digression into a sales pitch. Don't let your upgrade protection lapse, please. I mean, I'm not gonna tell you have to pay it. That's not what we do. We'll let the other people have required contracts, but I'm just trying to say that you're gonna want to upgrade to 8.3 and you're gonna wanna do it in the best way possible. And we know we're very aware that when 8.3 comes out, it's gonna be about four years since the last major release. But it turns out that even with that timeline, upgrade protection still offers economic value. On top of that, this release is gonna have some updates to some key modules like the Tag Historian. And we always take an approach when we're trying to map either pricing changes or feature changes. We take an approach that gives special consideration to total care customers. Right. So with that, I will get back to our regular scheduled program and talk about 8.3.

17:20
Carl Gould: Okay. So first up, native drawing tools for Perspective. We know that this is a really hotly anticipated feature and really will represent sort of a major maturity milestone for Perspective. We've really committed to providing an absolutely first-class vector illustration suite for Perspective with intuitive controls for nearly the entire range of capabilities represented by SVG. So this drawing environment has been entirely designed and implemented in-house, which means that it integrates seamlessly with the rest of Perspective's features. Most importantly, what this means is that in the drawing environment you also have access to binding configuration for common visual properties like visibilities and fills and colors and stuff like that. So pretty excited about that one.

18:10
Colby Clegg: Yes. Next we have an entirely... Next, we have an entirely redesigned and rewritten web UI for the entire gateway, which we touched on last year, but we'll highlight here again. So not only does this rewrite eliminate a huge chunk of technical debt, old code that we had, modernizing everything, it also offers a lot more functionality. So what we've done is we've introduced much better global search capabilities. We've reorganized all the data, combining configuration and status so that it's much more intuitive to find and clearly presented. And we've added some additional small features like the ability to label and filter all of your configuration items. It's really built for scale to deal with gateways that have many, many objects like devices or other connections. Most importantly, however, this entire interface is driven by a REST API, consistent REST API.

19:18
Colby Clegg: So that means that there isn't anything you can do or see that you can't do programmatically to that API, that means you can integrate it very fully with all of these modern orchestration and scripting deployment tools. So that brings us to the next point.

19:36
Carl Gould: Yeah, so one of the things that really makes Ignition unique, I think, is the way in which it blends all of its OT capabilities and feature set, in a software package that comes with more IT-style sensibilities, and in this case, I don't really mean connecting to IT technologies like databases or any type of data-focused IT technology, what I mean instead is Ignition's ability to behave like a good citizen in an IT-managed environment. So this is something that Ignition is already pretty good at. But in 8.3, we're making a number of really important changes under this umbrella of enterprise deployment management that will solidify this position pretty significantly. So it starts, of course, with Ignition being cross-platform. And these days, this means more than just running on any OS, it also means being designed to run without an OS at all, inside of a container environment. And in 8.3, we are making the following four changes: so first we're adding this RESTful API that Colby just mentioned, so that authenticated external actors can monitor a gateway of status and manipulate its configuration.

20:51
Carl Gould: Next, we are taking all of that configuration out of the internal database and storing it in local files that are human-readable, machine-readable, and diffable, and third, we are adding this concept of a gateway-wide deployment mode. So this is a concept where the gateway can understand its role in the environment that it's deployed in, so what that means that it can change its configuration automatically if it knows it's being deployed in a production environment or it knows it's being deployed in a test environment, and lastly, we are adding compatibility for external secrets management, so this will take secrets like database passwords or certificates required for connections or encryption keys out of the configuration and will allow it to be managed by an external secrets management like HashiCorp Vault. Yeah. It's gonna be amazing.

21:53
Carl Gould: So by doing these four things, I think you all have already sort of guessed at what this is all for, but Ignition will be easily able to be integrated with orchestration systems like Kubernetes. You will be able to easily build a CI/CD deployment system that works with Ignition. You'll be able to integrate Ignition gracefully with source control systems like Git for change management or configuration deployment or both. You'll be able to set up a modern deployment system with managed secrets, strong encryption, proper environmental separation, and if you want, you can use automated testing to verify your changes in nicely separated environments. So these changes are a great example of the "first make it possible, then make it easy" philosophy I was talking about yesterday because it's more or less possible to use a lot of these techniques today with Ignition. It's not exactly easy, but in Ignition 8.3, it will be graceful and easy to do these things.

22:52
Colby Clegg: Yeah, and it strikes me that if you're down in the plant floor, you're thinking, I don't know what any of that means. You don't really have to worry about it, it won't affect you in 8.3, but what this does is really makes Ignition a world-class leader in IT infrastructure support. Okay, so next let's talk about another very popular topic: historical data. Our tag historian system has been pretty darn revolutionary by allowing people to turn SQL databases into industrial historians since Ignition was first released back in 2010. So that ability to store your data in open system built around IT technologies and infrastructure that is storage that is supported and understood by your company has been a huge boon to collaboration and driving this IT/OT convergence that we always talk about. That said, of course, we know now with all this experience, there're a lot of ways that we can improve and expand the system. Historical data is one of the most fundamental aspects of any robust Ignition system, and so we have a couple of very exciting features and improvements planned for Ignition 8.3.

24:00
Carl Gould: So first, let's talk about the concept of historian data at a high level or at a platform level. We know that part of the magic of Ignition is letting you be in charge of your whole technology ecosystem, so you get to connect to the right technology for your setup. This is a really important component of Ignition behaving as a platform. So the first place you see this is with databases, so since the beginning, we've had great support for all the major SQL databases, and when we first built Ignition, relational SQL databases were the most mature and adopted data systems, you could argue that they still are, but since that time, there's been a number of other technologies that have come along that have been developed and become popular, and one of those is, of course, time series databases, which have really matured in the last few years. So when it comes to the concept of a historian, we wanted to preserve our open approach to data, and so that's why our first and foremost mission in 8.3 with historical data is to create a clean and modern historian API so that then both us and third parties can rapidly build systems that can leverage whatever the best technology is.

25:13
Colby Clegg: Right, so we have a few key goals with this project. First to support interoperability such as OPC UA historical access. Next, we wanna leverage all of the native processing capabilities of all of these databases now, exposing that so that calculations and aggregations can be performed in the native system and that's gonna be a huge benefit to performance. We wanna build into the API support for core concepts like data corrections and annotations. We wanna make it easier to expose more types of data through this system, right? Because Ignition already has so many incredible features around this that you can benefit from, for example, the ability to, through one interface, query local remote data from different systems, right? So the more we allow you to expose data through it, the more that functionality becomes even more powerful. Finally, by making it easier to create new implementations, as Carl said, we or third-party authors can develop new ones, and that means that we can develop specialized storage engines for different applications that offer distinct characteristics like being immutable or encrypted or otherwise highly secure.

26:27
Carl Gould: Of course, the first beneficiary of the new API is gonna be us, and we're really excited about what we have in the works for a new local high-performance historian. So we have something coming that we really think is a great blend between a no-configuration local historian that just works right out of the box, but also being highly performant and being based on open and non-proprietary data as well as being cross-platform.

26:54
Colby Clegg: Yes, of course, we know you want a lot more details, and this has been one of the hottest topics around Ignition for years. Unfortunately, we have to ask you to be patient for just a little longer, but we wanted to tease you with this painfully vague graph, that compares some of our early tests to some of the technologies, you know that I use every day, such as MYSQL and our current built-in local historian that's used on Edge all the time. So you see our new system that we're working on right out of the gate is offering a lot of enticing results. Alright, the last feature that we wanted to introduce for 8.3 also is a data-oriented feature. It's a new platform-level construct that we're calling Event Streams. Event Streams will make consuming and processing event subscription and stream data much easier. So let's look at what this means.

27:52
Carl Gould: I tried to explain this yesterday, and it took me about 15 minutes, so we'll see if I can get it through a little quicker today.

27:56
Colby Clegg: You got 1:52.

27:57
Carl Gould: Alright. Let's go. Okay, so Ignition is pretty well known for connecting to lots of different data sources and integrating data across various types of systems, consuming it, organizing it, building applications around it, processing it, etc. These types of activities are at the heart of a lot of Ignition applications, and in recent years, we've invested a lot of effort in expanding our direct connectivity options on the OT side by writing all these first-party high-performance drivers for Ignition, but on the other side, on the IT side, we largely rely on SQL databases, web services, and MQTT brokers as the points of inter-connectivity with other IT systems. But there's been this huge proliferation of technologies on the IT side, message cues and event busses, and pub/sub brokers, and NoSQL databases, and one of the key innovations we've pinpointed that a lot of these systems have in common is that they all leverage some sort of event-based data delivery mechanism, and what this means is that rather than having to pull these systems for changes repeatedly, you can just register a subscription of some kind and be notified when data is changed or new messages arrive.

29:16
Carl Gould: So this inversion of how data flows is a big piece of what makes these systems so performant and so scalable, and what we wanted to do is build something into Ignition at the platform level that would let Ignition participate with all these different kinds of systems really gracefully, either consuming or republishing to these types of technologies. So we're calling this Event Streams, and using an Event Stream, you'll be able to subscribe to various kinds of event data and have a really convenient way within Ignition to process that data, filter it, transform it, and either use it directly within Ignition to help build your application or potentially pass it on to another system. So this is one of those areas where we feel like if we make a platform-level contract we'll be able to connect the dots in some interesting ways that will have an incredible outsized power. So we're pretty excited to bring this feature to life. And if you're not excited, we'll figure out how to explain it better within the next year, but I know that it's going to really bring a lot of utility to these systems that are using an increasingly sophisticated makeup of these various kinds of technologies.

30:31
Colby Clegg: Yeah, and perhaps what we don't capture here very well talking about the external actors is how exciting it is for the Ignition platform itself, because once you have that central hub of event data, so many features that you already use can be tied together more seamlessly: SFCs, transaction groups, tags, tag history all that stuff. So it is gonna be very exciting. Alright, so with that, we're wrapping up our presentation of 8.3, and I think that one takeaway I've had through the conversations that I've had with so many of you over the last couple of days is that this is on the right track. So many ideas, so many projects you're working on benefit so much from these features, so we're very eager and excited to get them to you.

31:16
Carl Gould: Yeah, absolutely, and I think we should bridge into a Q&A because traditionally this part of the conference, the most fun part is getting the...

31:27
Colby Clegg: I was trying to stall, but let's do that.

31:29
Carl Gould: Yeah.

31:29
Colby Clegg: So, now I'm gonna transition into moderator role, and we're gonna introduce our incredible panel that we have, we have a great group of people that have been here in Inductive Automation for a long time, so help me to welcome Kathy Applebaum, our Software Engineering Division Manager. We've got JJ Coffman, our Senior Software Engineer II. Jason Waits, our Chief Information Security Officer. The people's hero, Paul Griffith, Senior Software Engineer II. And then there's Carl. So let's go. Alright, we wanna start... I'll start with... Okay. So as I said, there are mic runners, raise your hand they'll come find you. We're gonna start with just a little bit of content for each of them. I wanna start with Jason and ask you kind of what you've been working on from a high level, you've been in your role now for a year, what's going on with the company, from the security point of view.

32:37
Jason Waits: So in the last year, we launched a new security portal and status page, so the security portal is a high-level overview of our security program, it's a summary of all the major things we've implemented. You can go find the one that interests you, click on it, drill down, get a couple of paragraphs about endpoint security, application security, cloud security, or whatever you're interested in. We try to keep it as updated as possible. If you scroll all the way to the bottom, there's a security bulletin section where we post updates about vulnerabilities in Ignition, if there's a major breach in the news, we might affirm that we're not affected, and so we're continuing to add that. We also launched a status page which is the real-time operational status of all customer-facing infrastructure, the website, the license and activation servers, the forums, the support portal, so if you ever think there's an issue or disruption, you can go there and check. Both of these pages allow you to subscribe, so you can add your email and get real-time notifications for breaches, vulnerabilities, or outages that affect you, so it's definitely worth checking out at least once, and subscribing to those features.

33:51
Colby Clegg: Excellent. Yeah.

33:53
Colby Clegg: Wonderful. Okay, so Kathy, so what can you tell us about how the department has been functioning this year outside of the features that we just heard about today?

34:02
Kathy Applebaum: Yeah, we love to talk about the big features because it's easy to make a nice flashy presentation, but of course, that's not all we do, we've fixed 503 bugs since the last ICC. We've completed 202 tickets for technical debt, so these are things like fixing a bug that no one's reported yet, but we happen to notice or upgrading a library because we're concerned there may be a security vulnerability, or just putting up code, so it's easier for the next developer to add that great new future. And we've added 173 new features, so probably everyone in this room has used one of the new features that we've added in the last 12 months. We also managed to do 11 releases in that time, a lot of the heavy lifting for those releases come from our QA Department, I can't thank them enough for doing all of that work, and speaking of QA, this is the number of released regressions that we've had in the last three years, and you can see that's dropped dramatically. Yeah.

35:04
Kathy Applebaum: And we particularly track released regressions because these are things that used to work and didn't. And these are pain points when you upgrade, we don't want you to have any pain points, a lot of this is thanks to our QA Department. They now have over 7,000 automated tests that run with every release of Ignition. That number 7,000 blows my mind. I don't know how they did it all, but I'm so grateful that they have. So big shout out to our QA folks.

35:29
Colby Clegg: Yeah. Absolutely. Great, so that's wonderful. JJ, what has been your focus lately?

35:43
JJ Coffman: Yeah, so basically one of the big things that I've been trying to focus on lately is identifying ways to improve the experience within our launchers and our mobile apps, especially in organizations with projects spanning many gateways and even more client devices, the launchers specifically really have evolved so much since their inception. You can see the list of things that have, features that have been added, and a lot of those are really helpful in managing applications, even certificates and helping with installs, and more. So while the launchers provide a really great way to customize and tune your launching experience, sometimes you just want them to get out of the way. So part of what we're doing for 8.3 is adding support for deep link launching for designers, Vision clients, and Perspective sessions in Workstation. So what this means is after installing the required launcher, if you visit the gateway web page, you can do a single click on the gateway and it will instantly launch those projects and designers locally. This also includes some improvements for single argument command line launches and truly portable desktop shortcuts, and it's a really great convenience feature for everyone, but especially large deployments with many different projects and gateways and integrators visiting different sites, being able to quickly launch designers to get in there and make changes, so it's really exciting.

37:05
Colby Clegg: That's great, it gets us back to some of that magic of Java web start-up, all of the security issues. Alright, okay, so Paul, I think a few people have microphones in hand and I'm gonna steal their question from them. When are we gonna get Python 3?

37:32
Paul Griffith: Nice softball. Thank you, Colby.

37:36
Colby Clegg: Yeah.

37:36
Paul Griffith: So the short answer is not in 8.3. The much longer answer is, there's two things that people are really asking for when they ask for Python 3. They want Python libraries from Python 3, like NumPy or Pandas or TensorFlow. And even if Jython 3 existed and was available and we put it in the software tomorrow, you wouldn't be able to use those libraries because they have C dependencies, so they're fundamentally incompatible. And the other reason people ask for Python 3 is that they are worried about the security, they hear Python 2.7 is deprecated and old and obsolete and dangerous, but it's really important to highlight that our implementation is Jython 2.7.

38:15
Paul Griffith: The language specification is the same, but Jython is still actively being maintained, there's still security releases being issued, and we've already taken ownership and pulled that library in, and we're building it internally, applying our own security patches on top of it, so it's not this glaring hole that people are worried about with the CPython, it's our own version of Jython that's compatible with 2.7. All that said, there are very legitimate reasons to be asking for Python 3 compatibility or some other scripting opportunities and we're not unaware of those and we're keeping a very close eye on a few different solutions that are out there. There's just nothing at this point that offers us the stability guarantees, the longevity guarantees, that we're looking for so that we can make the huge decision to pick some new solution that you will all have to then take advantage of. It's not an easy task to switch from Python 2 to Python 3 at the best of times, so we want to make that as good of a decision as possible when it's easy to make for all of you.

39:31
Colby Clegg: Let's all give Paul a hand for answering that question so I didn't have to.

39:32
Paul Griffith: The only reason I'm on the stage. I know.

39:41
Colby Clegg: Okay, so now let's open it up. Go ahead raise your hand and we have people that can run around, I hope.

39:49
Audience Member 1: I'm not sure who to direct the question to but if you're currently running 8.1 when 8.3 comes out what are some of the major considerations that you need to take into consideration? Are there any gotchas, things that would break if you don't take considerations or preparations before upgrading from 8.1 to 8.3.

40:14
Paul Griffith: It's still a bit early obviously but traditionally we've always tried to make that process as seamless and easy as possible. We try to write our installers to handle as much of the logic as we can. We have an upgrader that assists with that. That being said, there was some changes for example from 7.9 to 8.0 and so we introduced an upgrade guide which gave some guidance and so I think if there's anything that we would consider a glaring thing that would need to be addressed for upgrades the best answer at this point is an upgrade guide that would exist outside of our installer flow. So I hope that answers.

40:52
Colby Clegg: Yeah I mean some things that come to mind it will be backwards compatible right? There will be an upgrade path but there's a lot of conversion of objects going from the internal database to outward, for example. There are subsystems like store and forward that are going to have improvements that will be upgraded. So the upgraded guide would cover things like making sure your store and forward pipelines are cleared out probably for the best solution. Not necessary, but things like that. So any other ideas that come to mind? Of course third-party modules making sure that they've been updated.

41:27
Carl Gould: Yeah that's the biggest one. The biggest one is modules. There isn't anything right now that we are planning on requiring manual steps to upgrade. The upgrade should be really smooth unless you have a custom-written module that you haven't updated because then you'll have to change the code of that module so it's compatible with those new APIs.

41:46
Colby Clegg: Okay.

41:53
Audience Member 2: So to follow onto that question I guess a little less elegantly, is it going to be as bad as 7.9 to 8.0?

41:56
Carl Gould: No.

42:00
Colby Clegg: No because I'm not involved. No it's going to be great. Just kidding.

42:07
Audience Member 3: Hi this is Andrew Mahoney from Precision Warehouse Design. I have a really quick question about the native drawing tool inside of Perspective. Whenever you guys showed it off, it looks like you were editing one of the premade SVGs. I think it was like a pump. Just to confirm, could it work with a custom-imported SVG? Like say if you wanted to make something homemade for a specific HMI would you still have full access to all those tools or is it just stuff that's native within Ignition?

42:42
Carl Gould: So you just gave me two options. It was the first one. Yes, it's fully compatible with SVGs taken from external sources. Absolutely.

42:54
Audience Member 3: Awesome, thank you.

42:57
Audience Member 4: Back to the upgrade question, particularly about historian. So when we upgrade to 8.3, the new historian technology you guys are working on, is that going to be backwards compatible with historical data from prior?

43:10
Colby Clegg: It'll be. So it is really two different engines right? So it is backwards compatible in the sense that your current SQL historian will still, I mean SQL historians will still be the primary or a main type of historian so that'll be compatible to new API. And then the other options are just like the other options you have today like the local historian you have today and so on. So you won't have to convert any of your existing data over that will continue to work.

43:31
Audience Member 5: Hello. The new map feature in Perspective, will that require Internet access?

43:39
Carl Gould: Yeah you've got to load those tiles. I'm thinking about I'm not trying to be coy, I'm thinking about it. Yes I think it does require Internet access because you have to load the map tiles from Google. You also need an API key. So Google Maps is not a free system, so you need to actually have an API key for Google Maps that you then put into that component. Otherwise Google Maps will kick you off after a certain number of requests.

44:15
Audience Member 6: Hey, with all the awesome changes to Ignition Edge licensing do you guys have any plans to retroactively update licenses that might not have things that are included now?

44:23
Colby Clegg: Yes licenses with upgrade protection will get unlimited data and all the functionality, but we're not adding IIoT to Panel through that mechanism. There will be an upgrade price for that.


44:42
Audience Member 6: So containers, especially those in Kubernetes, they're usually pretty ephemeral like created, destroyed, moved. So are you guys working on a license pool so they spin up and can check out a license and check it back in when it's destroyed type of thing?


44:54
Carl Gould: You want to take that. You want to take it. This is easy.

45:00
Colby Clegg: Come on. Come on guys. Be bold.

45:01
Kathy Applebaum: The short answer is yes. We have a lot of things that we're working on with the licensing right now. I actually have a whole team that is revamping the backend of licensing in order to support a lot of these features. We understand that for containers and for the cloud you don't want a permanent license you want to license for the next two hours kind of thing.

45:22
Audience Member 7: Inside the gateway, you guys had showed the status and the config combined. Are we going to now see some granularity on security rights getting into different portions of that? What will that look like?

45:39
Carl Gould: An astute question. We were just having a conversation about that last week and I think the answer is probably not for 8.3.0, but it is a topic of active discussion and I would be happy to have a deeper conversation about that but I can't even see you. So this makes the conversation weird. But come find me because that's an interesting topic.

46:09
Kathy Applebaum: Yeah it's always a trade off because we understand that you want security but we need to make it simple too. The more granularity you have sometimes the more complicated it gets.


46:17
Audience Member 8: Python 3.0, what's the... Just kidding. The new historian that you referred to, will there be potentially a reduced cost to storage with that design or is there any thoughts on that that you can share in terms of say cloud installs and data storage costs?

46:40
Colby Clegg: Well I think the first goal by focusing so much on the API is to actually get to a place where we have a plurality of very well supported technologies and there's so many great cloud technologies out there right now that offer lots of different options. Okay, I won't name names because I might get in trouble but you've seen a lot of them this week. In terms of the solutions we provide, cost of storage... I know you're talking about the ingest and whatnot on the cloud but I'll just say that one cost of storage is how much data there is and so by offering dramatically better compression and storage ratios that brings that down. The raw, people think that disc space is free, but it's not free when it becomes so big it's unmanageable. There's human cost and whatnot. So there are improvements there too but I hope that covers most of the spectrum.

47:32
Audience Member 9: I have a question from the sky here. I don't know you can't see me but the question's about the scripting console. We saw a lot of efforts in 8.3 going about CICD and maintaining code pretty well. Is there any plans for the script console to be a little more beefed up?

\47:57
Paul Griffith: In terms of autocompletion or what are you asking for exactly?

48:00
Audience Member 9: More close to P&ID.

48:00
Paul Griffith: Yes. Probably not in the 8.3.0 timeline but continual improvement to the script editing is very high on my radar throughout the 8.3 branch and in some future release. Other things might be possible but I won't, I don't want to shoe horn in details.

48:15
Colby Clegg: Nobody wants to say the word "debugging"?


48:24
Colby Clegg: Is that what's going on? Yeah.

48:25
Audience Member 9: Thank you.

48:26
Colby Clegg: Let's go. Okay.

48:27
Audience Member 10: Multiple inheritance in the project's hierarchy. Is that any hope for that in the near future?

48:37
Carl Gould: In the near future?

48:38
Audience Member 10: I consider a year away to be near future.

48:41
Carl Gould: Okay. It is not currently the plan. Did you think you were going to get a different answer just because I'm on stage or...

49:03
Audience Member 10: I was expecting some waffle about some future release that might have it.

49:06
Carl Gould: I didn't hear the last bit you said, what was that?

49:10
Audience Member 10: I was expecting some waffling about some future release that might have it.

49:17
Carl Gould: I thought you were trying to set me up for my traditional "No."

49:17
Colby Clegg: To which I say... No, I think what's interesting though when you get multiple inheritance but I think what the new system will offer is some more flexibility in terms of how resources are organized and shared and then overridden and configured by organizations, right?

49:35
Carl Gould: That's true.

49:35
Colby Clegg: You can have roots that come from an immutable source like source control and then the plant level can have its own additional resources right? Eventually.

49:46
Carl Gould: Yeah that's right. Paul and I were just talking about that yesterday. You want to tell him about that?

49:49
Paul Griffith: Yeah. We're very much actively debating exactly how 8.3's config storage is going to work. But in both config and for regular projects we're talking about implementing module-based projects. So a module can deliver a project or a chunk of config to the rest of the system and that'll be sort of a solution to the OEM lock question that we also get pretty often and also solve some other problems with immutable config and sharing. As an integrator if you want to share a package that's reused across a bunch of different systems and you know that they're at a certain version that they can't mess with it on their own time that's some advantages you might get from that.

50:40
Audience Member 11: Okay. This is kind of a two-parter so apologies for the long story here but in the Mongo DB presentation yesterday they mentioned that that whole API is all limited to the gateway scope. Obviously the script console is an important dev tool for us. One, will other kind of code that's getting rolled out in the future also be limited to the gateway scope and are there other tools that will help us test that in the same way that we use the script console today?

50:52
Paul Griffith: So by and large, yes, we're implementing most functionality gateway first. That may relax a little bit as we come up with a new replacement for Java serialization for gateway to designer communications. But for the most part stuff is gateway first. We do have plans to implement sort of a gateway-scoped script console. So an alternative not just blindly executing what you put in the script console on the gateway but specifically you can go in and say "I want this script to be executed on the gateway, tell me what the results are," which hopefully tightens up that cycle a little bit of figuring out what's going on, experimenting.

51:46
Audience Member 12: What's your roadmap look like for the next drivers and could you share what those are and timing?

51:55
Kathy Applebaum: I looked at cloud connectors and I did not look at drivers.

52:04
Carl Gould: So we mentioned two here right? That are coming soon. The Micro 800 Driver and the...

52:07
Colby Clegg: DNP3 I think...

52:08
Kathy Applebaum: DNP3.

52:08
Carl Gould: The new DNP3 Driver. We are also looking at doing a Siemens S7 Plus Protocol Driver, for symbolic addressing of Siemens. But beyond that it's a little bit hazy. I know there's some very enthusiastic people about that here on the Siemens S7 Plus protocol. But beyond that it's a bit hazy and we are open to suggestions.

52:42
Kathy Applebaum: The good news is we do have more developers working on drivers now, so the future's wide open on that.

52:48
Colby Clegg: I'm going to throw a question to Jason real quick. Since we have so many people here from all sorts of parts of the organization but mostly on the plant floor, I was just curious if you have any suggestions for them, simple steps that they could take to help maybe interface with their company from a security point of view just step up their security game a little bit?

53:07
Jason Waits: Well step one always follow the Ignition hardening guideline. Otherwise just trying to stay on top of updates and just being cognizant of the stuff. What we're seeing right now is everyone is digitizing all the stuff and connecting IT/OT and these air gap networks are slowly evaporating. And so we're seeing stuff being increasingly connected to take advantage of all sorts of cool integrations but from a security risk now there's kind of like these things that were isolated are now connected. So just talking with IT and looking at those connections and making sure they're as secure lockdown as possible it's probably number one.

53:24
Colby Clegg: Great. Yeah.

53:48
Audience Member 13: Hey there, so I got two questions. So first super excited for the Tag Reference Tracker, but I was curious if you've got a tag that might execute every month through six months is the subscription going to be persistent and would that be detected from the tracker?

54:07
Paul Griffith: There wouldn't be a subscription because it's only being read every month or whatever but there will be a persistent log as well. So it's not just actively used tags but also every read to a tag, if you enable the system, is also logged. So you can look at a particular tag and say, "Oh it was read by this script six months ago, three months ago," whatever it was.

54:32
Audience Member 13: And then what about tag event scripts? Is that going to be included in everything?

54:44
Paul Griffith: Everything outside of rights that originate from Vision we can't disambiguate it's just it comes from Vision but everywhere else across the platform is disambiguated by module and by source. So a tag event script is different from a reporting schedule is different from a Perspective view and they all show up differently in the reference log.

55:01
Audience Member 13: Even if you're using user library in Python to write to a tag?

55:08
Paul Griffith: Yes, you will know the source of the event.

55:12
Audience Member 13: Awesome. And then unrelated question, is alarm notification pipelines becoming a subset of Event Stream?

55:14
Carl Gould: No, but that's an interesting idea.

55:15
Colby Clegg: It would be a handler, right? It would definitely be one of the handlers, right?

55:21
Carl Gould: Yeah. So certainly the alarming system will be present in Event Streams as possibly both sources and handlers. So I don't think that the alarm notification pipeline system as it is today is going to just magically morph into Event Streams because I think that would be a backwards compatibility nonstarter but it may be that when Event Streams is available it ends up being an alternative mechanism to handle alarm notification if that makes sense.

55:42
Audience Member 13: Yes. Thank you.

55:53
Audience Member 14: Hey guys question up here in the heavens. Back on security, from the IT side one of the growing ways to lock down security is a YubiKey-style smart key authentication. Are you planning on offering YubiKey-style smart card authentication mechanisms?

56:17
JJ Coffman: I would say yes. There's talks about it. We are aware of it. Joel [Specht] is the main guy heading that up and he's making some efforts on that. So we're aware we know about it. We know that that's a request. So I don't have a lot of details that I...

56:43
Paul Griffith: It should be possible today to use an external IdP that uses OTP.

56:45
JJ Coffman: I'm talking internal IdP... External... Yeah external right, right.

56:53
Audience Member 14: Yeah. One of the problems we found is, if we tried to do an external authentication like that then it locks out all local authentications. It had to be one or the other and couldn't do a failover to a local authentication if external authentication failed.

57:09
Carl Gould: Yeah, because that would be a big security hole. If you decided that the local security was lesser than the external IdP you would just unplug the network cable, log in and off to the races. So, trying to make things secure sometimes also makes them less convenient it turns out.

57:34
Colby Clegg: Indeed.

57:37
Audience Member 15: Question on the store and forward. Right now, correct me if I'm wrong, it's seven days or a million records but once that level is reached the door is closed and all the data wanting to get in the door isn't permitted, is there a way to make it first-in, first-out with that maximum storage quantity after the seven days or after the one million?

58:16
Colby Clegg: Oh you're talking about the local historian on Edge?

58:16
Audience Member 15: Yes.

58:16
Colby Clegg: Okay. That could be possible. That could be a feature request. It's not how it's currently written, of course, but yeah that would be a valid feature request.

58:28
Audience Member 15: Okay.

58:28
Carl Gould: To make it like a rolling window.

58:28
Audience Member 15: Yes.

58:28
Carl Gould: Yeah, I think that's a good idea.

58:33
Audience Member 15: Yeah so configurable. But.

58:33
Colby Clegg: Yeah no I was just sitting here and trying to think... Trying to remember back to how the data was organized and it would definitely be possible.

58:46
Audience Member 15: Okay. Yeah. Thank you.

58:48
Audience Member 16: This is Jim from Artek. Piggybacking on historian, the graph that you had that was very definitive of the performance improvements, will there be an avenue to bring past historian data into the new time series history to utilize the performance improvements?

59:09
Carl Gould: It's similar to an earlier question isn't it?

59:22
Colby Clegg: Yeah. I think what comes to mind is a feature that we want to get to that won't be in 8.3.0. I don't have a timeline for it but well it was in the original scope so hopefully at some point we'll get to it real soon, which is one of the features we want the system to support overall is the ability to synchronize data in an abstract way between different data sources. And so, it's not in our minds to think okay we're going to have a conversion tool or whatnot right now, but when we have that synchronization and we have it fairly well defined and designed you would be able to of course synchronize to your new source. And then once that's done maybe just get rid of the old one, right? So alright so unfortunately I haven't been a very good clock watcher and we are out of time. So thank you so much for joining us this morning. Please give a big round of applause to our panel.

Posted on January 2, 2024