The Swiss Federal Railway (SBB) plans to invest close to US$1 billion annually in new and modernized trains. To support intelligent service devices across more than 100,000 on-board systems, SBB centralized and automated device management and development platform using Red Hat Ansible Automation and Red Hat Enterprise Linux, supported by Red Hat Satellite. With this solution, SBB has reduced device configuration times by 90%, improved the security of its data and network, and given developers access to data that will inform new, innovative services for railway passengers.
- Reduced device configuration times cut by more than 90%, from 5 days to 3 hours
- Enhanced security for critical national transportation infrastructure with role-based access controls
- Established comprehensive device access for easier service updates and innovation
Creating a modern, intelligent rail network
Swiss Federal Railways (SBB) is ranked among the world’s best railway operators, based on its high rate of use, service quality, and safety rating1. In the next few years, SBB plans to invest close to US$1 billion annually in new and modernized trains to create a smart, safe, and highly efficient rail network. For example, new trains will include intelligent features such as dynamic LED information displays, digital seat booking systems, CCTV safety monitoring, and WiFi access.
However, managing the devices supporting these features was difficult due to high volume and a lack of central control.
“Previously, we had to physically go onto every train to manually check, update, or fix each device,” said Sacha Berger, System Engineer at SBB. “There was no room for innovation because we had to painstakingly deal with each device and their individual suppliers.”
After connecting all of its trains to a corporate network through 4G LTE mobile routers, SBB sought to establish an IT infrastructure that could take advantage of this connection to centrally manage all of the intelligent devices across its rail network. In addition, a standardized Internet of Things (IoT) environment would simplify development and launch of new services across the network.
“We wanted to give our developers a platform on which they can roll out any type of new application, quickly and simply,” said Berger.
Centralizing a complex device environment
The rail network sought an open source management platform that was already tested and proven by the market and decided to work with Red Hat. “One of the decisive considerations was availability of long-term support,” said Berger. “Red Hat was one of the few vendors that could claim ten years of support for its operating system.”
The core of SBB’s updated device environment is Red Hat Enterprise Linux, an enterprise operating system that provides a stable, reliable foundation for scaling existing applications and adopting emerging technology. Running in this environment, Red Hat Ansible Automation helps SBB automate complex deployments and centrally control its IT infrastructure through a visual dashboard with features such as role-based access, scheduling, integrated notifications, and graphical inventory management. The rail operator used Ansible’s RESTful (Representational State Transfer) application programming interface (API) and command-line interface (CLI) to embed it into existing tools and processes.
“We compared Ansible and Puppet, and Ansible proved to be much easier to use to manage and write playbooks,” said Berger.
To manage this infrastructure, SBB uses Red Hat Satellite, a solution specifically designed to keep Red Hat Enterprise Linux environments and other Red Hat infrastructure running efficiently and in compliance with security and other standards.
With help from Red Hat Consulting, SBB’s new application environment was operational in just three weeks.
“We didn’t have much experience with Red Hat solutions, and our use case is rather special. Our servers are traveling at 250 kilometers per hour. Unlike in a normal datacenter that can identify a host system by its MAC address, we have to use an IP address to connect to our devices across constantly changing distances,” said Berger. “The work of Red Hat consultants in figuring how to use Red Hat Satellite over high-latency networks was invaluable. There is no way we’d have had everything online and operational in that short time frame on our own.”
SBB has now connected more than 100,000 devices on board 40 trains, with plans to connect up to 300 trains by early 2020. “This network will bring results like greater productivity for our IT team, fewer bugs, and less dependency on multiple suppliers,” said Berger.
Speeding configuration and security updates with automation
Reduced configuration times by more than 90%
By automating its complex, manual device configuration process using Red Hat Ansible Automation Platform, SBB has reduced the configuration time for each train from five days to three hours or less — sometimes as fast as 40 minutes.
“Once Red Hat Satellite is reachable, we just power up the computer, wait three hours, and it’s all done,” said Berger. “We don’t have to do anything manually. Deploying the trains’ onboard systems is totally automated.”
As a result of these improvements, SBB can now deploy component hardware to trains without needing specialized, proprietary software from the same hardware vendor. These changes have already helped the company save time for staff to focus on more valuable service innovation. Additionally, the rail operator anticipates long-term reductions in its procurement costs and supplier dependency.
Improved IoT device and data security
Compared to its previous, manual approach to device installation and management, SBB’s automated approach with Red Hat Ansible Automation Platform is more secure and reliable. Central device management eliminates the need for individual technicians to physically plug in USB drives to multiple trains. Updates are managed by vehicle type, avoiding any fleet-wide service impact, and can even be done while a train is in motion.
“With the old system, updating an application required selecting each recall separately and choosing which vehicles to apply this software update on,” said Berger. “Now, we can test updates, and roll them out into production with Red Hat Ansible Automation Platform.”
Security controls are built into Red Hat’s software to protect sensitive data with role-based access. For example, Ansible centralized all access credentials to store SSH (Secure Shell) keys or passwords without exposing them to dozens of users across the railway operator. As a result, SBB can better protect critical national transportation infrastructure from malicious threats or errors.
“With Red Hat Enterprise Linux on the trains themselves, a corporate ID is now required to log into the system, then the rail host on the vehicle connects via LDAP [Lightweight Directory Access Protocol] to our Active Directory server. We can verify if a user is active, valid, and in the right groups to access the system,” said Berger.
Support for continued rail service innovation
With a typical lifespan of 40 years for new trains, SBB can use its Red Hat-based platform to continuously upgrade service features and stay up-to-date with the latest technology capabilities. For example, IT teams can use CCTV or seat booking system data to improve predictive maintenance, resulting in higher passenger satisfaction.
“The system we’ve built with Red Hat is a huge opportunity to deploy new applications and test ideas much faster. Our developers now have access to any of our on-board devices and a huge amount of operational and passenger behavioral data to work with,” said Berger.
Adding more connected devices to improve railway services
SBB is eager to share the insights from using its new approach and the data collected with other national rail operators. “This is not a closed system. We want to spread good ideas with other operators and open ourselves up to new ideas,” said Berger.
The rail operator is planning a dramatic increase in the number of devices, sensors, and data points on board its trains to solve new IoT challenges and continue improving its services.
“Once we move to IPv6, the latest version of the communications protocol, we will have every device integrated into our corporate network,” said Berger. “The possibilities are limitless because we can easily manage all of these connections and continue supporting all of our devices with Red Hat Ansible Automation.”
About Swiss Federal Railways
Swiss Federal Railways (SBB) is the foundation of the Swiss public transport system. The company transports over 1.25 million passengers and 205,000 tons every day. It has 32,300 employees and annual revenues in excess of US$9 billion. www.sbb.ch