✨ Our Features¶

Platform capabilities for operating industrial software at scale¶

This section describes what FLECS enables in practice.

It does not repeat why FLECS exists or what problem it solves – that is covered in What We Do. Instead, this page focuses on the concrete platform capabilities that make the shared software layer operational.

🧩 Two-layer architecture¶

FLECS is built around a clear separation of two layers:

Layer 1 – FLECS Core (on the device) Runs directly on every Linux-based industrial device. 100% on-premise, offline-capable, no cloud dependency. This is the standardized runtime and lifecycle environment for all industrial software.

Layer 2 – Connected Services (server-side) The platform layer for fleet management, app distribution, licensing, and business tooling. Can be operated as a managed tenant, as a dedicated instance hosted by FLECS, or fully self-hosted on your own infrastructure.

Together, these two layers form the shared software layer for industrial automation.

🐧 Linux-first by design¶

FLECS is built specifically for Linux-based industrial systems.

Across industrial automation, Linux has become the de-facto foundation for modern PLCs, IPCs, and edge devices. FLECS builds on this reality and provides the missing operational software layer on top.

This means:

• no proprietary operating systems
• no vendor-specific runtime silos
• no forced hardware dependencies

FLECS runs wherever Linux runs, from resource-constrained controllers to powerful edge servers and cloud environments.

🛠 Layer 1: FLECS Core – On the device¶

At the heart of every FLECS setup is FLECS Core.

FLECS Core is a lightweight, open-source runtime that runs directly on Linux-based industrial devices such as PLCs, IPCs, and edge controllers.

Its role is to provide a standardized execution and lifecycle environment for industrial software.

FLECS Core is fully open source and publicly available.

🔗 View FLECS Core on Codeberg

Application Layer¶

Manages the full lifecycle of software running on the device: installing, starting, stopping, versioning, updating, and rolling back applications. Apps run containerized in isolated Docker containers by default. Non-Docker formats may also be supported depending on the deployment configuration.

Service Mesh¶

A shared data bus for all apps on the device, built on zenoh. Apps exchange data via publish/subscribe in real time without needing to know about each other. Every data point has a topic, timestamp, value, and format. Supports MQTT, OPC UA, HTTP, and WebSocket adapters.

Role-based Access Control (RBAC)¶

Granular permissions, multi-tenant support, audit logging, and integration with existing identity providers (LDAP, Active Directory, OpenID Connect).

Reverse Proxy¶

Automatic certificate handling and port routing for app UIs and editors running directly on the device. Apps become accessible via browser without manual network configuration.

WebApp¶

A browser-based interface running locally on the device. Manages apps, updates, network settings, and user roles – accessible locally or remotely. Fully whitelabelable for OEM and solution provider branding.

On-Premise App Store¶

Local app installation with over-the-air (OTA) updates or offline deployment. No internet dependency required for device operation. Devices continue to function independently of cloud connectivity.

🔄 Software lifecycle & update management¶

Industrial software lives for years, often decades.

FLECS provides built-in lifecycle management to ensure software remains:

• maintainable
• updatable
• auditable
• secure

Key lifecycle capabilities include:

• controlled rollout of software versions
• over-the-air (OTA) and on-prem update mechanisms
• version tracking and changelog visibility
• backup and rollback strategies
• staged deployments across device groups

This allows updates to become a repeatable operational process, rather than a project-specific risk.

☁️ Layer 2: Connected Services – Platform management¶

Connected Services is the server-side layer that connects, manages, and distributes software across all FLECS-enabled devices.

App Management & App Catalog¶

App Management is the central control plane for the entire software lifecycle – from development to deployment.

FLECS provides built-in tooling to manage apps as versioned, auditable software artifacts:

• CI/CD pipeline integration: Automate build, test, and release workflows directly connected to FLECS. New versions are validated and published through a defined pipeline, not manually.
• Automated testing: Each app version passes through configurable test stages before it becomes available in the catalog. Reduces regression risk in industrial deployments.
• Version control: Every app has a full version history. Vendors control which versions are active, deprecated, or withdrawn. Customers see only what is released for them.
• Software lifecycle management: From initial publishing to end-of-life – FLECS tracks the state of every app version across the entire distribution chain.
• App Catalog: The curated, version-controlled inventory of all available apps. Catalogs can be scoped per customer, machine type, or industry. What is in the catalog determines what can be deployed – on one device or across a fleet. Catalogs can draw from the FLECS ecosystem of 50+ ready-to-use standard industrial apps – covering connectivity, remote access, visualization, data collection, and security – and combine them with proprietary software into a tailored offering.

Fleet Management & Device Onboarding¶

• Centralized overview of all devices: status, version, connectivity
• Token- or QR-based device onboarding (may be available depending on deployment setup)
• Device grouping by role, location, or machine type
• Staged rollouts and mass update deployments
• Device Onboarding Service (D-O-S): zero-touch provisioning – devices configure themselves on first startup, no manual setup at the customer site

Marketplace as a Service¶

Standardized operation enables standardized distribution.

FLECS provides Marketplace as a Service as an optional, but tightly integrated capability.

This allows companies to operate:

• fully branded marketplaces under their own identity
• curated app catalogs for specific machines or industries
• public, private, or mixed distribution models

The FLECS ecosystem includes 50+ ready-to-use standard industrial apps, covering areas such as:

• connectivity and protocol integration
• remote access and service tools
• visualization and HMIs
• data collection, monitoring, and analytics
• security and infrastructure services

These standard apps can be selected and curated per role or machine type, combined with proprietary software, and deployed through the same lifecycle mechanisms.

Business & Monetization¶

• App Store: Customers browse, purchase, and license apps directly. Supports subscription models, one-time purchases, and usage-based pricing.
• Vendor Dashboard: Sales data, app analytics, and marketing controls for software vendors.
• Identity Provider: Unified identity and user management across all services. Integrates with existing providers (LDAP, Active Directory, OpenID Connect) – not tied to FLECS accounts.

Deployment flexibility¶

Connected Services can be operated in three ways:

• Managed Tenant – shared infrastructure, isolated tenant, hosted by FLECS
• Dedicated Instance – isolated instance, hosted by FLECS
• Self-Hosted – full platform on your own servers (Enterprise Edition)

FLECS Core on the device remains fully on-premise regardless of which option is chosen.

📄 See Hosting & Deployment Options

🏷 Whitelabeling & ownership control¶

FLECS is designed to respect existing business relationships.

Whitelabeling capabilities allow you to:

• brand the device UI and web interface
• operate marketplaces under your own domain
• control which software is visible and available
• define your own customer flows and responsibilities

FLECS remains technically present, but commercially invisible.

🛡 Security & compliance readiness¶

Security is not an add-on. It is a structural requirement for industrial software.

FLECS supports security and compliance by design, including:

• encrypted communication (TLS)
• container-based application isolation
• role-based access control (RBAC)
• audit logging and traceability
• structured update and vulnerability handling
• SBOM support and signed updates

This architecture supports compliance requirements such as the EU Cyber Resilience Act (CRA), without introducing separate security platforms.

🔁 Open standards: Margo¶

FLECS is compatible with the Margo interoperability standard for edge application management.

Margo is an open standard that defines how industrial edge applications are packaged, deployed, and managed across heterogeneous environments.

FLECS support for Margo means:

• no proprietary ecosystem lock-in
• interoperability with other Margo-compatible platforms and tools
• strategic flexibility for companies evaluating multiple ecosystem options

🧑‍💻 Developer & integration interfaces¶

FLECS integrates into existing IT and OT landscapes.

To enable this, the platform provides:

• REST APIs for automation and integration
• CLI tools for scripting and CI/CD workflows
• standardized app manifests and packaging formats
• open interfaces for ERP, CRM, and device management systems

This ensures FLECS can be embedded into existing processes, rather than forcing new ones.

🎯 In summary¶

FLECS features are organized across two layers:

• FLECS Core provides the on-device runtime: standardized execution, lifecycle management, service mesh, security, and local management.
• Connected Services provides the platform layer: app management and catalog, fleet management, app distribution, licensing, and business tooling – deployable as managed, dedicated, or self-hosted.

Together, they form a shared software layer that allows industrial software to be operated consistently, updated safely, distributed scalably, and owned by the right role.

If you want to understand why this matters, see What We Do.

If you want to see how to apply these features, continue with First Steps or the role-specific guides.