Cloud Data Centering -MQTT to Cloud Weintek Webinar Cloud Data Centering -MQTT to Cloud

MQTT to Cloud MQTT Standard MQTT IoT Hub Connectivity Sending MQTT to.. Microsoft Azure IoT IBM Watson IoT AWS IoT 3. AWS IoT Device Shadow

MQTT Lightweight, Publish/Subscribe protocol Message exchange based on topics Message content format is arbitrary (JSON…etc) De facto IoT standard Subscribe Topic Update Temp. Subscriber Update Temp. Publisher MQTT Server HMI MQTT server Self-hosted server Cloud server Subscriber

MQTT Internet of Things with Cloud service providers MQTT Device IoT Hub Device

IoT Hub What’s IoT Hub? Definition varies slightly from one to another, but IoT Hub is a managed cloud platform Let connected devices easily interact with cloud applications and other devices. Supports a very large scale, billions of devices and trillions of messages Supports routing functionality to control where data go All done with industry-standard security measure The primary task is to efficiently get data up into the IoT Hub; once there, user may utilize functions provided by each IoT platform to make use of data to its fullest: storage, analysis, AI computation…etc IoT Hub are usually not full-featured MQTT Broker, but instead support receiving data by MQTT (or variation)

IoT Hub HMI generally works as a device (or equivalent name for that platform), and we can accomplish with MQTT IoT Hub MQTT A DEVICE

MQTT to Cloud MQTT Standard MQTT IoT Hub Connectivity Sending MQTT to.. Microsoft Azure IoT IBM Watson IoT AWS IoT 3.AWS IoT Device Shadow

Azure IoT Hub In Azure, Create an IoT hub and a device https://portal.azure.com

Azure IoT Hub Device Explorer Helper utility that interfaces with Azure IoT Hub, to manage devices on Azure. You will need the connection string, found in [SETTINGS]>[Shared access policies]. iothubowner should have full access. Copy its Connection string-primary key to use it in the Device Explorer. You can manage devices, monitor messages received from device , and send messages to device. (from the perspective of the IoT hub) https://github.com/Azure/azure-iot-sdk-csharp/tree/master/tools/DeviceExplorer

Azure IoT Hub https://github.com/Azure/azure-iot-sdk-csharp/tree/master/tools/DeviceExplorer

HMI to Azure Azure MQTT capability that can be utilized Azure IoT Hub enables devices to communicate with the IoT Hub device endpoints using: MQTT v3.1.1 on port 8883 A device can use the MQTT protocol to connect to an IoT hub using: either the libraries in the Azure IoT SDKs.(in Java, Node.js, C, C#, Python), or the MQTT protocol directly. HMI will use the MQTT protocol directly https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-mqtt-support

HMI to Azure – making the connection Server Setting Cloud service Normal Protocol MQTT v3.1.1 Customized length Enabled Domain name {iothubhostname}.azure-devices.net Port 8883 Client ID {deviceId} Username {iothubhostname}/{device_id} Password ‘SAS’ – more on this later in TLS/SSL System Topic ALL Disabled {iothubhostname}: Name of your IoT hub {device_id}: Device ID of your device in IoT hub https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-mqtt-support

Azure IoT Hub SAS Token from Device Explorer SAS token is the part AFTER “SharedAccess Signature=” til the end Caution: mind the extra space at the end. DO NOT include it.

Azure IoT Hub Microsoft Azure IoT Publishing Topic After making a successful connection, a device can send messages to IoT Hub “as events” using the following as a Topic Name. devices/{device_id}/messages/events/ devices/{device_id}/messages/events/{property_bag} Azure IoT hub’s web interface does not provide message/telemetry viewing at this moment….related tasks are more easily verified by one’s application or with Device Explorer Under [Data] tab, you can monitor event messages received for a device device event Device to Cloud

Azure IoT Hub Receiving Messages in Device Explorer

Azure IoT Hub Microsoft Azure IoT Subscribing Topic After making a successful connection, a device can receive messages from IoT Hub using the following as a Topic Name. devices/p1/messages/devicebound/+ You can send message in Azure IoT hub’s web interface or with Device Explorer. Of course, you can also do so with an app using SDK in one of the available languages. Under [Message to Device] tab, you can send messages to a device device Cloud to Device

Azure IoT Hub Sending compatible JSON data to device so that HMI can get it

MQTT to Cloud MQTT Standard MQTT IoT Hub Connectivity Sending MQTT to.. Microsoft Azure IoT IBM Watson IoT AWS IoT 3.AWS IoT Device Shadow

Watson IoT Get an account for IBM Watson IoT Platform(formerly Bluemix) Define a device type, and then add a Device Use token auth, keep note of the Authentication Token, whether auto-generated or self-provided (copy and save it somewhere. Or once it’s gone, it’s gone!) https://internetofthings.ibmcloud.com/

HMI to Watson IoT – making the connection Server Setting –IBM Bluemix Watson IoT Hub Cloud service Normal Protocol MQTT v3.1.1 Customized length Not necessary Domain name {orgId}.messaging.internetofthings.ibmcloud.com Port 8883 Client ID d:{orgId}:{DeviceType}:{DeviceId} Username use-token-auth Password “Authentication Token” - when registering the device TLS/SSL Enabled System Topic ALL Disabled {orgId}: Organization Id of registration {DeviceType}: Device Type {DeviceId}: Device Id Connecting as device https://console.bluemix.net/docs/services/IoT/devices/mqtt.html#mqtt

Watson IoT

Watson IoT Watson IoT publish Publishing Topic After making a successful connection, a device can send messages “as events” to IoT Hub using Topic Name. iot-2/evt/{evtId}/fmt/json where {evtId} is the event Id; any valid string is fine fmt/json indicates that our message is in JSON format QoS 0,1,2 Device data will publish to cloud as an event, identified by event Id. and it should appear as such

Watson IoT - Bonus IBM has a rather easy-to-configure board for viewing data

Watson IBM - Bonus HMI as a device can receive message as a “command”. How? Similarly, the topic is iot-2/cmd/{cmdId}/fmt/json However, command are only issued by an “application”. An application uses API key to access Watson IoT platform. Deep integration with Node-Red , the IoT Development Tool by IBM In Node-RED, there are IBM IoT nodes, for access to IoT platform as “device” or “application”. In contrast, connected HMI by MQTT is a device (instead of an application).

Watson IBM - Bonus Node-RED example #1 Device(HMI) to cloud, as an event and then Cloud to device (HMI), as a command Just changing object name device2cloud(d2c)cloud2device(c2d) ibmiot input node Input node that can be used with Watson IoT Platform to receive events sent from devices, receive commands sent to devices, or receive status updates concerning devices or applications. ibmiot output node Output node that can be used with Watson IoT Platform to send a commands to a device or send an event on behalf of a device Tip: get API key on the web

Watson IBM - Bonus Node-RED example #2 Cloud to device(HMI) Cloud data is from arbitrary source(human input from the dashboard in Node-RED in this example) Constructing the json data document send a commands to a device Dashboard : Control elements

MQTT to Cloud MQTT Standard MQTT IoT Hub Connectivity Sending MQTT to.. Microsoft Azure IoT IBM Watson IoT AWS IoT 3.AWS IoT Device Shadow

AWS IoT Get an account for AWS IoT Core

AWS IoT AWS IoT Core as MQTT Message Broker Avoid topics beginning with $, which are reserved for specific functions Most functions should be what one expects from an MQTT server No QoS2 Subscribe Topic Update Temp. Subscriber Update Temp. Publisher MQTT Server Subscriber

HMI to AWS IoT– making the connection MQTT Server Setting –AWS IoT Cloud service Normal Protocol MQTT v3.1.1 Customized length Not necessary Domain name Endpoint (found in [Settings]>>[Custom endpoint]) Port 8883 Client ID Any; as long as not duplicated System Topic ALL DISABLED TLS/SSL Enabled Server verification Import Root CA Certificate Client verification Certificate: import client certificate (xxxcert#xxx-certificate.pen.crt) Private key: import private key (xxxcert#xxx-private.pem.key) Usename? Password?

AWS IoT - Security AWS IoT security requires the use of X.509 authentication Certificate – for authentication A certificate identifies the connected device/application Policy – for authorization Policy allow/deny certain functions for particular certificate holder

AWS IoT -Authentication Certificate – let AWS IoT generate one for you [Secure] –> [Certificates] –>[Create] https://docs.aws.amazon.com/iot/latest/developerguide/create-device-certificate.html

AWS IoT -Authentication Certificate – let AWS IoT generate one for you Download and save the certificate, public key, private key, and AWS IoT root CA https://docs.aws.amazon.com/iot/latest/developerguide/create-device-certificate.html

AWS IoT -Authorization Policy – create one [Secure]->[Policies]->[Create] Allow all iot operations for simplicity https://docs.aws.amazon.com/iot/latest/developerguide/authorization.html

AWS IoT- AA Attach certificate& policy to authenticate and authorize a user’s action In [Secure] -> [Certificates] In each certificate -> [Attach policy]

HMI to AWS IoT– making the connection MQTT Server Setting –AWS IoT Cloud service Normal Protocol MQTT v3.1.1 Customized length Not necessary Domain name Endpoint (found in [Settings]>>[Custom endpoint]) Port 8883 Client ID Any; as long as not duplicated System Topic ALL DISABLED TLS/SSL Enabled Server verification Import Root CA Certificate Client verification Certificate: import client certificate (xxxcert#xxx-certificate.pen.crt) Private key: import private key (xxxcert#xxx-private.pem.key)

HMI to AWS IoT– as message broker AWS IoT functions as a standard message broker. Publish to any valid topic (with the exception of the reserved), Subscribers to that topic will receive message immediately Eg. iot/aws/data publish Subscribe Eg. another HMI, Mqttfx (PC), application

HMI to AWS IoT– as message broker AWS IoT does have a convenient web interface to test out MQTT message broker

MQTT to Cloud MQTT Standard MQTT IoT Hub Connectivity Sending MQTT to.. Microsoft Azure IoT IBM Watson IoT AWS IoT 3.AWS IoT Device Shadow

AWS IoT Thing Devices connected to AWS IoT are “Thing” Create one to be the virtual representation of the actual device Suitable for device parameters/states that could use telemetry

AWS IoT Thing Devices connected to AWS IoT are “Thing” [Manage]->[Things]->[Create]

AWS IoT Shadow A device's shadow is a JSON document that is used to store and retrieve current state information for a device. shadow

AWS IoT Shadow Document

AWS IoT Shadow - reported reported state “The reported state of the thing. Things write to this portion of the document to report their new state. Applications read this portion of the document to determine the state of a thing.” “Reported” APP T= 23 degrees Thing: Thermometer Application. (Eg. Monitor Station) Thing  “Reported”: T= 23 degrees

AWS IoT Shadow - desired desired state “The desired state of the thing. Applications can write to this portion of the document to update the state of a thing without having to directly connect to a thing. “ “desired” APP Light OFF Thing: Light Application (Eg. Monitor Station) Thing  “desired”: Light OFF

AWS IoT Shadow Shadow desired/reported behaviour, achieving remote MONITOR and CONTROL through the IoT Platform. Be reminded that these data can flow to the rest of AWS cloud services, like lambda function, DynamoDB… Thing Application (Eg. Monitor Station)

AWS IoT- Thing-Certificate Attaching certificate to the Thing is recommended Go to certificate section to do this.

HMI to AWS IoT– thing shadow MQTT Server Setting –AWS IoT Cloud service AWS IoT Domain name Endpoint (found in [Settings]>>[Custom endpoint]) Port 8883 Client ID Any; as long as not duplicated System Topic ALL Disabled TLS/SSL Enabled Server verification Import Root CA Certificate Client verification Certificate: import client certificate (xxxcert#xxx-certificate.pen.crt) Private key: import private key (xxxcert#xxx-private.pem.key) Same whether you want to send reported or desired messages

HMI to AWS IoT– thing shadow MQTT Server Setting –AWS IoT Thing Thing name Name of the thing QoS 0 or 1 Advanced mode 1. ROLE AS A DEVICE device  “reported” : device data update to shadow “desired” device: device data updated by shadow 2. ROLE AS AN APP “reported”device: device data updated by shadow (essentially monitoring) device”desired”: device data update to shadow (essentially to set another device)

HMI to AWS IoT– thing shadow ROLE AS A DEVICE ROLE AS AN APP Thing: Thermometer reported state Application (Eg. Monitor Station) Thing  “Reported”: T= 23 degrees “Reported” APP T= 23 degrees

HMI to AWS IoT– thing shadow ROLE AS A DEVICE ROLE AS AN APP Thing: Light desired state Application (Eg. Control Station) Thing  “desired”: Light OFF “desired” APP Light OFF

MQTT Demo – AWS IoT Demo – Show room in Weintek Things cMT-SVR (Suzhou) Sensor Remote 1 cMT-SVR (SZX) Sensor Remote 2 MQTT (AWS IoT ) cMT3151(TPE) (IoT Monitor Dashboard) cMT-SVR (USA) Sensor Remote 3 cMT-SVR (KOR) Sensor Remote 4 Remote 5 cMT-G01 (TPE) Sensor

MQTT Demo cMT-SVR Thing address report/desired design integrated with Arduino sensor program Remote 1, Remote 2, Remote 3…

Conclusion Device MQTT IoT Hub Device

A note on data encryption TLS1.2 is recommended in Azure TLS1.2 is required in IBM Cloud and AWS IoT cMT models should be fine. non-cMT models should have OS upgraded to a supported version

MQTT + Cloud Integration for SCADA, MES, ERP, Cloud iR Series Remote I/O cMT built-in CODESYS HMI Core --------------------------------------------- MQTT + Cloud OPC UA EasyAccess 2.0 SQL Database HMI PLC Sensor, I/O

FOR MORE INFORMATION PLEASE CONTACT : support@napa.fr