Gates
A Gate represents a communication protocol or specific connectivity service, e.g. ADS, OPC UA, MQTT, AWS IoT or Microsoft Azure IoT Hub. Each Gate is configured with parameters that are specific for the corresponding Gate type.
ADS
A Beckhoff ADS device represents either a TwinCAT 2/3 or a Beckhoff BC device. ADS is the common Beckhoff communication protocol and can be used to access many parts of the TwinCAT system. The most common application scenarios for TC3 IoT Data Agent involve access to a TwinCAT 2/3 PLC, C++, TcCOM modules or the I/O process image, which is done via ADS.
When configuring an ADS gate, the following settings are required by the TC3 IoT Data Agent to access the underlying ADS device:
Setting | Description |
---|---|
AmsNetId | AmsNetId of the target device, e.g. 127.0.0.1.1.1 for the local device. |
AdsPort | AdsPort of the target device, e.g. 801 (TwinCAT 2 PLC) or 851 (TwinCAT 3 PLC) |
IoMode | Specifies how the TC3 IoT Data Agent should communicate with the ADS device. The following options can be set:
|
OPC UA
OPC UA is a standardized, industrial, client/server communication protocol and adopted by many vendors for different use cases. The TC3 IoT Data Agent can access OPC UA server devices to connect variables (so-called “nodes”) on those devices with IoT services.
When configuring an OPC UA gate, the following settings are required by the TC3 IoT Data Agent to access the underlying OPC UA device:
Setting | Description |
---|---|
Server URL | The OPC UA Server URL, e.g. opc.tcp://localhost:4840 |
Security policy | The OPC UA security policy that the TC3 IoT Data Agent should use during connection establishment with the OPC UA server |
Security mode | The OPC UA message security mode that the TC3 IoT Data Agent should use during connection establishment with the OPC UA server |
Authentication mode | The OPC UA authentication mode that the TC3 IoT Data Agent should use during connection establishment with the OPC UA server |
MQTT
MQTT can be used for connecting to a generic message broker, e.g. Mosquitto, HiveMQ or similar broker types.
Setting | Description |
---|---|
Broker address | The IP address or hostname of the MQTT message broker |
Port | MQTT specifies port 1883 for unencrypted communication and 8883 for encrypted communication |
ClientId | A numeric or string-based value that identifies the client. Depending on the message broker type, this ID should be unique |
Authentication mode | Specifies if the TC3 IoT Data Agent should authenticate to the broker by using a username/password combination |
TLS mode | Specifies if TLS should be used to secure the communication channel to the message broker. Note that the message broker also needs to support TLS in order for this to work. Different options are available for TLS:
|
Microsoft Azure IoT Hub
With Azure IoT Hub the Microsoft Azure cloud platform offers a connectivity service in the cloud that provides bi-directional communication, device security and automatic scalability. In the TC3 IoT Data Agent, the IoT Hub can be configured as a special gate type.
Setting | Description |
---|---|
HostName | URL of the Azure IoT Hub instance |
DeviceId | DeviceId of the device that has been created on the IoT Hub configuration website |
SharedAccessKey | Either the primary or secondary device key that has been generated together with the device on the IoT Hub configuration website |
CA file | CA file that is used for server authentication. At the time writing this article, three certificates are in play during the server authentication, which form part of the certificate chain and are linked together.
During the initial TLS handshake, only the first two are sent by the server to the client. The client will normally only validate the Root CA of the chain and will determine if it is trusted. In order to acquire the CA file for the Root CA, you can open the Windows certificate store (certmgr.msc), browse to the trusted root authorities and export the Baltimore CyberTrust Root certificate. |
AWS IoT
With AWS IoT the Amazon Web Services cloud platform offers a message broker service in the cloud that provides bi-directional communication, device security and automatic scalability. In the TC3 IoT Data Agent, AWS IoT is configured as a regular MQTT gate. However, some special MQTT settings have to be configured to successfully connect to an AW IoT instance.
Setting | Description |
---|---|
Broker address | The URL of the AWS IoT instance |
Port | Port 8883 for encrypted TLS communication is mandatory |
ClientId | Can be set to anything but needs to be unique. Typically this could be the AWS IoT thing name. |
Authentication mode | Set to “No authentication”. Authentication on AWS IoT is done via the TLS client certificate. |
TLS mode | Automatically set to “Client certificate” by the configurator. Select path to CA file, client certificate file and client key file. These are the files that can be generated and downloaded on the AWS IoT configuration website. |