Endpoint Setup
When connected via Wi-Fi or 4G LTE, data measured by a Senquip ORB can be sent to the Senquip Portal or a remote server or SCADA system, using UDP, HTTP, HTTPS, MQTT and MQTTS. The endpoint settings allow for configuration of the end server detail and the protocol used to communicate with that server.
Data Security
Devices that connect to company networks and the internet need to be properly secured to mitigate risks and protect organisations from malicious cyber-attacks. Senquip takes the challenge of cyber-security seriously and utilises public-key-infrastructure as a part of their security solution to create a unique, trusted and protected identity for every ORB.
Public Key Infrastructure certificates are an important part of developing a complete security solution. By authenticating devices, encrypting confidential data, and maintaining data and system integrity, certificates establish online trust and reliable security.
Authentication: Certificates for devices validate identities to make sure only authorized users, messages, or other types of servers have access to the device.
Encryption: A certificate creates an encrypted link and allows information to be transmitted privately.
Integrity: Certificates make sure that any messages or data transferred to and from ORBs are not altered.
To ensure the highest levels of each of the three levels of trust, Senquip uses a NIST validated, ultra-secure hardware crypto-element for key and certificate storage and cryptographic processing. The crypto-element is pre-loaded with certificates for Amazon Web Services (AWS), allowing for immediate, out-of-the box, secure communication with the Senquip Portal. Users can load additional certificates to allow secure communications with other servers, using the Senquip Portal.
Note
For volume applications, Senquip can supply the ORB pre-loaded with additional certificates.
Data Format
Data that is transmitted by the ORB to a remote server is formatted in JSON format. JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write and it is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.
JSON is built on two structures:
A collection of name/value pairs. In various languages, this is realized as an object, record, struct, dictionary, hash table, keyed list, or associative array.
An ordered list of values. In most languages, this is realized as an array, vector, list, or sequence.
An example data JSON packet as sent by the ORB is shown below:
Example JSON data packet
Users of the Senquip Portal do not need to understand the data format; data can be viewed on the Senquip Portal numerically or graphically or can be downloaded in spreadsheet format.
For users who are sending data to third party servers that require data in a format other that JSON, arbitrary data formats can be scripted on the Senquip device. Application notes are provided that detail the scripting of custom data packet formats for connection to common third party platforms. Further information on scripting for Senquip devices can be found in the Senquip Scripting Guide.
Data Buffer
Where neither Wi-Fi or 4G LTE networks can be found, the Senquip ORB can store up to 1 MByte of messages for devices running SFW001 firmware and 2MByte for devices running SFW002 firmware, to internal memory for later transmission when a network becomes available. When the internal memory is full, the device stop logging. Once network connectivity is established, the most recently stored data will be transmitted first.
UDP
Data can be sent via raw UDP to a fixed IP address and port. This method is only suitable for a local network Wi-Fi connection as the data is not encrypted and there is no authentication. Raw UDP also provides no acknowledgment that data was received.
HTTP
An HTTP session is a sequence of network request-response transactions. The ORB initiates a request by establishing a HTTP connection on a particular port on a client server (typically port 80, occasionally port 8080).
HTTPS
HTTPS is the secure version of HTTP and is sometimes referred to HTTP over TLS. The ‘S’ at the end of HTTPS stands for ‘Secure’. It means all communications between your browser and the website are encrypted. Wherever possible, HTTPS should be used as an alternative to HTTP.
HTTPS requires that the certificate-authority (CA) certificate of the destination be loaded onto the ORB.
Note
for volume applications, the ORB can be pre-configured with CA certificates to allow secure communications with a customer server.
MQTT
MQTT is a secure machine-to-machine (M2M) Internet of Things connectivity protocol specifically designed for low data-rate applications and is perfect for implementation on the ORB. MQTT is the protocol used when the ORB communicates with the Senquip Portal and is also supported by many open source IoT platforms such as Thingsboard.
Note
The ORB can maintain concurrent MQTT connections to the Senquip portal and a customer server or SCADA system.
Consideration must be given to data security on open networks. In applications where data security is critical, the use of MQTTS with encryption and authentication should be considered.
MQTT over TLS
MQTT over TLS (MQTTS) adds enhanced security as all data is encrypted and secured with SSL certificates. Most business grade IoT platforms such as AWS (Amazon Web Services) offer MQTTS.
MQTTS is recommended by Senquip as the preferred protocol for use with the ORB as it offers a low power, reliable, secure connection. The ORB is pre-loaded with certificates allowing secure communication with the Senquip Portal.
Note
For volume applications, the ORB can be pre-configured with additional certificates to allow secure communications with a customer server or SCADA system.
Settings
UDP, TCP and HTTP connections require an IP address of the host server and a port on which the host server is listening. Secure protocols like MQTTS and HTTPS require certificates to be loaded on the ORB. The ORB is pre-loaded with certificates that allow connection to the Senquip Portal that is hosted on Amazon Web Services. Certificates for customer servers can be uploaded using the Senquip Portal.
All messages are time-stamped using the UNIX time standard. Unix time (also known as POSIX time or UNIX Epoch time) is a system for describing a point in time, defined as the number of seconds that have elapsed since 00:00:00, Thursday, 1 January 1970. Every day is treated as if it contains exactly 86400 seconds, so leap seconds are not applied. UNIX time is used to timestamp messages as it is used widely in Unix-like and many other operating systems and file formats.
The ORB automatically updates time by accessing a Network Time Protocol (NTP) server. By default the device will get the time via NTP from pool.ntp.org, on whatever network connection is available (Wi-Fi or 4G LTE). It does this if the time is not valid, for instance, after a reset, and then every 12 hours thereafter. Between updates, time is kept with a high precision real-time clock that is powered by the internal LiPo battery.
Although UNIX time is easy for computer systems to use, it is not easily human readable. If a human readable time-stamp is required, set the timestamp setting to ON, in which case, the ORB will insert an additional time and date field, formatted in human readable format, as below:
DD/MM/YYYY, hh:mm:ss for example: 27/06/2018, 17:30:15
Time is UTC (coordinated universal time); no offsets are applied for local time-zones on the ORB. The Senquip Portal will apply local time offsets as specified by the settings on your computer.
The Senquip Portal can be used to update settings on the ORB remotely. Each time the ORB makes contact with the Senquip Portal (for example to transmit measurements), the ORB will check for any settings changes. If there are changes to settings, these will be downloaded and applied. Pending configuration changes are listed on the settings pages on the Senquip Portal.
Pending change where the base interval has been changed to 600 seconds
If the ORB is configured to send data to a 3rd party server, the ORB will by default contact the Senquip Portal to check for settings updates once a day. Set the Configuration via Senquip Portal to OFF to prevent the ORB from contacting the Senquip Portal to check for settings. This setting may be used where power consumption is critical such as when AA batteries are being used an a very long battery life is required.
Warning
Disabling Configuration via Senquip Portal will mean that no settings or firmware updates will be able to be performed remotely using the Senquip Portal.
A full list of endpoint settings is given in the table below.
Name |
Item |
Function |
Internal Reference |
|---|---|---|---|
Data Endpoints |
|||
Configuration via Senquip Portal |
boolean |
Enables connection to Senquip Portal for remote configuration. |
endpoint.config_to_portal |
Send Data to Senquip Portal |
boolean |
Enables data from the device to be sent to the Senquip Portal. |
endpoint.data_to_portal |
Offline Buffer |
boolean |
Save data if device is offline, and send when network is available. |
endpoint.buffer_enable |
Add Formatted Time |
boolean |
This option adds a human readable time/date format to the data output. |
endpoint.addtimedate |
Report Network Info |
boolean |
Add network details and signal strength to data output. |
endpoint.network_report |
UDP |
|||
UDP |
boolean |
Enables sending data over UDP to specified address below. |
endpoint.udp.enable |
UDP Address |
text |
Address and port to send data to. |
endpoint.udp.address |
HTTP |
|||
HTTP POST |
boolean |
Enables sending data via a HTTP POST request to address below. |
endpoint.http.enable |
HTTP Address |
text |
Destination address and port for HTTP POST request. |
endpoint.http.address |
MQTT |
|||
MQTT |
boolean |
Enables sending data to a MQTT broker. |
endpoint.mqtt.enable |
Broker Address |
text |
MQTT Broker Address and Port. |
endpoint.mqtt.server |
Client ID |
text |
Client ID to send to the broker. Defaults to device.id if left blank. |
endpoint.mqtt.client_id |
Username |
text |
Username for MQTT authentication with username/password. (Optional) |
endpoint.mqtt.user |
Password |
text |
Password for MQTT authentication with username/password. (Optional) |
endpoint.mqtt.pass |