Endpoint Setup

When connected via Wi-Fi or 4G LTE, data measured by a Senquip ORB can be sent to the Senquip Portal or a remote server or SCADA system, using UDP, HTTP, HTTPS, MQTT and MQTTS. The endpoint settings allow for configuration of the end server detail and the protocol used to communicate with that server.

Data Security

Devices that connect to company networks and the internet need to be properly secured to mitigate risks and protect organisations from malicious cyber-attacks. Senquip takes the challenge of cyber-security seriously and utilises public-key-infrastructure as a part of their security solution to create a unique, trusted and protected identity for every ORB.

Public Key Infrastructure certificates are an important part of developing a complete security solution. By authenticating devices, encrypting confidential data, and maintaining data and system integrity, certificates establish online trust and reliable security.

Authentication: Certificates for devices validate identities to make sure only authorized users, messages, or other types of servers have access to the device.

Encryption: A certificate creates an encrypted link and allows information to be transmitted privately.

Integrity: Certificates make sure that any messages or data transferred to and from ORBs are not altered.

To ensure the highest levels of each of the three levels of trust, Senquip uses a NIST validated, ultra-secure hardware crypto-element for key and certificate storage and cryptographic processing. The crypto-element is pre-loaded with certificates for Amazon Web Services (AWS), allowing for immediate, out-of-the box, secure communication with the Senquip Portal. Users can load additional certificates to allow secure communications with other servers, using the Senquip Portal.

Note

For volume applications, Senquip can supply the ORB pre-loaded with additional certificates.

Data Format

Data that is transmitted by the ORB to a remote server is formatted in JSON format. JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write and it is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.

JSON is built on two structures:

  • A collection of name/value pairs. In various languages, this is realized as an object, record, struct, dictionary, hash table, keyed list, or associative array.

  • An ordered list of values. In most languages, this is realized as an array, vector, list, or sequence.

An example data JSON packet as sent by the ORB is shown below:

Example JSON packet

Example JSON data packet

Users of the Senquip Portal do not need to understand the data format; data can be viewed on the Senquip Portal numerically or graphically or can be downloaded in spreadsheet format.

For users who are sending data to third party servers that require data in a format other that JSON, arbitrary data formats can be scripted on the Senquip device. Application notes are provided that detail the scripting of custom data packet formats for connection to common third party platforms. Further information on scripting for Senquip devices can be found in the Senquip Scripting Guide.

Data Buffer

Where neither Wi-Fi or 4G LTE networks can be found, the ORB can store up to 1MByte of messages to internal memory for later transmission when a network becomes available. When the internal memory is full, the ORB will erase the oldest messages. Once network connectivity is established, the most recently stored data will be transmitted first.

UDP

Data can be sent via raw UDP to a fixed IP address and port. This method is only suitable for a local network Wi-Fi connection as the data is not encrypted and there is no authentication. Raw UDP also provides no acknowledgment that data was received.

HTTP

An HTTP session is a sequence of network request-response transactions. The ORB initiates a request by establishing a HTTP connection on a particular port on a client server (typically port 80, occasionally port 8080).

HTTPS

HTTPS is the secure version of HTTP and is sometimes referred to HTTP over TLS. The ‘S’ at the end of HTTPS stands for ‘Secure’. It means all communications between your browser and the website are encrypted. Wherever possible, HTTPS should be used as an alternative to HTTP.

HTTPS requires that the certificate-authority (CA) certificate of the destination be loaded onto the ORB.

Note

for volume applications, the ORB can be pre-configured with CA certificates to allow secure communications with a customer server.

MQTT

MQTT is a secure machine-to-machine (M2M) Internet of Things connectivity protocol specifically designed for low data-rate applications and is perfect for implementation on the ORB. MQTT is the protocol used when the ORB communicates with the Senquip Portal and is also supported by many open source IoT platforms such as Thingsboard.

Note

The ORB can maintain concurrent MQTT connections to the Senquip portal and a customer server or SCADA system.

Consideration must be given to data security on open networks. In applications where data security is critical, the use of MQTTS with encryption and authentication should be considered.

MQTT over TLS

MQTT over TLS (MQTTS) adds enhanced security as all data is encrypted and secured with SSL certificates. Most business grade IoT platforms such as AWS (Amazon Web Services) offer MQTTS.

MQTTS is recommended by Senquip as the preferred protocol for use with the ORB as it offers a low power, reliable, secure connection. The ORB is pre-loaded with certificates allowing secure communication with the Senquip Portal.

Note

For volume applications, the ORB can be pre-configured with additional certificates to allow secure communications with a customer server or SCADA system.

Settings

UDP, TCP and HTTP connections require an IP address of the host server and a port on which the host server is listening. Secure protocols like MQTTS and HTTPS require certificates to be loaded on the ORB. The ORB is pre-loaded with certificates that allow connection to the Senquip Portal that is hosted on Amazon Web Services. Certificates for customer servers can be uploaded using the Senquip Portal.

All messages are time-stamped using the UNIX time standard. Unix time (also known as POSIX time or UNIX Epoch time) is a system for describing a point in time, defined as the number of seconds that have elapsed since 00:00:00, Thursday, 1 January 1970. Every day is treated as if it contains exactly 86400 seconds, so leap seconds are not applied. UNIX time is used to timestamp messages as it is used widely in Unix-like and many other operating systems and file formats.

The ORB automatically updates time by accessing a Network Time Protocol (NTP) server. By default the device will get the time via NTP from pool.ntp.org, on whatever network connection is available (Wi-Fi or 4G LTE). It does this if the time is not valid, for instance, after a reset, and then every 12 hours thereafter. Between updates, time is kept with a high precision real-time clock that is powered by the internal LiPo battery.

Although UNIX time is easy for computer systems to use, it is not easily human readable. If a human readable time-stamp is required, set the timestamp setting to ON, in which case, the ORB will insert an additional time and date field, formatted in human readable format, as below:

DD/MM/YYYY, hh:mm:ss for example: 27/06/2018, 17:30:15

Time is UTC (coordinated universal time); no offsets are applied for local time-zones on the ORB. The Senquip Portal will apply local time offsets as specified by the settings on your computer.

The Senquip Portal can be used to update settings on the ORB remotely. Each time the ORB makes contact with the Senquip Portal (for example to transmit measurements), the ORB will check for any settings changes. If there are changes to settings, these will be downloaded and applied. Pending configuration changes are listed on the settings pages on the Senquip Portal.

Example pending change

Pending change where the base interval has been changed to 600 seconds

If the ORB is configured to send data to a 3rd party server, the ORB will by default contact the Senquip Portal to check for settings updates once a day. Set the Configuration via Senquip Portal to OFF to prevent the ORB from contacting the Senquip Portal to check for settings. This setting may be used where power consumption is critical such as when AA batteries are being used an a very long battery life is required.

Warning

Disabling Configuration via Senquip Portal will mean that no settings or firmware updates will be able to be performed remotely using the Senquip Portal.

A full list of endpoint settings is given in the table below.

Name

Item

Function

Internal Reference

Data Endpoints

Configuration via Senquip Portal

boolean

Enables connection to Senquip Portal for remote configuration.

endpoint.config_to_portal

Send Data to Senquip Portal

boolean

Enables data from the device to be sent to the Senquip Portal.

endpoint.data_to_portal

Offline Buffer

boolean

Save data if device is offline, and send when network is available.

endpoint.buffer_enable

Add Formatted Time

boolean

This option adds a human readable time/date format to the data output.

endpoint.addtimedate

Report Network Info

boolean

Add network details and signal strength to data output.

endpoint.network_report

UDP

UDP

boolean

Enables sending data over UDP to specified address below.

endpoint.udp.enable

UDP Address

text

Address and port to send data to.

endpoint.udp.address

HTTP

HTTP POST

boolean

Enables sending data via a HTTP POST request to address below.

endpoint.http.enable

HTTP Address

text

Destination address and port for HTTP POST request.

endpoint.http.address

MQTT

MQTT

boolean

Enables sending data to a MQTT broker.

endpoint.mqtt.enable

Broker Address

text

MQTT Broker Address and Port.

endpoint.mqtt.server

Client ID

text

Client ID to send to the broker. Defaults to device.id if left blank.

endpoint.mqtt.client_id

Username

text

Username for MQTT authentication with username/password. (Optional)

endpoint.mqtt.user

Password

text

Password for MQTT authentication with username/password. (Optional)

endpoint.mqtt.pass