basysKom AnwendungsEntwicklung

Connect OPC UA with open62541 to MS Azure IoT Hub
Essential Summary
The open62541 OPC UA stack with its Pub-Sub extension now supports MQTT over TLS as well as MQTT-brokers requiring a login (contributed by basysKom). This allows the direct communication between open62541 and the Azure IoT Hub and therefore highly simplifies the connection of OPC UA based IoT Devices to the cloud.

open62541 opc uaOPC UA PubSub is defined in part 14 of the OPC UA specification and introduces publish and subscribe capabilities in addition to the client server model. This article reviews the current state of PubSub in open62541 and shows how it can be used to connect an OPC UA server directly with an Azure IoT Hub.

As always in OPC UA, the data mapping and transport mechanisms are very flexible. In case of PubSub, this means that messages can be transmitted directly into a network (for example as multicast via UDP or raw ethernet frames via TSN) or through a message broker using protocols like MQTT or AMQP.

Having one-to-many messaging in OPC UA is interesting for use cases where data is only sent sporadically (sensors) or where large amounts of values must be sent with a high frequency or on a fixed schedule. The ability to reach multiple consumers with just one publish also reduces the processing power and network bandwidth required by the producer.

The introduction of broker based messaging in combination with the JSON mapping is an important step in simplifying the integration of OPC UA with cloud based services.

OPC UA PubSub support in open62541

The PubSub implementation in open62541 is progressing rapidly.

So far, open62541 supports UDP, raw Ethernet and MQTT transports with UADP (binary) or JSON encoding.

Publishers can publish values of node attributes. If the publisher application is also an OPC UA server, it can optionally provide clients with meta information on the data it publishes.

A subscriber can receive messages. If the subscriber application is also an OPC UA server, it is able to expose the most recent received values in its address space.

The implementation is also real time capable.

Publishing to Azure IoT Hub via MQTT

In our „basysKom industrial automation showcase“, we use an open62541 based OPC UA server to provide data to different clients like HMIs or the cloud connector. The current cloud connector reads the data from the OPC UA server and then sends them to an IoT Hub using the Azure IoT SDK.

As mentioned in our IoT Hub article, an IoT Hub can also be used directly via MQTT.  This requires a TLS capable MQTT client. For authentication, it must be able to login at the MQTT broker using username and password. Iot Hub Devices with X.509 certificate authentication must present a client certificate. In this case, only the username must be used during login. An exact description of the credentials, client id and topics the client must use are described here.

After a basic evaluation of the PubSub implementation in open62541, we wanted to replace the current cloud connector by publishing PubSub messages with JSON mapping directly to the MQTT broker of our IoT Hub.

Our contribution to open62541

TLS and login support were not available in the current implementation of the MQTT transport, so we decided to contribute username/password and TLS support to open62541.

The MQTT transport plugin has been extended with five new connection options:

OptionUse
mqttUseTLSSet this to true to use TLS for the connection
mqttCaFilePathThe path to the file containing CA certificates in PEM format
mqttCaPathThe path to a directory containing CA certificate files in PEM format
mqttClientCertPathThe path to the client certificate in PEM or DER format
mqttClientKeyPathThe path to the private key for the client certificate in PEM or DER format

If neither mqttCaFilePath nor mqttCaPath are available, the system’s default location will be used. To use a client certificate, both of the mqttClientCertPath and mqttClientKeyPath options must be specified.

TLS support has only been implemented for OpenSSL for now. It is activated by building open62541 with the CMake option UA_ENABLE_MQTT_TLS set to ON.

Conclusion

With this implementation, we were able to publish telemetry data directly to the IoT Hub using the username / password as well as the client certificate approach. We were able to remove the external Azure IoT Hub client from our „industrial automation showcase“ resulting in a more streamlined implementation.

Jannis Völker

Jannis Völker

Jannis Völker is a software engineer at basysKom GmbH in Darmstadt. After joining basysKom in 2017, he has been working in connectivity projects for embedded devices, Azure based cloud projects and has made contributions to Qt OPC UA and open62541. He has a background in embedded Linux, Qt and OPC UA and holds a master's degree in computer science from the University of Applied Sciences in Darmstadt.

2 Antworten

  1. Dear Jannis,

    Is it already possible to use the OPC UA PubSub Protocol within the Qt OPC UA Plugin? If not, are you planning to integrate that feature in the near future?

    Thank you very much!

    Kind Regards

    • We have considered it but currently the direction (from the perspective of Qt OPC UA) is not clear.

      OPC UA Pub/Sub contains the use cases of various user groups (from hard-realtime to cloud).

      Where would you see yourself? What is interesting to you?

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

Weitere Blogartikel

basysKom Newsletter

We collect only the data you enter in this form (no IP address or information that can be derived from it). The collected data is only used in order to send you our regular newsletters, from which you can unsubscribe at any point using the link at the bottom of each newsletter. We will retain this information until you ask us to delete it permanently. For more information about our privacy policy, read Privacy Policy