Connecting KEPServerEX with Azure IoT Hub

Image for post
Image for post

our earlier blog, we discussed how to connect a device using Azure IoT SDK to Azure IoT Hub. In this blog we’ll connect a KEPServerEX instance, deployed at a factory to the Azure IoT Hub.

KEPServerEX is the industry’s leading connectivity platform that provides a single source of industrial automation data to all of your applications. The platform design allows users to connect, manage, monitor, and control diverse automation devices and software applications through one intuitive user interface — source

We’ll also use ThingWorx Manufacturing App in today’s discussion. This is not required to configure KEPServerEX. We’ll be using it just to simulate devices and control few device tag values.

PTC’s ThingWorx IIoT platform is designed for rapidly developing industrial IoT solutions, with the ability to scale securely from the cloud to the edge. — source

We’ll then connect the KEPServerEX (with IoT Gateway plugin) to Azure IoT Hub directly so, we can capture the events at the Azure cloud end.

Image for post
Image for post
KEPServerEX MQTT over TLS connectivity to Azure IoT Hub directly.

Install & configure KEPServerEx & ThingWorx Manufacturing App

We’ll go to Kepware website and install the latest version of the KEPServerEX. Similarly we’ll install the ThingWorx Manufacturing App. The versions we’ll be using in this demo are — KEPServerEX-6.8.796.0 & ThingWorx-Manufacturing-Apps-8.4.0–00. We can refer the detailed steps from here.

Image for post
Image for post
The KEPServerEX user interface after installation.
Image for post
Image for post
The ThingWorx interface once we login.
Image for post
Image for post
By default, the ‘Controls Advisor’ page is opened, otherwise, we can select it from the left side menu.

Now we’ll select the connection, click on the View Connection Information icon and will note down the details.

Image for post
Image for post

Next, we’ll go to KEPServerEX, select the Project and open the Property Editor. We’ll update the ThingWorx connection information as noted earlier.

Image for post
Image for post

Once connected, we’ll find the KEPServerEX connection status becomes green in the ThingWorx application interface.

Image for post
Image for post

Simulate devices

We’ll now download the simulator data from here and import the demo factory configuration into the ThingWorx.

Image for post
Image for post
ThingWorx — Asset Advisor, once we upload the simulated devices.
Image for post
Image for post
ThingWorx — Production KPIs screen — only equipment details are present now.

Load simulator data into KepServerEX

Image for post
Image for post

Import Factory Simulator Controls

We’ll import the Factory Simulator Controls to turn on/off various simulator data and then import the tag data for the simulator.

Image for post
Image for post
Image for post
Image for post
Thingworx — The factory simulator control console — we can turn on/off different alerts. All alerts are off now.
Image for post
Image for post
ThingWorx — All production KPI status are in green.

Now, from the factory simulator control console screen, we’ll turn on the Machine Offline alert of the Asset_1–3_CNCMill.

Image for post
Image for post
Turned on the ‘Machine Offline’ alert!

Now if we go to the production KPIs screen, we’ll find amber status against the 1–3_CNCMill asset.

Image for post
Image for post

We can now say that, the ThingWorx application is properly configured with the KEPServerEX and the simulator data with controls are loaded into the ThingWorx.

Azure IoT Hub

We’ll reuse the Azure IoT Hub created in our previous blog. We’ll create a new device id for the KEPServerEX. We’ll also generate the Symmetric keys while creating the device.

Image for post
Image for post

Install Azure IoT Explorer

Next, we’ll download Azure IoT Explorer from here and install. We’ll copy the connection string from our IoT Hub.

Image for post
Image for post
Copy the Connection string — primary key

We’ll open the Azure IoT Explorer tool, input the connection string and connect to the IoT Hub.

Image for post
Image for post
Input the ‘Connection string — primary key’, copied from the previous step.
Image for post
Image for post
After connected with the IoT Hub.

There are 3 authentication types we can follow to connect Azure IoT Hub: Symmetric key, X.509 Self-Signed & X.509 CA Signed certificate based authentication. In this blog, we’ll discuss connecting KEPServerEX with the first two options.

Symmetric key/SAS Token based connectivity

We’ll open the IoT Explorer, connect to the IoT Hub, select the device we’ve created earlier.

Image for post
Image for post

We will select the primary or secondary key as the Symmetric key, add expiration duration in minutes and press the ‘Generate’ button. We’ll copy the generated SAS token connection string.

Image for post
Image for post
Copy the generated SAS token connection string.

Connect KEPServerEX to Azure IoT Hub

Next, we’ll open KEPServerEX, go to IoT Gateway and add a new agent. We’ll select MQTT Client as agent type.

Image for post
Image for post
IoT Gateway > Add Agent… > input agent name & type as ‘MQTT Client’.
Image for post
Image for post
Input URL as ssl://<IoT Hub name>.azure-devices.net:8883, add topic name as devices/<device id>/messages/events/<property bag (optional)>.

In case port 8883 is blocked in the factory network, we can configure MQTT over Web Sockets over port 443, refer here.

Next, we’ll click on the newly created agent, go to the security option and add the following values:

Topic = devices/MyKEPServerEX/messages/events/deviceData
ClientId = MyKEPServerEX
User Name = MyIoTHubName.azure-devices.net/MyKEPServerEX/?api-version=2018-06-30
Password = The generated SAS token

For details, refer here.

Image for post
Image for post
Image for post
Image for post
Once the agent connects to the IoT Hub, the success message will appear in KEPServerEX event log.

Monitor the Events using Azure IoT Explorer

We’ll now go to the ThingWorx factory simulator control console screen. We’ll check if all of the alerts are set off.

Image for post
Image for post

We’ll right-click on the newly created agent, click on the New IoT Item or New IoT Items.

Image for post
Image for post

We’ll select the factory device, select the required tags, input other details as marked in the below screenshot and apply.

Image for post
Image for post

Once the above steps are done, we’ll go to the IoT Hub Explorer, select the device and Telemetry option. The events will start flowing as soon as we’ll add the desired production line tags from KEPServerEX.

Image for post
Image for post
Telemetry option will capture the events coming into the Azure IoT Hub.

Now, we’ll again go to the ThingWorx factory simulator control console screen and set Machine Offline as On.

Image for post
Image for post
For the Asset_1–3_CNCMill, Machine Offline is set as On.

As soon as we’ll go to the IoT Hub Explorer, we’ll find the following Online_Status tag value will be changed to false.

Image for post
Image for post

X.509 Self-Signed certificate based authentication

Next, we’ll see how we can use X.509 Self-Signed certificate based authentication instead of SAS token based authentication.

We’ll download and install the OpenSSL tool for Windows 64 from here. We’ll run the openssl.exe as an Administrator and execute the following command:

OpenSSL> req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

This will generate our root certificate and a private key.

Image for post
Image for post
Image for post
Image for post
The self-signed certificate & the private key will be generated inside the OpenSSL folder.

Now, we’ll open the KEPServerEX service from the Windows system tray.

Image for post
Image for post
Image for post
Image for post

Import the certificate (.crt), private key (.key) and then it’ll ask for a password. Once input, we’ll find the successful certificate import message.

Image for post
Image for post
After the certificate & private key have been imported successfully.

Once imported, we’ll copy the Thumbprint from the certificate.

Image for post
Image for post
Now, select the certificate & copy the Thumbprint.

We’ll go to the Azure IoT Hub, create a new IoT device with X.509 Self-Signed as authentication type and paste the Thumbprint copied from the previous step.

Image for post
Image for post
Paste the Thumbprint.
Image for post
Image for post
The IoT device is enabled now.

We’ll go back to the KEPServerEX, create a new agent under the IoT Gateway option.

Image for post
Image for post
Create a new agent of MQTT Client type.
Image for post
Image for post
Configure the MQTT Client — Broker details as shown earlier.
Image for post
Image for post
Input the Username & Password as per below.

Device Id = MyKEPServerEX509
Hostname = MyIoTHubName.azure-devices.net

URL = ssl://MyIoTHubName.azure-devices.net:8883
Topic = devices/MyKEPServerEX509/messages/events/deviceData
ClientId = MyKEPServerEX509
User Name = MyIoTHubName.azure-devices.net/MyKEPServerEX509/?api-version=2018–06–30
Password = HostName=MyIoTHubName.azure-devices.net;DeviceID=MyKEPServerEX509;x509=true

If we open the Property Editor, we need to ensure that the following two properties are set as:

TLS Version = v1.2
Client Certificate = Enable

Image for post
Image for post

Now, as soon as we’ll select the tags for the factory devices in the KEPServerEX, we’ll find the events received in the IoT Hub Explorer!

Image for post
Image for post

Points to note

  • SAS token based security is less secure than X.509 certificate based security as the same token is stored at KEPServerEX (client) and IoT Hub end so, needs to be secured in both of the places.
  • For an enterprise scenario, we should use X.509 CA Signed certificate rather than X.509 Self-Signed certificate.
  • In practical factory cases, we’ll be using Azure IoT Edge to extend IoT Hub facility.
  • Most of the cases, we’ll find that KEPServerEX instance is inside a factory private network along with the devices. KEPServerEX will connect to the IoT Hub through an IoT Edge (Edge will act as a transparent gateway).

In the next blog, we’ll discuss more on the Azure IoT Edge.

Thanks for reading. If you have enjoyed it, don’t forget to clap and share! To see similar posts, follow me on Medium & LinkedIn.

Written by

Tech enthusiast, Azure Big Data Architect.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store