Tech Strategy

Ignition + MQTT = IT/OT Convergence

Envision a centralized hub sitting between all your enterprise systems that converges and delivers data in such a way that only those who need particular “atoms” of data can access them. No matter how big or small the importance of the decision is, or how granular the data, whichever user needs it, they get it as it occurs. Alarms and notifications delivered to any devices with interaction/control mechanisms at hand. This is the power of Ignition with MQTT!

By leveraging MQTT and Ignition, you can decouple intelligent devices from the plant floor or industrial applications and make that data available to anyone in the enterprise.

The MQTT Break Down

Message Queuing Telemetry Transport (MQTT) is a machine-to-machine oriented lightweight bi-directional publish/subscribe messaging protocol based on TCP/IP protocol stack. MQTT's architecture is based on client/server architecture.

Check out a related article:

Clients publish messages to the server, also known as a broker, receives these messages and distributes them between subscribers. Broker decouples publisher and subscriber acts as a message router. MQTT supports one-to-one, one-to-many, and many-to-one communication.

The MQTT message is a unit of information that is exchanged between publisher and subscriber. The MQTT protocol specification has the message Topic namespace and the Payload. The message Topic works as an address and has hierarchical structure, like a file system. MQTT doesn’t dictate any particular Topic and Payload structure or encoding. MQTT supports three quality service levels: “fire and forget,” “delivered at least once,” and “delivered exactly once.” The Sparkplug B specification provides topic namespace structure and encoding, a mechanism for state management and a payload structure and encoding.

MQTT’s one-to-many function facilitates the use of message-oriented middleware (MOM), which allows you to decouple the edge-of-network devices from the applications that consume the data. This decoupling of devices from applications is positively impactful in regards to scalability, system performance, and centralized visibility while requiring simple to add security measures.

The Ignition MQTT Combo Pack

Ignition is the world’s leading HMI, SCADA, and MES software development platform from Inductive Automation which delivers a device-agnostic, fully scalable OT/IT solution with unparalleled plug and play services.

Implementations and migrations have never been faster. Leveraging the full power of the Ignition universal industrial automation platform and the MQTT middleware infrastructure defines a true IIoT solution unlike any other on the market today.

Ignition is the only IIoT platform with full-featured SCADA functionality built-in. Ignition is the world’s first truly universal industrial application platform. It empowers each user to connect IIoT data across an entire enterprise, rapidly develop automated systems, and scale in any way you need.

Check out a related article:

The benefits of Ignition and MQTT are:

  • Unlimited licensing model: Add unlimited clients, screens, tags, connections, and devices
  • Cross-platform compatibility: Ignition works with any major operating system
  • Based on IT standard technology: Built with Java, Python, SQL, MQTT
  • Modular configurability: Customize to any process or industry with SCADA, MES & IIoT modules
  • Web service connectivity: Ignition can be connected to any web server including REST or SOAP
  • Scalable server-client architecture: Easily deploy at one or more sites or in the Cloud
  • Web-launch on desktop or mobile: Use it on any web-enabled PC or mobile device
  • MQTT protocol support: Ignition has modules providing full MQTT protocol support
  • Sparkplug B: Ignition MQTT modules by default support Sparkplug B specification which provides state monitoring, payload definition and standard topic definition
  • Third party solution integration: Ignition can be integrated with third party MQTT brokers and clients
  • Ignition supports Modbus, Allen-Bredley, Siemens, DNP3, Omron industrial protocols
  • Ignition Edge is reduced gateway that can be installed on industrial computer and works as MQTT client

Ignition MQTT Architecture

Ignition SCADA provides full support of MQTT via stand-alone MQTT modules including Engine MQTT, Transit MQTT,  Distributed MQTT, and Ignition Edge. Each module must be downloaded and installed into Gateway.

  • MQTT Engine module provides an ability to subscribe to MQTT Broker and automatically discover and load Tags. Tag updates will be auto-discovered 
  • MQTT Transition module acts as an Ignition Tag to MQTT Sparkplug bridge. It enables listeners to be attached to Ignition Tags which then wait for tag values to change. When they do, MQTT Sparkplug messages are generated to publish the data to an MQTT Server. This also allows them to be consumed by MQTT Engine
  • MQTT Distribution module is Ignition implementation of MQTT Broker, compliant with MQTT 3.1.1 protocol. Distributor module comes in two versions: Distributor and Distributor Plus. Distributor module supports up to 50 client connections and Distributor Plus up to 250 clients. Ignition supports third-party MQTT broker implementations like hiveMQ, mosquito MQTT, etc.
  • Ignition Edge is a cross-platform software solution enabling field devices to communicate via MQTT protocol. Ignition Edge is a truncated version of Gateway that can run on any major OS and utilizes a variety of protocols to connect to PLC devices. A list of devices that support Ignition Edge can be found here.

One Ignition Gateway can combine various modules, for example MQTT Distributor and MQTT Engine can be used all together, so one gateway can serve as MQTT Broker and client simultaneously.

The Inductive Automation platform and MQTT modules can be resilient to failures when configured to use redundancy. Redundant Ignition systems can be set up and configured to act as failover backups for primary/master Ignition instances. Redundancy can be configured in the Gateway. In case of lost connection, Ignition MQTT publishers can be configured to save data in RAM or hard drive.

Ignition MQTT solution can share data with major cloud providers like AWS, Google Cloud, Azure, and IBM Cloud via Cloud Injectors modules. Cloud Injector pushes Tag data to the cloud database including Tag metadata, UDTs and Tag values. The module can be configured to send all data or a specific subset of data. As Tag changes, the events are picked up by the module and sent to the cloud.

Ignition MQTT Architecture examples:

Ignition MQTT Architecture examples:
Single Ignition Gateaway

With PLCs connected via Ignition MQTT Edge devices and Ignition Gateway with MQTT Transition module. These PLCs publish messages to standalone MQTT Distributor. Ignition Gateway with MQTT Engine is subscribed to the MQTT Broker.

Two Ignition Gateways

One serving as the MQTT Broker and MQTT Client simultaneously using MQTT Distributor and Engine modules; second connected to PLCs utilizing MQTT Transmission module to publish changes to MQTT Broker.

Advanced Security

Security is another aspect of IoT applications that is critical and can be found in almost all layers of the IoT protocols. Threats exist at all layers including the data link, network, session, and application layers.

In this section, we briefly discuss the security mechanisms built in the Ignition MQTT. MQTT Edge, Ignition MQTT Distributor, and MQTT clients share the same security model. MQTT's connection between client and broker is established over TCP/IP using TLS protocol for establishing connection and encryption.

Ignition MQTT Security

With the MQTT network architecture, MQTT clients can disable all inbound TCP ports. This configuration is the most secure. It prevents any potential attacks from the internet. Access to the MQTT client can then be organized via reverse VPN.

The MQTT server shares the same security configuration TCP/IP over TLS as clients, moreover utilizing MQTT level username, password and Access Control List measures.

The ACL also controls what topics a given username/password pair can publish-subscribe on providing further security. The MQTT broker should be setup in a DMZ and behind the firewall with ports 443 and 8883 open for inbound connection.

Tech Wrap Up

Every aspect of the MQTT protocol can be configured via Ignition modules as well as integrating third party solutions. The architectures outlined above represent a cost-effective solution for an organization to build their IIOT transformation.

The Ignition/MQTT combo pack eliminates time spent on connecting and describing PLC’s tags, values and metadata as well as minimizes the time of deploying the MQTT Broker and Clients.

With minimal risk and cost, this solution enables OT data to be consumed with simple configurations on proven software tools that securely bridge the IT/OT gap providing contextual information for the data scientist to use Big Data Analytics, Machine Learning, Artificial Intelligence to gain insight and increase productivity and profit.

A senior Python developer certified with Ignition IA and MQTT from Cirrus Link. Yevhenii has spearheaded several Ignition projects and continues to dive deeply into the IIOT realm of industrial automation.

Leave a comment