Getting Started with
RUGGEDCOM
CloudConnect
RUGGEDCOM RX1400
https://support.industry.siemens.com/cs/ww/en/view/109763521
Siemens
Industry
Online
Support
Legal information
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
2
Siemens AG 2019 All rights reserved
Legal information
Use of application examples
Ap plicati on exampl es illust rate t he sol ution of automation tasks t hr ou gh an inter ac ti on of s ev er al
com p on ent s in t he f or m of text , graphic s an d/ or s oft w ar e m od ul e s. The app licat ion e xam p les ar e
a free serv ice by Si emens AG and/or a subsidiary of Siemens AG ( "Siemens") . They are
non-binding and make no cl aim to compl eteness or function ality regarding confi gurati on and
equipment. The applicati on examples mer ely offer h elp with typ ical tasks; they d o not constitut e
customer-specific solut ions. You yourself ar e responsible f or th e proper and safe operat ion of the
product s in acc or d anc e with app lic ab l e r egu l ati ons an d mus t als o check th e funct i on of th e
res p ect i ve app l ic ati on e xam pl e an d customi z e it f or your sys t em.
Siemens grants you t he non-exclusi v e, non-sublicensable and non-transferabl e ri ght to have the
app l ic at ion e xam p les used b y technicall y train ed personn el. Any change to the ap plicati on
examples is your respon sibility. Sharing t he appl ication examples with third par ti es or copying the
app l ic at ion e xam p les or exc er pts th er eof is p er m itt ed on ly in c om b ination wit h you r own produc ts .
Th e app l ic ati on ex am pl es ar e not requ ir ed t o un der g o t he c us t om ar y t es ts and qu ali ty i nsp ec ti ons
of a ch ar g eab l e pr od uc t; th ey may h av e func t i on al and p erf or m a nc e def ect s as w ell as er r ors . It is
your responsib il ity to use them i n such a manner that any malfun ctions that may occur do not
result in property damage or injur y to persons.
Disclaimer of liability
Siem en s sh all n ot ass u m e an y li abi lit y, f or any l eg al r eas on wh at s oev er , i ncl ud in g, w ith ou t
limit ation, liabilit y f or the usability, av ail ability, com pleteness an d freedom from defects of t he
app l ic at ion e xam p les as well as for r elated inf or m ati on, c onfigur a ti on an d perfor m anc e data and
any damage caused t hereby. This shall not app ly i n cases of mandatory l iability, for exampl e
under the German Product Liability Act, or in cases of i ntent, gross negl igence, or cul pabl e loss of
lif e, b od ily injury or dam ag e t o health, non-compliance with a guar antee, f raudulent
non-dis c l os ur e of a defec t , or cu lpab l e br eac h of mater i al c ontrac t ual ob l ig ati ons . Cl aims for
dam ag es ar isi ng from a br eac h of mat er i al c ont r actual ob li gat ions sh all how ev er be lim it ed to th e
f or es ee ab le d am ag e ty pical of th e t y pe of agr eem en t , un l es s li ability ar is es fr om int ent or gr oss
neg l ig ence or is bas ed on l oss of lif e, bod i ly injury or damag e to health. The foregoing provisions
do not i m ply any change in the b urden of proof to your d etriment. You sh all indemnify Si emens
agai ns t exi s t ing or f uture cl aim s of t hir d parties in th is c onn ec ti on exc ept wh er e Siem ens is
mandatorily liable.
By usi n g the ap p licat ion ex am p les y ou ac kn ow l edg e th at Si em en s cann ot be h el d liab le f or any
dam ag e b ey ond th e l iab il ity provisi ons desc r ib ed .
Other information
Siemens reserv es the r ight to make c hanges to the applicati on exampl es at an y time without
not ic e. I n c as e of disc r ep ancies b et w een the su gg es t ions in the a pp l ic ati on e xam p l es and ot h er
Siemens publications such as catalogs , th e content of the other documentation shall have
precedence.
Th e Siemens terms of use (https://support.industry.siemens.com) sh al l als o ap pl y.
Security information
Siemens provides products and solutions with In dustr ial Security func tions that suppor t t he secure
operat i on of pl ant s , sys t em s, m ach i nes a n d net wor ks .
In ord er to protec t pl ants, system s, machi nes and n etwork s against cyber t hreats , it is n eces sary
to impl ement an d continuously mai ntain a holistic, state-of-the-art indus tr ial security concept.
Siemens products and solutions c onst it ut e one el em ent of s uch a c onc ept .
Cus tomers are responsible for preventing unauthor ized acces s to their plant s, s ystems, machines
and network s. Suc h systems, mach ines an d comp onent s shoul d onl y be connected to an
enterprise networ k or t he Internet if and to th e extent s uch a connection is necessary an d only
wh en appropr iate s ec ur it y m eas ures ( e.g. fir ew alls and/or n et work segm ent ation) ar e in p lac e.
F or ad d it i onal i nf or m at i on on in d ust r ial s ec urity m easures th at m ay b e im plem en ted, ple as e vis it
https://www.siemens.com/industrialsecurity.
Siemens products and solutions u ndergo c ontin uous development to make them more secure.
Siemens st rongly recommends t hat product u pdates are app lied as soon as t hey ar e av ail ab l e
and that the latest product vers ions are used. Use of produc t versions that are no longer
supported, and failure to ap ply the latest updat es may inc rease cus tom er s exposur e to cyb er
threats.
T o st ay i nf orm ed ab out pr od uc t upd at es, s ubscr ibe t o the Siemens Indus trial Security RSS Feed
at: https://www.siemens.com/industrialsecurity.
Legal inf ormati on
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
3
Siemens AG 2019 All rights reserved
Security Disclaimer
Th is product makes available certain third party technology w hic h is subject to separate license
terms and cond itions, i ncluding the followi ng third party software licens e(s) : Debi an / L inux. By
using suc h third party technol ogy, y ou will have accepted the terms of s uch separat e licens es and
agreements , and y ou unders tand th at Si emens is n ot respons ibl e for the behav ior or cont ent of
such third par ty techn ology or maki ng security patches, updates or upgrades avail able.
Table of Contents
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
4
Siemens AG 2019 All rights reserved
Table of Contents
Leg al inf ormation ..................................................................................................... 2
1 Introduction .................................................................................................... 5
1.1 Overview ........................................................................................... 5
1.2 CloudConnect f or the RUGGE DCOM RX1400 ................................... 5
1.3 Suppor ted Cloud Services ................................................................. 5
1.4 Default RUGGEDCO M RX1400 Fact or y Configuration ....................... 6
1.5 Sec ur ity Rec ommendati ons ............................................................... 6
1.6 Logging in to Cl oudConnec t ............................................................... 6
2 Configuring CloudConnect ............................................................................ 8
2.1 G ener al Procedur e ............................................................................ 8
2.2 Confi gur ing the RUGGEDCOM RX1400 VPE .................................... 8
2.2.1 Installing t he CloudConnec t VPE Applic ation ..................................... 9
2.2.2 Configur ing Virtual M ac hine Int erfac es ............................................... 9
2.2.3 Configuring Virtual Switches .............................................................. 9
2.2.4 Configur ing a Cellular Modem Interfac e ........................................... 11
2.2.5 Configuring the Firewall ................................................................... 12
2.3 Conf igur ing a Stati on ....................................................................... 14
2.4 Conf igur ing Cloud S ervices.............................................................. 14
2.4.1 Configur ing Siem ens MindSpher e with MindConnec t IOT
Extension ........................................................................................ 14
2.4.2 Configur ing AWS IoT Core............................................................... 17
2.4.3 Configuring Microsoft Azure IoT Hub ............................................... 19
2.5 Conf igur ing Cloud P r ofiles Wit hin CloudConnec t .............................. 19
2.5.1 Configur ing CloudConnect f or Siemens MindSpher e with
Mi ndConnec t I oT Extensi ons ........................................................... 19
2.5.2 Configur ing CloudConnect f or AW S ................................................. 21
2.5.3 Configur ing CloudConnect f or Micr osoft Az ur e ................................. 22
3 Online Diagnostics ....................................................................................... 24
4 Updating the CloudConnect Application ..................................................... 25
5 Appendix ....................................................................................................... 26
5.1 Troubleshooting ............................................................................... 26
5.1.1 Online Diagnostics ........................................................................... 26
5.1.2 Log Files.......................................................................................... 26
5.1.3 Connect ing t o the CloudConnect Linux Consol e .............................. 26
5.2 Service and Support ........................................................................ 27
5.3 Links and Li terature ......................................................................... 28
5.4 Change Documentation ................................................................... 29
1 Introduction
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
5
Siemens AG 2019 All rights reserved
1 Introduction
1.1 Overview
This applic ation description defines the steps to connec t I ndustr ial Inter net of
Things (IIoT) devic es to v ari ous cloud servi c es via the RUGGEDCOM
CloudConnec t VP E applic ation.
The RUGGE DCOM RX1400 VPE is a virtual mac hine envi r onm ent that support s
Linux applic ations. T he CloudConnec t gateway appl ic ation runs i n this
envi r onm ent, and has it s own Web-based user int erface for c onfiguration and
maintenance.
This guide outlines the configurat ion steps (and exam ples) in t he cl oud service, t he
RUGG E DCOM RX1400, and the CloudConnect applicati on to enable end-to-end
communic ations from IIoT devices to the cloud servic e.
NOTE Regi str ation with one of t he supported cloud services i s required.
1.2 CloudConnect for the RUGGEDCOM RX1400
The RUGGE DCOM RX1400 Cl oudConnec t VP E application can be ordered from
the factory pre-confi gur ed on a new RUGG E DCOM RX1400 device, or ordered as
an electronic file that c an be uploaded to an existing RUGGE DCOM RX1400.
The f ac tory order option includes the RUGGE DCOM RX1400 devic e, an 8 GB
industr ial r ated micro SD c ar d, VPE license, and CloudConnect applicati on pr e-
installed. The device c om es pre-configured wit h V PE enabled and net working
interfaces.
The upgrade option includes a VPE im age and V PE license sent via elect r onic file
transfer . The micr o S D card is to be prov ided by the end user. A suggested
RUGGEDCOM ROX II configur ation is detailed in Section 2.2, “Configuring the
RUGG E DCOM RX1400 VPE “.
Instructions for installing and updating virtual machine images are provided in the
RUGG E DCOM ROX II User Guides.
1.3 Supported Cloud Services
At the time of publi c ation, RUGGEDCOM CloudConnect supports the following
cl oud servic es:
Siemens MindSphere MS3.0 with Support for IOT Extension with MQTT
https://documentation.mindsphere.io/resources/pdf/mindconnect-iot-extension-
gs-en.pdf
Amazon Web S ervices (AWS) IoT Core
https://aws.amazon.com
Micro soft Azure IoT H ub
https://azure.microsoft.com/services/iot-hub/
For guidanc e on how to register with t hese services, refer to Section 2.3,
Configuring a Station“.
1 Introduction
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
6
Siemens AG 2019 All rights reserved
1.4 Default RUGGEDCOM RX1400 Factory Configurat ion
When RUGGEDCOM CloudConnect is ordered pr e-installed at the factory, the
RUGG E DCOM RX1400 i s pre-configured to map vi rtual network i nterfaces to
switc h por ts as shown:
Figure 1-1
RX1400
ROX OS
VPE
CC7 Installed
Swport2
(VLAN 2)
eth0
eth1
vma.0001
vma.0002
vsw-vs1
vsw-vs2
Swport1
(VLAN 1)
Firewall
fw1
int
zone
Swport3
(VLAN 1)
Swport4
(VLAN 1)
Swport5
(VLAN 1)
Swport6
(VLAN 1)
cel-1
(alternate)
fire
zone
Cloud Network
(eg MindSphere)
OR
Modbus or S7 Device
(Process Network)
Cell Option Default Gateway:
0.0.0.0/0 à cel-1
CloudConnect
192.168.1.2/24
192.168.1.5/24
192.168.0.5/24 192.168.0.3/24
Default Router: 192.168.1.2/24
E.g. CloudConnect Configuration
IP Address: 192.168.1.5/24
Default Router: 192.168.1.2/24
Cloud Intface on same subnet: False
DNS Server 1: 8.8.8.8
DNS Server 2: 8.8.4.4
1.5 Security Recommendations
Confi gur e a firewall on the RUGGEDCOM RX1400 dev ice to control traff ic from
the VP E to the cloud.
Consider securing the c onnec ti on ( e.g. with IPS ec ) betwee n the VPE and IIoT
devices, especi ally if t he devic es are not c onnec ted on the same loc al subnet.
Check for updated firmware that may be available from Siemens. It is
recommended the most up to date firmware/software is used as per the l atest
firm ware release. By using out dated firmware versions, some available
features m ay not be utilized and the absence of security updates or features
m ay potentially expose your network t o c er tain ri sks.
Disable the DHCP cli ent t o av oid DHCP snoopi ng. Do not expose DHCP
enabled interfaces to the Internet or unknown networks. Use port securit y
where available.
Confi gur e the Net work Time Protoc ol (NTP ) to help r eject ex pir ed c er tif icates.
Make sure addi t ional security recomm endations defi ned in the RUGGE DCOM
ROX II User G uides are f ollowed.
1.6 Log gi n g in to C lo u dC o n ne c t
To login to the CloudConnec t user i nterf ace, do the follow ing:
NOTE The CloudConnec t user i nt erf ac e is av ailable aft er step 2 in “G ener al P r oc edur e
is completed.
1. O pen a br owser via a computer on VLAN1 and enter the I P addr ess for the
CloudConnec t service in the address bar. The default IP address for
CloudConnec t is 192.168. 0.5.
1 Introduction
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
7
Siemens AG 2019 All rights reserved
2. At t he login screen, enter y our user name and password. T he default
credent ials are:
User name: admi n
Password: admin
You wil l be pr om pted to change bot h the admin user name and password
during the first login.
Figure 1-2
3. Click Lo g In.
2 Configuring CloudConnect
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
8
Siemens AG 2019 All rights reserved
2 Configuring CloudConnect
NOTE Tasks to be performed in the RUGGEDCOM ROX II user interface are described
in as much detail as rel ates to thi s appli c ation. For further inform ation about
individual tasks, r efer to t he RUGGEDCO M ROX II CLI or Web UI User Guide for
the RUGGE DCOM RX1400 avail able on the Siem ens Industri al Online Support
(SIOS) website [https://support.industry.siemens.com].
NOTE Tasks to be performed in CloudConnect are described in as much detail as
rel ates to t his appli cation. For further informat ion about individual tasks or
specific parameters, refer to the CloudConnec t f or RX 1400 Configuration Manual
av ailable through the user i nterf ac e.
NOTE Refer to Figure 1-1 for an overview of the def ault RUGGE DCOM CloudConnec t
configur ation f or the RUGG E DCOM RX1400.
2.1 General Procedure
1. Register with one of the supported c loud service pr ov iders.
2. Conf igur e the RUGGEDCOM RX1400 VPE.
Refer to Section 2.2, “Configuring the RUGGEDCOM RX1400 VPE“.
3. Conf igur e a P r ofile wit hin CloudConnec t for each registered cloud service.
Refer to Section 2.3, “Configuring a Station”.
4. Conf igur e the chosen cloud servi c e.
Refer to Section 2.4, Configur ing Cloud S ervices”.
5. Configure a profile in CloudConnect f or eac h cl oud service.
Refer to Section 2.5, Configuring Cloud P r ofiles Wit hin CloudConnec t ”.
2.2 Configuring the RUGGEDCOM RX1400 VPE
Com plete the following tasks to configur e the CloudConnect VPE appli c ation f or
the RUGGE DCOM RX1400:
1. I nstall the CloudConnect VPE appli c ation.
Refer to Section 2.2.1, “I nstalling t he CloudConnec t VPE Application”.
2. Define and enable virtual machine interfaces.
Refer to Section 2.2.2, “Confi gur ing Virtual M ac hine Interfaces”.
3. Def ine v ir tual swi tches to bridge VMA and VLAN/ r outable interfac es.
Refer to Section 2.2.3, “Configuring Virtual Switches”.
If the devic e’s i nternal 4G LTE cellular modem is to be used to connect with
CloudConnec t services, perform the f ollowing additional steps:
1. Conf igur e a c ellular modem int erface to allow the Cl oudConnect c onnec tion.
Refer to Section 2.2.4, “Confi gur ing a Cellular Modem Interfac e”.
2. Conf igur e a firewall to mak e sure t r aff ic destined f or the Int er net is sent via the
cellular modem interface.
Refer to Section 2.2.5, “Configuring the Firewall”.
2 Configuring CloudConnec t
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
9
Siemens AG 2019 All rights reserved
NOTE Tasks perfor med in the RUGGEDCOM ROX II operating system ar e described in
general . F urther details are availabl e in the RUGGE DCOM ROX II CLI or Web UI
User Gui des available on t he Si em ens Industr ial Onli ne Support ( SIOS) website
[http://support.industry.siemens.com].
2.2.1 Installing the CloudConnect VPE Application
Task Instal l the CloudConnect VPE application on an existing RUGGE DCOM RX1400
device.
This st ep i s no t requi red i f the application is inst alled at the f actory.
Prerequisites
RUGGEDCOM RX1400 runni ng RUGG E DCOM ROX v2.11 ( or higher )
Procedure 1. Order t he Cl oudConnec t appli c ation from Si em ens Cust om er S uppor t.
Instruc tions on how to download the file will be provided.
2. Download t he CloudConnec t VPE image.
3. Save the image to a mic r oS D/mic r oS DHC c ar d, f ormatted wi th t he FAT32 or
EXT4 file system.
4. I nsert the mic r oS D/mic r oS DHC c ar d into the RUGGEDCOM RX1400.
5. F ollow the instruc tions in the RUGGEDCOM ROX II User Guide f or adding a
virtual machine image and extracting a virtual machine archive.
2.2.2 Configuring Virtual Mac hine Interfaces
Task Define and enable the virtual machine interfaces vma.0001 and vma.0002 for the
CloudConnec t VP E applic ation.
Procedure For both vma.0001 and vma.0002, do the following:
1. Enable the virtual machine interface.
Refer to instruc tions in the RUGGEDCOM ROX II User Guide for
enabling/disabling a VPE net work interf ac e.
2. Add the virtual machine interface.
Refer to instruc tions in the RUGGEDCOM ROX II User Guide for adding a
virtual machine interfa ce.
2.2.3 Configuring Virtual Switche s
Task Defi ne v ir tual swi tches to bridge the two VMA interfaces and VLAN/routable
interfaces.
Prerequisites
RUGGEDCOM RX1400 runni ng RUGG E DCOM ROX v2. 11 ( or higher)
Procedure 1. Login t o the RUGGE DCOM RX1400 as an administr ator.
2 Configuring CloudConnec t
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
10
Siemens AG 2019 All rights reserved
2. Add the vir tual network interf ac es, v m a.0001 and vm a.0002, to t he virtual
m ac hine c onfiguration.
3. Create t wo virt ual switc hes (e.g. vs1 and vs2) . The name of each is user-
defined.
4. Assign a VLA N interface or routable interface, and the corresponding virtual
network i nterface to each virtual sw itch interface (e.g. vma.0001 and
switch.0001 to vsw-vs1, vma.0002 and switch.0002 to vsw-vs2).
NOTE Only IPv4 addresses are supported.
NOTE VPE interfaces (such as vma.0001) can only be assigned to a single v ir tual
switc h interface.
5. Assign IPv4 addresses to both vir tual switch interfaces.
Example
ruggedcom(con fi g)# sh ow full-conf ig uration interface vir tu alsw it ch
interface
virtualswitch vs1
no alias
no proxyarp
interface switch.0 001
!
interface vma.0001
!
!
virtualswitch vs2
no alias
no proxyarp
interface switch.0002
!
interface vma.0002
!
!
!
2 Configuring CloudConnec t
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
11
Siemens AG 2019 All rights reserved
ruggedcom(con fi g)# sh ow full-conf ig uration ip vsw-vs1
ip vsw-vs1
no bandwidth
ipv4
address 192.168.0.3/24
no peer
!
!
ipv6
nd
no enable-ra
no adv-interval-option
no home-agent-config-flag
no managed-config-flag
no other-config-flag
!
!
!
ruggedcom(con fi g)# sh ow full-conf ig uration ip vsw-vs2
ip vsw-vs2
no bandwidth
ipv4
address 192.168.1. 2/24
no peer
!
!
ipv6
nd
no en able-ra
no adv-interval-option
no home-agent-config-flag
no managed-config-flag
no other-config-flag
!
!
!
2.2.4 Configuring a Cellular Modem Interface
Task Defi ne a c ellular modem interf ace to a 4G LTE cellular network.
This st ep i s only requ ired if th e devi ce’s internal 4G LTE cell ul ar mod em is to
be u sed to connect with Clo ud Con nect services.
Prerequisites
RUGGEDCOM RX1400 running RUGGEDCOM ROX v2.10.0 (or higher)
Procedure 6. Login t o the RUGGE DCOM RX1400 as an adm inistr ator.
7. Create a G SM profile for your teleco m service prov ider with the following
mi nim um settings:
Parameter Description
apn The name of the access point.
dial-string The dial s t ring provided by t he w ireless provider to co nnect t o
th e access point.
Use the d efault s e tti ng.
sim The SIM index (1 or 2) to be used by the access point.
2 Configuring CloudConnec t
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
12
Siemens AG 2019 All rights reserved
profile Th e cell ular connection prof ile.
8. Enable the cell m odem i nterface.
9. Conf igur e the PPP client and set i t t o connect to t he GSM profil e defined in
step 2.
10. Conf igur e a static r oute and assign i t to the cell ular modem interface (c el-1).
11. Ver ify the status of the cellular modem interface configuration.
Example
ruggedcom(con fi g)# sh ow full-conf ig uration global cellul ar
global
cellular profi le s gsm telus
apn SP.TELUS.COM
ppp-config use-peer-dns
no ppp-config dial-on-demand
no ppp-config failover-on-demand
!
!
ruggedcom(config)# show full-co nf ig uration inter fa ce cel lm od em
interface
cellmodem celp or t 1
enabled
no alias
lte ppp-client connect-to te lus
lte firmware-update
settings
no reposito ry -url
mode manual -check-and-update
!
!
!
!
ruggedcom(con fi g)# sh ow full-conf ig uration routing ipv4
routing i pv 4 ro ut e 0.0.0.0/0
dev cel-1
no distance
!
!
2.2.5 Configuring the Firewall
Task Defi ne a firewall to prov ide a secure connect ion via the Inter net bet ween the cloud
service and the CloudConnect appli c ation.
This st ep i s only requ ired if th e devi ce’s internal 4G LTE cell ul ar mod em is to
be u sed to connect with Clo ud Con nect services.
Prerequisites
RUGGEDCOM RX1400 runni ng RUGG E DCOM ROX v2.11 ( or higher )
Procedure 1. Login t o the RUGGE DCOM RX1400 as an administr ator.
2. Create a firewall configuration.
3. Create net work zones named fire and int.
2 Configuring CloudConnec t
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
13
Siemens AG 2019 All rights reserved
4. Add firew all interfaces for cel-1 and vsw-{interface}, where {int erface} is the
v ir tual swi tch that is m apped to t he CloudConnec t cloud net work int erfac e,
vma.0002 (e.g . vsw-vs2).
5. Assign the int erfaces to the int network zone.
6. Define the fir ewall polic y . For example:
name: p1
source-zone: all
destination-zone: all
policy: accept
7. Def ine a MASQ rule with the following m inimum settings:
Parameter Description
out-interface The outgoing interface. Set to cel-1.
source-hosts A range and/or comma-separated list of subnet host IP
addresses (i.e. CloudConnect’s cloud network)
8. Validate the fir ewall configuration.
9. Enable the firewall confi gur ation.
Example
ruggedcom(con fi g)# sh ow full-conf ig uration security fire wa ll
security
firewall
enable
work-c onfig fw1
active-config fw1
fwconfig fw1
fwzone fire
type firewa ll
no description
!
fwzone int
no description
!
fwinterfac e ce l-1
zone int
no description
!
fwinterfac e vs w-vs2
zone int
no description
!
fwpolicy p1
source-z one all
destination-zone all
policy acce pt
no description
!
fwmasq masq1
out-interface cel-1
no out-interface-specifics
no ipalias
source-hosts 192.168.1.0/24
no address
no description
!
!
!
!
2 Configuring CloudConnec t
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
14
Siemens AG 2019 All rights reserved
2.3 Configuring a Station
Task Configure a stati on ( end dev ic e) to communicate wit h Cl oudConnec t via Modbus
TCP or the S7 pr otocol.
Prerequisites
A RUGGEDCOM RX1400 with t he CloudConnec t applicati on installed
A Modbus TCP or S7 remote device
Procedure 1. Login t o the CloudConnect user i nterface as the admin user.
1. Navigate to Process Access > S tation Conf igur a ti on.
2. Under Station name, enter a station name.
3. O n the Settings tab, sel ect Modbus/TCP or S7 protocol.
4. O n the Modbus/TCP or S7 tab, configure the protocol. For more information,
refer to the RX1400 with CloudConnec t Configur ation Manual available via the
user int erfac e.
2.4 Configuring Cloud Services
This secti on pr ov ides examples of how to configure each support ed c loud servic e.
For each service, a certificate must be defined to authenti c ate CloudConnect
clients.
NOTE Each servic e offers multiple configuration options, such as generating a
cert ificate or using a CA certificat e pr ov ided by the user. The proc edur es
described below only use a subset of the availabl e options to demonstr ate one
way of c onfiguring eac h cl oud servic e. For more informat ion, ref er to t he user
document ation prov ided by eac h cl oud service.
NOTE Proc edur es provided ar e c onsi der ed ac c ur ate at the time of publication.
2.4.1 Configuring Siemens MindSphere with MindConnect IOT Exte nsion
Overview To enable an MQTT dev ic e connect ion wi th MindSpher e, t he Mi ndConnec t IoT
Ext ensi on is required to be added t o the MindS pher e tenant. I nformation on how to
activate the MindConnect IOT Extension is included in the “Welcome to
Mi ndS pher e” em ail.
NOTE When properly configur ed, the RUGGEDCO M RX1400 with CloudConnect
applic ation will aut om atically c r eate a dev ic e in the Mi ndConnec t IoT extension,
with t he dev ic e nam e entered in the Cl oudConnec t user i nterface.
Task Login t o Mi ndConnec t IoT Extension and note the URL. Download the server
certificate from the MindSphere tenant.
NOTE Only download the server c ertificat e if T LS authentication is enabled.
2 Configuring CloudConnec t
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
15
Siemens AG 2019 All rights reserved
Prerequisites
A MindSphere tenant with MindConnect IoT Extension enabled
Procedure
1. Login t o the MindS pher e tenant por tal. Clic k MindC onne ct IoT E x tension.
Figure 2-1
2. Login t o Mi ndConnec t IoT Extension and note the URL. For ex am ple:
siedev.mciotextension.eu-central.minsphere.io
Figure 2-2
3. T em por ar ily recor d the URL in a text file.
4. [OPTIONAL] To use the encrypted MQTT communic ation over TLS, impor t t he
server certif ic ate t o the client.
a. Click the secure icon on y our browser.
Figure 2-3
b. Click the Certification Path tab, selec t QuoV adis Root CA 2 G3, and
then clic k Vi ew Certificate.
2 Configuring CloudConnec t
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
16
Siemens AG 2019 All rights reserved
Figure 2-4
c. In t he Certificate di alog, click the Details tab and then cli c k Copy to File.
Figure 2-5
d. Select Base-64-encoded X.509 ( .CER) and then cli c k Next.
2 Configuring CloudConnec t
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
17
Siemens AG 2019 All rights reserved
Figure 2-6
e. Under File Name, ent er the location where the server cert ifi c ate will be
saved, as well as the file name.
Figure 2-7
f. Click Next and then follow the remaining on-screen instruct ions to
complete the process .
2.4.2 Configur ing AWS IoT Cor e
Overview Following the succes sful r egistration wit h the Am azon Web Servic e (AW S), a
“thing” m ust be creat ed within AWS. T he thing def ines the cert ificat e and polici es
used to authent ic ate clients.
2 Configuring CloudConnec t
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
18
Siemens AG 2019 All rights reserved
NOTE A dedicated “thing” is required f or eac h device. AWS allows individual “thi ngs” t o
support m ultiple clients, but this is onl y recommended for t esting pur poses.
Task Defi ne a thingthat uses an X.509 c er tif icate.
NOTE AW S al so supports cert ificat es signed by a Cer tif icate Author ity.
Prerequisites
An AWS account
Procedure 1. Login t o the AWS por tal.
2. Under AWS services, search for “IoT Core” and then select the IOT core
option. The AW S IoT Console page appear s.
3. Register a new thing:
a. Select Manage fro m the menu.
b. O n the Manage page, click Regi st er a thin g.
c. Click Create a single thing.
d. On the Create a thing page, defi ne a nam e for the t hing and then click
Next.
e. O n the next page, cli c k Create Certificate. A certif ic ate, private key,
and public key are gener ated.
f. Download the t hr ee files. T hese are requir ed to lat er connect to the
cl oud servic e.
g. Click Activate to activate the certificate.
h. Click Done to c r eate the thing.
4. Def ine a polic y for the thing:
a. Navigate to Secure > Policies.
b. O n the Policies page, create a new polic y and giv e it a name.
c. Under Action, enter “iot:*”. Thi s i ndic ates that clients can subscribe
and publish to the thing.
d. Under Resources, enter “ *” . This indi c ates the thi ng is accessible t o all
cli ents who have access to the cer tif icate.
e. Select Allow.
f. Click Create to creat e the policy.
5. Attach the policy to the certificate:
a. Navi ga t e to Secure > Certificates.
b. Select Options next to the policy marked Active.
c. In the options, select Attach Policy, choose the policy, and then
click Attach.
6. O btain the broker address for the t hing:
a. Navigate to Manage > Th in gs and selec t t he new thing.
b. Select Interact. The li nk s required to acc ess the thing are displ ay ed.
c. Copy the HTT P S li nk /Rest API Endpoi nt and save it temporaril y ( e.g in
a text fi le). This l ink will be requi r ed to lat er c onfigure CloudConnect.
2 Configuring CloudConnec t
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
19
Siemens AG 2019 All rights reserved
2.4.3 Configuring Microsof t Azure IoT Hub
Overview Microsoft Azure all ows devices to c ommunicate wit h IoT Hub device endpoint s
using ei ther:
MQTT v 3.1. 1 on port 8883
CA-signed X.509 certificate and SAS tokens
This secti on describes how to configure an IoT Hub that will authent ic ate a devic e
using a self-signed X.509 c er tif ic ate.
NOTE A dedicated IoT Hub is requi r ed for eac h dev ic e.
Task Defi ne a Mi crosoft Azur e-specific profile v ia the CloudConnect serv ic e for the
RUGG E DCOM RX1400.
Prerequisites
A Microsoft Azure account
Procedure 1. Login t o the Mic rosoft Azure por tal.
2. Choose Create a resource, and then selec t Inte r ne t o f Thi ngs.
3. Create an I oT hub.
4. Define a unique name and resource gr oup for the IoT Hub.
5. F r om the dashboard, sel ec t t he IoT hub created in step 3.
6. Navigate to the IoT dev ic e ex plor er .
7. Click Add t o add a new device.
8. Under Device ID, assign a name to the device.
9. Under A ut he ntic a t i on Ty pe , select X.509 Self Sign ed.
10. If a Certificate Authority (CA) is being used, foll ow the instructions available at
https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-security-x509-get-
started#createdevice to use an X.509 CA c er tif ic ate.
11. G ener ate or use an existing self -si gned c er tif ic at e and set the pr imary and
secondary thumbpr int to the certificate’s thumbprint.
12. Click Save.
2.5 Configuring Cloud Profiles Within CloudConnect
Following t he succes sful r egistration wit h and configur ation of a cloud servi c e, a
profile m ust be c onfigured within CloudConnect .
2.5.1 Configuring CloudConnect for Siemens MindSpher e with
MindConnect IoT Extensions
Task Create a profile wit hin CloudConnec t for Siem ens MindSphere.
2 Configuring CloudConnec t
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
20
Siemens AG 2019 All rights reserved
Prerequisites
A RUGGEDCOM RX1400 with t he CloudConnec t applicati on installed and
configured
The serv er c ertificate obtai ned from Mi ndS pher e in Section 2.4.1, step 4
A remot e dev ic e with data poi nts configur ed in CloudConnect
Procedure 1. Login to the CloudConnect user interface as the admin user.
2. Navigate to Cloud Configuration - Profile.
3. Create a new profile and configure as follows:
Under Profile:
a. Enter and pr ofile name and then clic k Add.
Under Settings:
a. Set Cloud Provider to MindConnect IOT Extension.
b. Set Protocol to MQTT.
c. Select Enable Pr ofile.
Under MQTT Configuration:
a. Set MQTT version to v3.1.1.
b. Set Br ok er address to the URL of your Mi ndConnec t IOT Extension.
E xample: siedev.mciotextension.eu-central.mindsphere.io
c. If enc r y pted communication over TLS is not used, cl ear TLS and set
Broker por t to 1883.
d. If enc r y pted communication over TLS is used, set Brok er por t t o 8883,
select TLS, and then set TLS vers ion to TLS v1.2 .
e. Under Client ID, enter the name of the devic e that wil l be created in the
Mi ndConnec t IOT Extensi on.
f. Select Authentication.
g. Enter y our user name and password for the Mi ndConnec t I oT
Extension.
Note t he user name must be in t he form of {tenant}/{email}. For
example: siedev/john.doe@siemens.com.
h. Click Save.
Under Security Settings:
a. Choose the server c ertificat e ex por ted prev iousl y in Sect ion 2.4.1, step
4c.
Impor t the server certif ic ate.
b. Click Save.
Under Onboarding:
a. Under Device name, enter the sam e name ent er ed under Client ID
under the MQTT Configura tion settings. This nam e will be used for
creat ing a dev ic e in the MIndConnect I oT Extensi on after the
onboardi ng was completed. The Client ID must match the Client ID
entered in step e under MQTT Configuration above.
b. Click Save.
4. Click Save.
2 Configuring CloudConnec t
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
21
Siemens AG 2019 All rights reserved
5. Navigate to Data and Topics > Data Points and add one or m or e data point s
by enter ing a name, sel ec ting its data type, the operand, the DB num ber (if the
operant DB has been select ed) and the offset.
6. Conf igur e at least one t ri gger in CloudConnec t to send the data t o the cloud.
7. Add groups:
a. Navigate to Data and Topics > Topic Editor.
b. Add one or m or e gr oups.
NOTE By default , all groups hav e the t opic “s/us”. MindS phere supports only one topic,
unlik e other cl oud servic es.
NOTE Each data point can be assigned to a dif ferent group.
An at tribute value is required for each data point .
c. Assign each group t o a data point and enter the cor r ec t at tribut e. F or
ex am ple, setti ng the attri bute to “C” will c ause the data point to di splay a
temper ature in degr ees Cel si us.
NOTE Only change t he payl oad if the consequences are fully understood.
8. Selec t t he c or r ect payl oad. By default , t he payl oad form at f or MindConnect I oT
Ext ensi on will be used. Open the payload editor to select a diff er ent payload
from a series of av ailable templates or def ine a custom payload.
9. Click Apply Settings to apply the updated settings to CloudConnect.
CloudConnect will connec t to the configur ed c loud with it s confi gur ations.
Figure 2-8
For m or e information, refer to the RX1400 with CloudConnec t Conf igur ation
Manual.
2.5.2 Configuring CloudConnect for AWS
Task Create a profile wit hin CloudConnec t for AWS.
Prerequisites
A RUGGEDCOM RX1400 with t he CloudConnec t applicati on installed and
configured.
The certif ic ate, privat e key, and root CA required by AWS thing to aut henticate
CloudConnec t clients.
A Modbus or S7 remote devic e with dat a points configured in Cloud Connec t.
Procedure 1. Login t o the CloudConnect WebUI as the admin user.
2. Navigate to the Cloud Configuration – Profile.
3. Create a new profile and configure it as follows:
2 Configuring CloudConnec t
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
22
Siemens AG 2019 All rights reserved
Under Profile:
a. Enter and pr ofile name and then clic k Add.
Under General S ettings:
a. Set Cloud Provider to AWS.
b. Set S elect Protocol to MQTT.
c. Select Enable Profile.
Under MQTT Configuration:
d. Set MQ TT P r otoc ol version to v3.1.
e. Set Broker Address as the HTT P S li nk / Rest API Endpoint obtained
when creat ing the AWS thing.
f. Set Broker Port as 8883.
g. Select Clean Sessi on .
h. Select Enable TLS.
i. Set TLS Version to TLS v1.2.
4. Click Save.
5. O n the Security Settings tab, set the securi ty settings:
a. Import the AWS root CA certific ate as the server certificate.
b. Select Use MQTT Clien t Certifi cat e.
c. Impor t the AWS gener ated self -si gned cli ent certifi c ate.
d. Import the AWS generated self -si gned privat e key.
6. Click Save.
7. Under Data Topics Topic Editor in CloudConnect, add a new topic and then
assign dat apoints to t he topic.
8. Click Apply Settings to apply the updated sett ings. CloudConnect will connect
to t he c onfigured cl oud with it s confi gur ations.
Figure 2-9
For m or e information, refer to the RX1400 with CloudConnec t Conf igur ation
Manual.
2.5.3 Configuring CloudConnect for Microsoft Azure
Task Create a profile wit hin CloudConnec t for Mic r osoft Azure.
Prerequisites
A RUGGEDCOM RX1400 with t he CloudConnec t applicati on installed and
configured.
The DigiCert Baltimor e Root Certific ate required by the IoT Hub to secure the
connection. This certificate i s availabl e through the IoT Hub in the Mi c r osoft
Azure por tal under the Azure-iot-sdk-c reposi tory .
A Modbus or S7 remote devic e with dat a points configured in Cloud Connec t.
2 Configuring CloudConnec t
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
23
Siemens AG 2019 All rights reserved
Procedure 1. Login t o the CloudConnect WebUI as the admin user.
2. Navigate to Cloud Configuration Profile.
3. Create a new profile and configure it as follows:
Under Profile:
a. Enter and pr ofile name and then clic k Add.
Under General S ettings:
a. Set Cloud Provider to Azure.
b. Set S elect Protocol to MQTT.
c. Select Enable Profile.
Under MQTT Configuration:
a. Set MQTT Protocol version to v3.1.1.
b. Set Broker Address as the IoT Hub host name.
c. Set Broker Port as 8883.
d. Set Client ID to t he devi c e ID create in the IoT Hub.
e. Select Enable Authentication.
f. Set Username to {iothubhostname}/{device_id}/api-version=2016-11-
14, where {iothubhostname} i s the full CName of the IoT hub.
g. Leave Password bl ank to allow for aut hentication v ia the certif ic ate.
h. Select Clean Sessi on .
i. Select Enable TLS.
j. Set TLS Version to TLS v1.2.
Under Secu rity S et ting s:
a. Under the MQTT Server Certificate Manager, import the DigiCert
Bal timor e Root Certif icate.
b. Under the MQTT Client Certificate Manager, import the self-signed
cert ificate and priv ate key.
4. Click Save.
5. Under the Data Topics Topic Editor in CloudConnect , add a new topic wit h
the following name:
devices/{device_id}/messages/events/
6. Assign datapoi nts to t he topic.
7. Click Apply Settings to apply the updated sett ings to CloudConnec t.
CloudConnec t will connec t to the configur ed c loud with it s confi gur ations.
Figure 2-10
For more information, r efer to the RX 1400 with CloudConnect Configuration
Manual.
3 Online Diagnostics
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
24
Siemens AG 2019 All rights reserved
3 Online Diagnostics
CloudConnec t offer s a system diagnostic log under Maint e nance > On line
Diagnostics. The log pr ov ides import ant inf ormati on for system administr at ors.
The log is refr eshed automatically at a user-defined interval. It can also be
disabl ed, if desi r ed.
For more information, refer to the RX1400 with CloudConnect Configur ation
Manual.
Figure 3-1
4 Updating t he CloudConnect Applic ation
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
25
Siemens AG 2019 All rights reserved
4 Updating the CloudConnect Application
Updates to t he CloudConnec t applicati on ar e av ailable through S iem ens Customer
Support.
To updat e the CloudConnect applicati on, do the following:
1. O r der the updat ed CloudConnec t applicati on from Siemens Customer Support .
Instruc tions on how to download the file will be provided.
2. Download t he CloudConnec t VPE image.
3. I n the CloudConnect user i nterf ac e, navigate t o Maintenance > Sav ing a nd
Reset and then c lick Save to PC to backup the configuration file.
4. I n RUGG E DCOM ROX II :
a. Bac k up the configuration.
b. Stop the vir tual machine.
5. Remov e the mic r oS D/mic r oS DHC c ar d from the RUGGEDCO M RX1400.
6. Ac c ess the micr oS D/mic r oS DHC c ar d and delete the cc7 folder.
7. Add the image to the microSD/microSDHC card
8. I nsert the mic r oS D/mic r oS DHC c ar d into the RUGGEDCOM RX1400.
9. F ollow the instruc tions in the RUGGEDCOM ROX II User Guide f or adding a
virtual machine image and extracting a virtual machine archive.
10. Startup the virtual machine and then login to the CloudConnect user int erface.
11. Navigate to Maintenance > Saving and Reset and load the backup
configuration file.
5 Appendix
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
26
Siemens AG 2019 All rights reserved
5 Appendix
5.1 Troubleshooting
5.1.1 Online Diagnostics
The CloudConnect applicati on c ontains built in diagnostics to aid in troubleshooting
of setup and configuration. The online diagnostics can be accessed via the
Maintenance tab under Online Diagnostics,
Figure 5-1
The online diagnostics can be confi gur ed to updat e v ia the A utom a tic up da t e
selection.
5.1.2 Log Files
To aid in troubleshooting, a trac e log and security ev ent log can be ex por ted from
CloudConnec t t o assist Siem ens support wit h troubleshooting issues. These l og
files may be ex por ted from the Maintenance tab under Logging,
Figure 5-2
5.1.3 Connecting to the CloudConnect Linux Console
More advanc ed troubleshooting of networki ng issues may requir e ac c ess to the
Linux c onsol e under lyi ng the CloudConnect applicati on in the Vir tual Processing
5 Appendix
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
27
Siemens AG 2019 All rights reserved
Engi ne. This console can be acc essed from the RUGGEDCOM ROX II command
line interface usi ng the vm-console command:
ruggedcom# vm-console
The def ault cr edentials are
User: cl oudc onn
Password: cc 7+123
The following sudo commands are available for troubleshooting:
Using Cloud Con nect
service c c_ ad mi n *
service c iv et we b *
service n et wo rk in g *
Emergen cy Net wo rk Con f igu rat ion
chown cloudconn /e tc/network/inter faces
chown cloudconn /e tc/network/inter faces.d
chown cloudconn /e tc/network/inter faces.d/*
chown cloudconn /etc /resolv.conf
touch /etc/resol v.conf
touch /etc/network/interfaces
vi /etc/network /i nter fa ces
vi /etc/hosts
vi /etc/resolv. co nf
ip addr flush dev *
ifup *
ifdown *
Debian Updat es
apt-get update
apt-get upgrade
apt-get dist-upgrade
General
reboot
ifconfig *
ping *
mv /etc/localti me /etc/ lo caltime.ol d
rm /etc/localti me .old
mv /etc/localti me *
ln *
unlink *
date *
5.2 Service and Support
Indus t r y On line S up por t
Do you have any questions or need assi stanc e?
Si em ens Industr y Online Support off er s round the cl oc k access to our ent ire
servic e and support k now-how and portfolio.
5 Appendix
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
28
Siemens AG 2019 All rights reserved
The I ndustr y Online Suppor t is the central addr es s for inform ation about our
product s, sol utions and services.
Product inf ormati on, manuals, downloads, F A Qs, application examples and videos
all information is accessible with just a few mouse clicks:
https://support.industry.siemens.com/
Technical Support
The T ec hnic al S uppor t of Siemens Industr y pr ov ides you f ast and c om petent
support r egar ding all technic al quer ies with numerous tai lor-made offers
rangi ng from basic support to individual support c ontracts. P lease send queries
to Technical Support via Web form:
https://www.siemens.com/industry/supportrequest
SITRAIN Training for Industry
We support y ou with our globally av ailable training c ourses for industry with
pract ic al ex peri enc e, innovative learning m ethods and a concept that’s tailor ed to
the customer’s specific needs.
For m or e information on our off er ed trainings and cours es, as well as their
loc ations and dates, refer to our web page:
https://www.siemens.com/sitrain
Service off er
Our r ange of services i ncl udes the following:
Plant data services
Spare part s serv ic es
Repair serv ices
On-sit e and m aintenance servic es
Retrof itti ng and m oder niz ation services
Service programs and cont r acts
You can fi nd detailed inf ormati on on our r ange of services in the service catalog
web page:
https://support.industry.siemens.com/cs/sc
Industry Online Support app
You wil l r ec eiv e optimum support wherever you are with the " Si em ens Industr y
Online Suppor t" app. The app i s available for Apple iOS, Android and Windows
Phone:
https://support.industry.siemens.com/cs/ww/en/sc/2067
5.3 Links and Literature
Table 5-1
No. Topic
\1\ Siem ens Industry Onli ne Support
https://support.industry.siemens.com
\2\ Link to this entry page of this application exam ple
5 Appendix
Getting Started with RUGGEDCOM CloudConnect
Entry-ID: 109763521, V1.0, 02/2019
29
Siemens AG 2019 All rights reserved
No. Topic
\3\ RUGGEDCOM RX1400 Inst all a tion Guide
https://support.industry.siemens.com/cs/ww/en/view/109480955
\4\ RX1400 with CloudConnect Configuration Manual
( Available vi a the Cloud Con nect user int erface)
\5\ RUGGEDCOM ROX II User Gui d es
( Available vi a Si emens Industry Online Support website)
5.4 Change Documentation
Table 5-2
Version Date Modifications
V1.0 02/2019 First version