This is an old revision of the document!
Table of Contents
Enable Resilient Data Transfer with RabbitMQ
Rabbit MQ supports secure and reliable server-to-server communication, making it the ideal utiliy for Data Core to employ for process data transfer.
In the following example we consider a network architecture consisting of a source server and a destination server.
- A Data Core Node on the source server subscribes to real-time tag-values from a SCADA system (via OPC or Modbus).
- Data Core writes the tag-values to a local RabbitMQ queue.
- RabbitMQ is configured to persist messages, meaning data can survive a server shutdown.
- RabbitMQ pushes encrypted data (messages) downstream to the RabbitMQ queue on the destination server.
- Data in transit is encrypted using TLS.
- The destination RabbitMQ responds with an ack when the message is successfully enqueued.
- The upstream RabbitMQ server will only dequeue the message on reciept of an ack. This provides resiliance to network outage.
- App Store Connect on the destinations server reads the message from the queue and archives the tag value to IP Historian
Getting Started
Before we can commence with configuring Data Core, we must prepare the servers and Rabbit MQ for secure communication.
Destination Server Preparation
1. Install RabbitMQ
Refer to RabbitMQ
2. Configure Firewall Rules
Firewall rules must be configured on the destination/downstream server to allow for incoming messages.
Open Windows Defender Firewall and configure two new Inbound Rules:
Name | Description | Port |
---|---|---|
AMQP | Advanced Message Queue Protocol - employed by RabbitMQ | 5672 |
AMQPS | Advanced Message Queue Protocol Secure - employed by RabbitMQ | 5671 |
The AMQP rule should only be employed for testing and can be disabled when not required. We also recommending resticting access to the above rules by specifying the permitted “Remote IP Address” scope.
3. Create a RabbitMQ User
A new user must be defined on the destination/downstream RabbitMQ server. The source will use this for authorization.
- Open RabbitMQ Administration UI (http://localhost:15672/)
- Select Admin > Users
- Add User
- Name: data_transfer_user
- Password: <you decide>
- Allow read/write permissions on required queues
4. Create a Self-Signed CA Certificate
The certificate is used for TLS encryption.
Create folder:
C:\Program Files\RabbitMQ Server\certs
and add the following certificate files:
- ca.crt - the certificate authority (must be trusted)
- downstream-rabbitmq.crt - the server certificate
- downstream-rabbitmq.key - the public key
5. Create RabbitMQ Configuration File
Create file:
%ProgramData%/RabbitMQ/rabbitmq.conf
Add the following settings:
listeners.ssl.default = 5671 ssl_options.cacertfile = C:/Program Files/RabbitMQ Server/certs/ca.crt ssl_options.certfile = C:/Program Files/RabbitMQ Server/certs/downstream-rabbitmq.crt ssl_options.keyfile = C:/Program Files/RabbitMQ Server/certs/downstream-rabbitmq.key ssl_options.verify = verify_none ssl_options.fail_if_no_peer_cert = false
6. Restart RabbitMQ windows service
The above configuration will not take effect until the service is restarted.
Source Server Preparation
1. Install RabbitMQ
Refer to RabbitMQ
NB. Include the optional “RabbitMQ Shovel plugin” step.
2. Add Certificate Trust
Create folder:
C:\Program Files\RabbitMQ Server\certs
and add the following certificate files:
- ca.crt - the certificate authority
3. Create RabbitMQ Configuration File
Create file:
%ProgramData%/RabbitMQ/rabbitmq.conf
Add the following settings:
ssl_options.cacertfile = C:/Program Files/RabbitMQ Server/certs/ca.crt
4. Restart RabbitMQ windows service
The above configuration will not take effect until the service is restarted.
5. Configure RabbitMQ Shovel
Select Admin > Shovel Management > Add a new shovel
Complete the form as follows:
Name | Data Core Tag Values |
---|---|
Source | AMQP 0.9.1 |
URI | amqp:/ / |
Queue | data_core.tag_values |
Prefetch count | |
Auto-delete | Never |
Destination | AMQP 0.9.1 |
URI | amqps:/ /data_transfer_user:<password>@<servername or ip> |
Queue | data_core.tag_values |
Add forwarding headers | No |
Reconnect delay | |
Acknowledgment mode | On confirm |
Configure Data Core (Source Server)
On the source server, we'll need to configure the following components:
1. A RabbitMQ producer (writing items onto the queue) 2. A Data Stream (reading items from a data source to the queue)
Configure App Store Connect (Destination Server)
To be continued…