App Store Wiki

Rabbit MQ supports secure and reliable server-to-server communication, making it the ideal utiliy for Data Core to employ for process data transfer.

In the following example we consider a network architecture consisting of a source server and a destination server.

1. A Data Core Node on the source server subscribes to real-time tag-values from a SCADA system (via OPC or Modbus).
2. Data Core writes the tag-values to a local RabbitMQ queue.
   1. RabbitMQ is configured to persist messages, meaning data can survive a server shutdown.
3. RabbitMQ pushes encrypted data (messages) downstream to the RabbitMQ queue on the destination server.
   1. Data in transit is encrypted using TLS.
4. The destination RabbitMQ responds with an ack when the message is successfully enqueued.
   1. The upstream RabbitMQ server will only dequeue the message on reciept of an ack. This provides resiliance to network outage.
   2. App Store Connect on the destinations server reads the message from the queue and archives the tag value to IP Historian

Before we can commence with configuring Data Core, we must prepare the servers and Rabbit MQ for secure communication.

1. Install RabbitMQ

Refer to RabbitMQ

2. Configure Firewall Rules

Firewall rules must be configured on the destination/downstream server to allow for incoming messages.

Open Windows Defender Firewall and configure two new Inbound Rules:

The AMQP rule should only be employed for testing and can be disabled when not required. We also recommending resticting access to the above rules by specifying the permitted “Remote IP Address” scope.

3. Create a RabbitMQ User

A new user must be defined on the destination/downstream RabbitMQ server. The source will use this for authorization.

• Open RabbitMQ Administration UI (http://localhost:15672/)
• Select Admin > Users
• Add User
  • Name: data_transfer_user
  • Password: <you decide>
  • Allow read/write permissions on required queues

4. Create a Self-Signed CA Certificate

The certificate is used for TLS encryption.

Create folder:

C:\Program Files\RabbitMQ Server\certs

and add the following certificate files:

• ca.crt - the certificate authority (must be trusted)
• downstream-rabbitmq.crt - the server certificate
• downstream-rabbitmq.key - the public key

5. Create RabbitMQ Configuration File

Create file:

%ProgramData%/RabbitMQ/rabbitmq.conf

Add the following settings:

listeners.ssl.default = 5671
ssl_options.cacertfile = C:/Program Files/RabbitMQ Server/certs/ca.crt
ssl_options.certfile   = C:/Program Files/RabbitMQ Server/certs/downstream-rabbitmq.crt
ssl_options.keyfile    = C:/Program Files/RabbitMQ Server/certs/downstream-rabbitmq.key
ssl_options.verify     = verify_none
ssl_options.fail_if_no_peer_cert = false

6. Restart RabbitMQ windows service

The above configuration will not take effect until the service is restarted.

1. Install RabbitMQ

Refer to RabbitMQ

NB. Include the optional “RabbitMQ Shovel plugin” step.

2. Add Certificate Trust

Create folder:

 C:\Program Files\RabbitMQ Server\certs
 

and add the following certificate files:

• ca.crt - the certificate authority

3. Create RabbitMQ Configuration File

Create file:

%ProgramData%/RabbitMQ/rabbitmq.conf

Add the following settings:

ssl_options.cacertfile = C:/Program Files/RabbitMQ Server/certs/ca.crt

4. Restart RabbitMQ windows service

The above configuration will not take effect until the service is restarted.

5. Configure RabbitMQ Shovel

Select Admin > Shovel Management > Add a new shovel

Complete the form as follows:

On the source server, we'll need to configure the following components:

1. A RabbitMQ producer (writing items onto the queue)
2. A Data Stream (reading items from a data source to the queue)

To be continued…