Configuring transmission of data from Kaspersky IoT Secure Gateway 100 to Siemens MindSphere

Kaspersky IoT Secure Gateway 100 receives data from industrial facilities residing within the internal enterprise network and forwards that data to the Siemens MindSphere cloud platform.

Siemens MindSphere is a cloud platform that was developed by the company Siemens to receive and analyze industrial data from the Internet of Things (IoT). The Siemens MindSphere cloud platform saves and analyzes all types of industrial data received from industrial facilities. You can use this information to optimize industrial processes.

The Siemens MindSphere component known as MindConnect Lib agent is used to transfer data from Kaspersky IoT Secure Gateway 100 to the Siemens MindSphere cloud platform.

Kaspersky IoT Secure Gateway 100 uses the following folders to store the information necessary for transmitting data to the Siemens MindSphere cloud platform:

• /app/Core/pki/certs/transfer/mind_sphere/agent/ – folder in the TGW-HW-IDS section of the SD card for storing the certificate from the Siemens MindSphere Certificate Authority. The certificate file in this folder must be named mindsphere.io.
• /app/Core/config/transfer/mind_sphere/agent/ – folder in the TGW-HW-IDS section of the SD card for storing files containing the settings for connecting to the Siemens MindSphere cloud platform.
• /app/Core/data/transfer/mind_sphere/credentials/ – folder in the TGW-HW-EDS section of the SD card for storing files containing registration data for gaining access to the Siemens MindSphere cloud platform.

You can use the MindSphereAgentSettings-0.json configuration file to configure the settings for transmitting data from Kaspersky IoT Secure Gateway 100 to the Siemens MindSphere cloud platform.

Prior to configuring these settings, you must obtain the Siemens MindSphere registration data by using the tools of the MindConnect LIB plugin. For detailed information on receiving registration data using the tools of the MindConnect LIB plugin, please refer to the MindSphere documentation. Below is an example of MindConnect LIB registration data.

Example of MindConnect LIB registration data: { "content": { "baseUrl": "https://southgate.eu1.mindsphere.io", "iat": "eyJraWQiOiJrZXktaWQtMSIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJpc3MiOiJTQ0kiLCJzdWIiOiIzYTk5MGVjMTJmZDk0YThlODFmNWYxMWRmOGE2MzRkOSIsImF1ZCI6IkFJQU0iLCJpYXQiOjE1NjUwMTAwMTUsIm5iZiI6MTU2NTAxMDAxNSwiZXhwIjoxNTY1NjE0ODE1LCJqdGkiOiJjMzUwNDVjOS01NjZhLTRlYTAtOTA1ZC0yNjc3OTFjMjc5NDIiLCJzY29wZSI6IklBVCIsInRlbiI6ImFwcm90ZWNoIiwidGVuX2N0eCI6Im1haW4tdGVuYW50IiwiY2xpZW50X2NyZWRlbnRpYWxzX3Byb2ZpbGUiOlsiU0hBUkVEX1NFQ1JFVCJdLCJzY2hlbWFzIjpbInVybjpzaWVtZW5zOm1pbmRzcGhlcmU6djEiXX0.R7o__AdSAG1noXUS1oFhS34oihkMS56Gjm4o7nmDe87kvNECqalt77ioTE-C781RRabMRrNpPcOZxucv4n9jIpIZjUx9owGNXT0g-zYb8HYjB13HSvOBZW2_wmPLthxYEFlHU1dqi8ThPtcNE0CXi-LPlEpm8CLFStE0uRn5N9kM29b0ti90xOrvuk5a1Rue2rdpe3laJiv9JgQ0r4zANZAw88ScjwvcRDySJ5f2eRpJRoqWYdGA-g6s5aScQNlGJy7yNXx-npuHjbIQx58Mql3cWIGpCrVW4RLP-Y8tujBpRx3W7kWDp9pyb04RY13jCB8p-GdJY7f60F2cKzVzhQ", "clientCredentialProfile": [ "SHARED_SECRET" ], "clientId": "3a990ec12fd94a8e81f5f11df8a634d9", "tenant": "aprotech" }, "expiration": "2019-08-12T13:00:15.000Z" }

To configure the settings for transmitting data from Kaspersky IoT Secure Gateway 100 to Siemens MindSphere:

1. Create a MindSphereAgentSettings-0.json configuration file and put it in the folder /app/Core/config/transfer/mind_sphere/agent in the TGW-HW-IDS section of the SD card.

   All of the actions described next are performed within the MindSphereAgentSettings-0.json file.

2. To correctly route data from industrial equipment to the MindSphere repository, specify the ID and name of the MindSphere agent that will be used to transmit data to the cloud:
   1. In the mandatory id parameter, specify the ID of the MindConnect LIB agent. For example, "id": 0.
      

      The MindConnect LIB agent ID is assigned by the administrator when configuring data transmission. The value of this parameter must match the value of the sendingHubId parameter in the GuideSettings-0.json configuration file.

   2. In the mandatory name parameter, specify the name of the MindConnect LIB agent. For example, "name": "Kaspersky IoT Secure Gateway 100 MindSphere Agent".
3. If necessary, you can provide a description of this client in the optional description parameter for convenient accounting and to make it easier to read the configuration. For example, "description": "Transfer data to MindSphere by Kaspersky IoT Secure Gateway 100".
4. In the mandatory boardingConfiguration settings block, enter the registration data that was received using the tools of the MindConnect LIB plugin. An example of MindConnect LIB registration data is provided below.
5. If you need to use a proxy server to transmit data from the MindSphere agent to the cloud, enter the following data in the optional proxySettings settings block:
   1. In the type field, specify the connection type as HTTP: "type": "HTTP".
   2. In the host field, specify the IP address of the proxy server that will be used for the connection. For example, "host": "192.168.188.1".
   3. In the port field, specify the port of the proxy server that will be used for the connection. For example, "port": 3128.

   The type, host and port fields must be completed if the proxySettings block is not empty.

6. To configure custom settings for grouping by timestamp, provide the following data in the optional limits settings block:
   

   The Siemens MindSphere cloud platform repository receives and saves data with a timestamp. The Siemens MindSphere cloud platform overwrites old data with new data if the data in a new request is received with the already existing timestamp of the old data. To reduce the risk of data overwrites, Kaspersky IoT Secure Gateway 100 provides the capability to set a timeout for data elements that have an identical timestamp (itemGroupTimeout). It also lets you regulate data transfer to the cloud by controlling the size of a time series (maxTimeseriesSize, maxHttpPayloadSize) and the size of the temporary repository (maxStorageSize) in the limits settings block.

   1. In the maxStorageSize field, specify the maximum number of items that will be stored in the ring buffer of Kaspersky IoT Secure Gateway 100. For example, "maxStorageSize": 90000. The default value is 90000, and the minimum value is 1.
   2. In the itemGroupTimeout field, specify the timeout (in seconds) of data items with the same timestamp. For example, "itemGroupTimeout": 5. The default value is 5, and the minimum value is 0.
   3. In the maxTimeseriesSize field, specify the maximum number of data items in one time series. For example, "maxTimeseriesSize": 64. The default value is 64, and the minimum value is 1.
   4. In the maxHttpPayloadSize field, specify the maximum size of an HTTP request (in bytes) sent to MindConnect Lib. For example, "maxHttpPayloadSize": 16384. The default value is 16384 Kb, the minimum value is 400, and the maximum value is 10485760.

   If you skip configuration of grouping by timestamp, the default values will be set for the fields in the limits settings block.

7. In the mandatory dataPoints settings block, enter the following data for each data point created in the MindSphere cloud platform:
   

   The ID and name of data points are required for building routes and transmitting data from industrial equipment to the Siemens MindSphere cloud platform repository. A data point in the Siemens MindSphere cloud platform is used to write and store single values of a physical magnitude measured by the source (industrial equipment) at a specific moment in time.

   1. Enter the data point ID in the id field. For example, "id": 0.
   2. Specify the data point name in the name field. For example, "name": "Heartbeat".

      The name of the data point in the MindSphere cloud platform must match the name of the date node of the OPC UA server that you indicated in the nodes settings block in the OpcUaClientSettings-0.json configuration file.

   3. In the dataPointId field, enter the ID of the data point defined in MindSphere. For example, "dataPointId": "1625019234863".

      You can use the tools of the MindConnect LIB plugin to obtain the data point ID for this data point in MindSphere. For detailed information on obtaining a data point ID using the tools of the MindConnect LIB plugin, please refer to the MindSphere documentation.

8. Save the changes in the MindSphereAgentSettings-0.json file.

The settings defined in the MindSphereAgentSettings-0.json file will be applied the next time Kaspersky IoT Secure Gateway 100 is started.

Kaspersky IoT Secure Gateway 100 will receive data from monitored objects within the internal network of your organization and forward that data to the Siemens MindSphere cloud platform.

Page top