LucidIoT Secure MQTT Client
The LucidIoT network I/O module is a flexible IoT input output solution for analog and digital signals. It acquires and controls up to 16 mixed digital and analog I/O signals.
In this article we describe how LucidIoT IO functions can be controlled by MQTT and applications like Home Assistant, a popular smart home automation application.
The LucidIoT Cloud MQTT client function provides connectivity to MQTT servers (data brokers) like Amazon AWS, Google IoT or Eclipse Mosquitto.
By using the MQTT protocol it is possible to exchange measured analog I/O values like 5V, 0-10V, 24V voltages or 4-20mA currents between LucidIoT and any application that has access to a MQTT server.
The application can also make use of digital I/O values supported by LucidIoT. Values like digital states of sensors or counters can be published to an server, in reverse subscribed topics can control the state of a a IoT relay.
The LucidIoT MQTT client is compatible with MQTT 3.1.1 specifications and supports security functions necessary in order to connect to cloud services.
The MQTT client can periodically publish acquired data (e.g. digital states, voltages or temperatures) as topic to a server. Topics can also be subscribed from a server and control LucidIoT outputs like currents or digital states.
Configuration of Secure Cloud Connection
The LucidIoT MQTT Client can be configured by the embedded web server.
In the Connection section, the address of the MQTT sever and the TCP/IP port (1883 for not secured, 8883 for secured connection) can be specified.
When LucidIoT connects to a secure MQTT server, the server identifies itself with its certificate. A server can offer multiple virtual MQTT servers all running at the same IP address. When Endpoint name is set, the MQTT client sends the SNI (Server Name Indication) extension in its Client Hello TLS handshake message. With the SNI set, the server can return the appropriate server certificate for the client.
Some MQTT servers (e.g. Amazon AWS IoT) require presence of SNI Extension.
The Options section contains parameters controlling the MQTT Client behaviour. It can be enabled for IPv4 and/or IPv6 addresses and.
The DNS option specifies if dynamic addresses should be resolved. This is mandatory if the parameter Server contains a network name (e.g. a local server names or a web address).
MQTT connections can be made persistent. Persistent sessions are saved on the MQTT server and the are restored when the client connects.
The section LWT configures the Last Will and Testament function. If the Cloud Client disconnects from the server, the server publishes the last will message to the last will topic.
In the Login section server login data are specified.
The Security section provides configuration parameters necessary for TLS secured connection. The parameter Auth Mode configures the authentication procedure:
Authenticaton | |
Disable | Authentication disabled, unencrypted communication |
Server | Client checks server certificate.
This Authentication mode requires a valid CA or intermediate certificate. |
Server + Client | Client checks server certificate and server checks client certificate. (2-way authentication).
This authentication mode requires client certificate, CA or intermediate certificate and private key. |
The configuration parameters Certificate ID, CA ID and Private Key ID refer to the secure memory section of the IoT controller with the certificate and key information.
The section State gives information about the functionality of the MQTT Client. It shows if the MQTT service is running and if the client is connected to the MQTT server.
In the example the Module State CONNECT_PND indicates that the connection is pending. In the Login section MQTT server login data are specified. The reason is that the MQTT server DEC-PC-1 was not started. After starting it, the MQTT client connects and Module State changes to CONNECTED.
Publish and Subscribe Topics
The LucidIoT MQTT client can subscribe or publish up to 16 topics.
Each topic is linked to a Value Id which represents an I/O channel. I/O values are formatted according to the Format setting before they are published, subscribed topics must be in an appropriate format.
The Format depends on the function type of the up to 16 I/O channels:
- Digital input
- Digital output
- Analog input
- Analog output
- RTD Temperature input
Topics of the type Publish are transmitted periodically within the configured PubInt interval.
Topics of type Subscribe or Publish have a QOS (Quality of Service) parameter specifying the reliability of the transmission.
The Retain flag defines if the sever should save the last published value.
The example above shows the first 3 topics of a LucidIoT module with 8 digital outputs (Value Id 0 to 7) and 8 RTD temperature input channels (Value Id 8 to 15).
Topic 0 subscribes the topic name Valve and links it to Value Id Ch 0 (the first digital output channel). It specifies the Format so that the received payload value “On” switches the output to on-state and payload value “Off” switches the output to off-state.
Topic 1 publishes the topic name OfficeTemp periodically once per second. The Value Id configures I/O Channel 8 to be published. Value Id 8 refers to the first RTD input of the LucidIoT module. Format specifies that the I/O value is transmitted as Temperature in °C. If a temperature of 20.1 °C is measured the published payload is “20.1”. QOS value of 2 ensures that the value is exactly transmitted once.
This example can for example be used in order to switch a valve on when a set-point temperature was reached and clear the valve if the measured temperature is below the set-point.