Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Learn how to use the full version of MobiusFlow
You can use the backup and restore feature to backup the full configuration of a MobiusFlow instance, and to restore the configuration of a MobiusFlow instance to a previously saved backup.
In summary, all configuration data of a MobiusFlow instance can be stored within a single .zip file. This means the current configuration of any MobiusFlow instance can be backed up by simply downloading this backup file and saving it in a safe location of your choice. Similarly, the configuration of any MobiusFlow instance can restored by uploading one of your previously saved backup files.
All backup and restore functionality is accessed through the 'Backup/Restore' menu located on the 'Administration' Tab.
On the 'Backup/Restore' menu, you can create a backup by clicking 'Backup'.
Giving the backup an appropriate name is recommended. In the above example, the name 'example-backup' has been set. The system will automatically append date/time information to the file name.
Once the backup file has been created, click 'Download Zip' to download it.
Alternatively, the you can click 'Request new backup' to return to the previous menu and generate an updated backup file.
Be sure to save your backup file in a safe location! There is nothing worse than not being able to find a much needed backup file.
The restore feature is particularly useful if you want to copy a MobiusFlow configuration onto to other MobiusFlow instances, however it also useful if you've managed to break everything.
The 'Backup/Restore' menu is also used for restoring. You can restore by first clicking 'Upload Zip' and then browsing to the .zip backup file you previously saved in a safe place.
Once uploaded, the menu will show the backup information as well as allowing you to click 'Restore'.
Accept the a confirmation dialog to proceed.
You will be notified that the restoration process has started and then MobiusFlow will then reboot, completing the restore process.
Congratulations for completing your restore!
Within a MobiusFlow system all hubs, services, objects and resources are identified by a unique address known as a Uniform Resource Identifier or URI. These URIs are hierarchical so given the URI for a Mobius resource it is possible to identify which object the resource belongs to, what the object type is, which service the object belongs to and which Mobius node the service is running on.
An object’s URI (or name) is defined in 4 parts, namely the hub ID (HID), service ID (SID), object profile ID (PID) and instance number (INS). A fifth part is added when accessing a specific resource, the resource ID (RID).
Each part of an object’s URI is a hexadecimal uppercase string of a defined length (as shown in the table below). The URI’s parts are separated with a forward slash (/).
A full URI is typically defined as HID/SID/PID/INS/RID.
It is possible to address any part of the system by only using the required parts of the URI. e.g. to address a service only the first two parts of the URI are used HID/SID and to address an object only the first four parts are used HID/SID/PID/INS.
URI Section
Length
Example
Description
HID
6
000001
The Mobius Hub or node ID. This should be unique within a MobiusFlow system.
SID
3
01F
The microservice ID. This must be unique for all services on a single node.
PID
4
003A
The object's profile ID. This describes the objects type. Object profiles determine what resources an object has available.
INS
4
0001
The object's instance number. This is unique for each object of a specific type belonging to a service.
RID
2
40
The resource ID
An example of an object URI for an object of instance 1, profile 3A, created by service 1F connected to hub 1 is:
000001/01F/003A/0001
and if addressing resource 40 on that object the full URI would be:
000001/01F/003A/0001/40
Under certain conditions, such as subscribing to a resource’s change of value event, it is possible to use wildcards in the URI. These wildcards are described in the table below and follow the MQTT standard.
Wildcard
Meaning
Example
+
Any value in this location
000001/+/003A/+/40
#
Any value in this location and all subsequent locations
000001/01F/#
MobiusFlow is a software platform designed for control and monitoring of sensors and actuators in simple (single instance) or complex (multiple instances working together) systems (see Mobius Overview for more info). It has a microservice based architecture where each microservice can contain both application logic and object state. Object types are predefined and contain any number of resources which represent the values associated to an object’s attributes (e.g. a temperature sensor may contain resources for Name, Location, Temperature etc.). A MobiusFlow node (a single instance of the software) contains a central hub and one or more microservices. All microservices contain an MQTT client and communicate with each other via the hub which is an MQTT broker. The broker is responsible for authenticating the services when they connect. The TCP/IP port used for internal MQTT comms is normally firewalled off to prevent any external traffic and all messages passed between microservices are encoded using JSON Web Token (JWT) to ensure message integrity. If communication is required between Mobius nodes, a Mobius router is added to the configuration. This is a special microservice which handles external traffic between Mobius nodes. All traffic passed through a router is encoded with JWTs using pre-shared keys (PSKs) specifically for this purpose ensuring that no internal PSKs leave a Mobius node. External traffic is also MQTT based and can be secured with TLS if required. One of the most important part of MobiusFlow is the “ Mobius protocol” over MQTT. This is a predefined set of MQTT topics based around the Mobius object URIs which allows “two way point to point” messaging via MQTT. This means that Mobius nodes and microservices can discover other nodes, services, objects and resources and microservices can read and write resource values on objects belonging to any other microservice on any node within a Mobius system. In addition to reading a writing, a microservice can subscribe to object or resource level change of value (COV) messages. The MobiusFlow protocol is similar to the LWM2M protocol but over MQTT.
The Mobius architecture is designed to allow efficient communication for IoT Devices whilst providing structure and definable trust boundaries.
There are 2 ways to move messages to and from a mobius node one is via the mobius router designed for this task, and preserving the integrity of the the message within the node. the other is with a dedicated service, this breaches that integrity to a degree but may be desirable and even necessary in some situations.
With Each node consisting of the base of a hub and one or more services, and optionally routers. If for the purpose of this initial discussion assume that the services are only communicating with local hardware, or handling logic, therefore having no mechanism for communicating off of the local hardware. We will discuss how this can be achieved later on.
As the hub is created a pre-shared key (psk) file is generated, these can also be changed using the configuration service. each valid service must have a copy of its psk, to successfully authenticate with the hub. The hub will have the corresponding psk in its psk file. This key is used as a secret key as part of a JSON Web Token (JWT).
When a service connects to a hub it uses the MQTT built in username / password authentication. The MQTT username is the service's profile ID (PID) and service (SID) 001F/01F and the MQTT password is a JSON object containing the services PID and SID with a timestamp which is then converted into a JWT (JSON Web Token). The time stamp ensures tight time synchronisation is a requirement and provides greater integrity.
If the service signs its JWT with the same psk as is stored in the hub's psk file it will successfully complete the authentication process to the hub. On doing this it will be sent a copy of the hubs psk file, giving the service the ability to the received directly signed messages from authorised services.
After successful authentication the service will have a copy of the psk of all services that are authorised to communicate through the hub. The service will then with no further action from the hub be able to validate the authenticity and integrity of messages that have come from a service on the same node.
Once passing traffic the MQTT message will consist of:
the JSON Web Token will also carry the topic, the message payload itself, and a timestamp this will all be hashed along with the service own key creating a HMAC to allow integrity checking:
The time stamp will allow for the message to have a validity life span that can be configured for all services connected to the hub. Internally all messages will be signed in this way and therefore provide a high degree of integrity to the internal communication.
Services may be intentionally created to connect to external interfaces such as a service the connects to remote I/O via TCP/IP or an Azure IoT hub Client, if it is desired to configure a node in this scenario, it is recommended to utilise two interconnected nodes one that handles the external communications and one that handles the more trusted internal communication, the nodes could exist on the same hardware. doing so would allow the creation of multiple trust boundaries
Although as just discussed it is not impossible to create service that communicate to external interfaces, it is not recommended to use these on the same node as it compromises the integrity of the node. It is preferable to utilise a known route into and out from the node, it is recommended that this route is a mobius router.
Routers are split into two parts, one side of the router communicates internally with its associated hub and all of the services within a node, while the other side of the router communicates externally through a 'no-mans' broker to other routers on other nodes. All external communication is done using MQTT over the WebSocket protocol. This could be done over a secure or non-secure connection (ws:// or ws s://).
The internal side of the router acts in exactly the same way as a service, but will automatically subscribe to all messages from every other service within that node.
The external side of the router will have the ability to sign its messages in the same fashion as the services do for internal communication, it will have two pre shared keys and internal or service psk and an external psk.
To allow router to validate the authenticity and integrity of messages form other routers, the external psks will be required to be manually shared between all the routers that want to take part in this communication. the result is that the external psk file will contain the keys of all authorised routers and therefore nodes.
This communication is done over the WebSocket protocol as it reduces the need to configure firewalls to allow MQTT communication. node peering is best used in an enclosed environment where there is a high degree of confidence in the integrity of the network with which the communication is taking place. This is like to require the input of network and cyber security professionals.
Node Peering will require the provision of a MQTT broker capable of using MQTT over WebSockets. this will be a function that will be optionally provided by the mobius router.
In larger deployments of nodes peering may not be viable because of the administrative overhead, or there may be low confidence in the network integrity. there may also be a require to not only ensure Authenticity and Integrity of messages, but also confidentiality.
to achieve this the nodes should utilise WebSockets over Transport Layer Security (TLS), this is in fact simply a HTTP upgrade in the same way WebSockets are used, on a HTTPS connection
In this case it will almost always be easier to provide the node with access to the public internet where things like server name resolution and certificate control are well practised and understood.
Due to the large complexity in provisioning the system in this scenario, It is envisaged at this stage that IAconnects will provide the service that provides the functions of the architecture shown above.
The ports in used by Mobius Gateways. These are for services that can be hosted on the Gateway.
The physical gateways fleet management and remote connectivity service require outbound access to these services
The MobiusFlow software has been developed as an MQTT object bus which normalises all device data into standardised MobiusFlow objects which allow interoperability between all devices either real or virtual in the field or Cloud.
MobiusFlow enables actuators, sensors & controllers to connect, control and communicate with each other and to the Cloud so that IoT solutions using scalable monitoring, visualisation and predictive analytics can provide valuable insights into your business and act upon them automatically.
A complete control and communications platform
Microservice based architecture
Secure, open protocol based on MQTT
Scalable to 1000s of devices
Platform and language independent
Does not depend on a network connection for local control
Provides full discovery of nodes, objects and resources in all directions
Pub / Sub change of value notifications
All sensor and actuator data is normalised from any source such as / / / / LoRaWAN / Analog / Digital etc.
MobiusFlow has been designed from the ground up as a micro service based design with a simple but common set of API commands. All communication between micro services is performed using the MQTT protocol, ensuring that micro services can be written in any programming language and will run on any device capable of TCP/IP network communications. The only requirement for any MobiusFlow system is that it contains at least one Node. This Node consists of a MobiusFlow Hub which initiates and facilitates communication between micro services in a secure way. Micro services can run on the same device as the Hub, or on another device such as a temperature sensor, connected to the Hub via a connection capable of transmitting via TCP/IP (provision has been made for future expansion, by adding translation services, to allow micro services to communicate with the Hub over any transmission medium capable to transmitting binary data).
Each Node is typically a stand-alone island which does not require any connection to any other device in order to perform local control. Nodes can be connected together via secure MobiusFlow Routers allowing the creation of a network of interconnected Nodes. When used in this configuration, Nodes can share data with each other and influence the control algorithms running on any connected Node.
Vanilla MQTT has some limitations in its usefulness as a peer to peer messaging and control protocol. It is based around the Publish / Subscribe pattern which is ideal where multiple devices are sending data to a single end point for logging etc. MQTT can be used where devices or services need to have a two way peer to peer flow of communication but the different services need to be aware of each other at design time. MobiusFlow defines a protocol layer above MQTT which enables discovery of devices and services at runtime and then allows two way peer to peer communication to take place, ensuring that new devices and services can be added at any time without having any design time knowledge of the other devices and services in a system.
80
http
TCP
443
https
TCP
502
modbus
TCP
not enabled by default, only on physical gateway
1883
mqtt
TCP
not enabled by default
4840
opc-ua
TCP
not enabled by default, only on physical gateway
8883
mqtts
TCP
not enabled by default
8443
http / https
TCP
Engine RESTful API
30815
mqtt
TCP
mobius sensor gateway
53
UDP
DNS: used by devices to resolve hostnames for connection to the service
123
UDP
NTP: used by devices to synchronize time
443
TCP
HTTPS: used by devices to poll for updates and to download application and host OS updates. OpenVPN: used by devices to provide real-time status and control
A typical MobiusFlow system consists of a single or multiple MobiusFlow nodes connected together via a TCP/IP network. Each node is capable of operating independently of the rest of the system, but nodes can interact with each other to form a complex system. All node interaction takes place through one or more brokers via a node’s router.In a multi-node system, the location of the broker is not important. It can reside on the same device as one of the nodes or on an independent device.
Each node is classed as, and exhibits the behavior of, an edge computing device. In this context edge devices are not only field devices but could also be on the edge of a server or cloud server providing the server with connectivity to all of the true edge or field devices.
A Mobius node consists of a central Mobius hub, one or more Mobius services and optionally one or more Mobius routers.
Services contain the service logic and an object data store. Connections to sensors, actuators and other communication interfaces such as Modbus or BACnet can be added depending on the service’s purpose and controlled through the service's logic.
The object data store models the physical or virtual connections and provides a standardised method for services and other nodes to communicate and share data with each other through Mobius objects.
All of the communications between services through the hub or nodes through routers and brokers is based on the MQTT protocol. The MobiusFlow protocol has been defined on top of this MQTT protocol providing a well-defined API enabling different physical devices and protocols to communicate with each other in a consistent way.
Mobius nodes follow the microservice architecture pattern, where each service is a stand-alone process capable of communication with other microservices creating a large application from small manageable pieces.
Routers are used to cross node boundaries. They provide a secure mechanism for nodes to share data using the MobiusFlow protocol.
The logical structure of a node is detailed below. This diagram shows the hierarchical relationship between all of the parts which make up a node and how objects contain resources, services contain objects and hubs connect to services and routers.
The Mobius URI structure allows addressing any part of a node at any depth.
A Mobius hub is the foundation of a node. At its heart, a Mobius hub is just an MQTT broker which manages and links Mobius services and Mobius routers. Hubs are responsible for ensuring that all services and routers are valid members of a node by verifying their pre-shared authentication key on connection.
Each hub within a Mobius system is given a unique ID. This is a six digit hex number which forms the first part of the Mobius URI hierarchy. When referencing a hub, for example during a discovery process, this unique ID must be used (see MobiusFlow Uniform Resource Identifiers).
When service or router connects to a hub, and has been validated, the hub provides it with a copy of the Mobius object profiles and pre-shared keys files, ensuring that all services and routers connected to the hub are able to communicate and understand one another.
Mobius services are the engines which drive MobiusFlow. Each service is essentially a microservice performing a specific task and possibly acting as an interface to a piece of hardware or a 3rd party service such as Microsoft's Azure platform or the IBM Cloud.
All services MUST implement the full MobiusFlow protocol to enable them to connect to hub and communicate with other services. In addition to implementing the MobiusFlow protocol, services can create Mobius objects to store and share data and can also contain service specific logic to perform the task that they are designed for. When creating services, try an keep them focused on one task and create additional services to perform other tasks. This ensures that services are reusable and Mobius systems can be configured to only contain the logic that they require.
Each service within a Mobius node is given a unique ID. This is a three digit hex number which forms the second part of the Mobius URI hierarchy. When referencing a service, for example during a discovery process, this unique ID must be used (see MobiusFlow Uniform Resource Identifiers).
Mobius routers control all MobiusFlow communication into and out of a node. This ensures that nodes are secure and allows nodes to discover each other within a MobiusFlow system.
Routers are split into two parts, one side of the router communicates internally with its associated hub and all of the services within a node, while the other side of the router communicates externally through a 'no-mans' broker to other routers on other nodes. All external communication is done using MQTT over the WebSocket protocol. This could be done over a secure or non-secure connection (ws:// or wss://).
Routers are capable of routing messages between services belonging to different nodes, essentially allowing a service on one node to read, write and subscribe to change-of-value events on objects in another node.
The key to the MobiusFlow system is Mobius objects. These objects typically model real-world objects and provide a mechanism for sharing data and storing state in a consistent way. Each object has a unique identifier or Mobius URI which can be discovered and used by any part of the MobiusFlow system.
Mobius objects are predefined in an object profiles file which is passed to a services by the hub when a service connects.
Each object within a Mobius node is given a unique ID. This ID consists of two parts and is made up of the object profile ID (PID) which describes the object's type, and the object's instance number (INS). The PID is a four digit hex number which forms the third part of the Mobius URI hierarchy and the INS is a four digit hex number which forms the fourth part of the Mobius URI hierarchy. When referencing an object, for example during a discovery process, this unique ID must be used (see MobiusFlow Uniform Resource Identifiers).
Mobius objects contain one or more resources. It is these resources which are used to define objects that mimic or represent real-world objects. An example of a single object is a room temperature sensor. This object may have resources which define the sensor’s name, location, asset reference, engineering units, set point and actual measured value.
Each resource is capable of storing a single value which can currently be of type Boolean, Number, String, DateTime or TimeSpan. Resources also store meta-data about the value. The actual meta-data depends on the value type chosen. Resources can be read only or read/write. Read only resources have their values set when they are created.
Each resource within an object is given a unique ID. This is a two digit hex number which forms the fifth and final part of the Mobius URI hierarchy. When referencing a resource, for example during a read, this unique ID must be used (see MobiusFlow Uniform Resource Identifiers).
Resources store their values in a priority array. This priority array works in a similar manner to a BACnet priority array. The array has 16 possible locations with location 1 being the highest priority and location 16 being the lowest priority.
When reading the value of a resource the actual value is returned in the PV(present value) property. The PV is always equal to the value of the highest active (non null) priority in the resource's priority array.
