Programming Interface
Industrial Asset Hub consists of a growing amount of services supporting our users.
The platform is experienced via a centrally hosted cloud service. The shop floor instances are reached out via gateway applications, consisting of the Asset Gateway and one or more Asset links. The application is hosted on Industrial Edge or as docker-compose on every machine which can run containers.
Figure: Programming Interface
Compatibility
The following tables are giving an overview about the compatibility between the different components. All components are versioned using semantic versioning
The compatibility between the Asset Gateway and the respective Asset Links is determined by the version of the Asset Link API.
| Asset Gateway | Asset Link API versions |
|---|---|
| >= 0.3.10 | "siemens.commondevicemanagement.devicediscovery.v1" "siemens.commondevicemanagement.firmwareupdateApi.v1" "siemens.connectivitysuite.registry.v1" "siemens.connectivitysuite.alarmsevents.v1" "siemens.connectivitysuite.drvinfo.v1" "siemens.connectivitysuite.driverevent.v1" |
Xcelerator Foundation
| XF component | Comment |
|---|---|
| API Gateway | Central entry point for applications that are part of the Xcelerator platform. IAH as self hosted service is registered at this gateway. There are two IAH applications that can be provisioned to a tenant. The API app is only to have access to the IAH cloud service APIs which is used by the Asset Gateway as well. And the UI app which provides IAH with an web interface for users. |
| SAM Auth | Security and Access Management (SAM) is a tool that is utilized to handle authentication and authorization for Siemens cloud services. It is possible to manage users, groups, roles, policies and access keys. |
IAH cloud instance
| IAH Cloud Component | Comment |
|---|---|
| API Gateway (Kong) | Acts as central access layer to the IAH cloud services by forwarding the incoming requests to the upstream services. |
| IAH Auth (Kong-)Plugin | Custom Kong Plugin to handle the authentication and authorization of the incoming requests. It checks if the token signature is valid, extracts relevant information from the token claims and checks that the provided roles match with those required for the requested resource. |
| Discovery Service | Provides a REST API that can be used to create, read and update discovery jobs. Each job is linked to a particular gateway. The service uses the WFX service to handle the interactions with jobs and to storage them. |
| Inventory API Service | Provides a REST API that can be used to create, read, update and delete assets in the inventory. |
| WFX Gatekeeper Service | Provides the WFX northbound and southbound REST APIs to create and read workflows and to create, read and update jobs. This service is needed as the WFX service is not capable to deal with multi-tenancy. The gatekeeper maps the gateway IDs to tenant IDs to ensure that a gateway can only interact with jobs that belong to the same tenant. |
| WFX Service | Is a lightweight, general-purpose workflow executor. Workflows can be modeled as finite state machines to describe different kind of tasks e.g. asset discovery. An instance of this workflow is called a job. This jobs will be created by a IAH cloud component and can be picked up and executed by the IAH gateway agents. |
| initdb PostgreSQL | Tool which can be added as init container to a service to create a database user and a database in the PostgreSQL instance. The output can be used by the service to establish a secure connection to this database. |
| Remote Access Service | Provides a REST API that can be used for establishing remote connection to view an asset webserver. |
Asset Gateway
| Gateway / Asset Gateway | Comment |
|---|---|
| Auth Proxy Agent | The auth proxy agent authenticates the Asset Gateway agents against the backend. It requests a JSON Web Token (JWT) from the SAM Auth instance. Every request from the Asset Gateway agents go to the auth proxy agent. It sets the JWT as the bearer token in the authentication header and forwards the requests to the cloud backend. |
| gRPC Service Registry | The gateway of Industrial Asset Hub hosts the gRPC service registry as a part of the Asset Gateway application. The backend services of Industrial Asset Hub communicate with the Asset links through the Asset Gateway. All these drivers implement one or more gRPC services as there are e.g. asset discovery or firmware update. The Asset Gateway can discover a specific Asset link via the gRPC service registry to get the address to connect to of the Asset link. |
| Discovery Agent | The agent requests cyclically for new discovery jobs. If a new job exists the agent searches in the registry for the relevant Asset link address. With this address it connects to the Asset link and perform the discovery process. |
Asset link
Asset links act as adapters/drivers, between the Asset Gateway and the field devices. IAH provides an Asset link SDK which can be used by device builders to speed up their own Asset link development. This SDK already includes the gRPC interfaces for the IAH use cases (e.g. discovery) so that the Asset link writer can focus on implementing the content of the features.
Industrial Asset Hub backend APIs
Inventory API
Discovery API
GW Onboarding API
Authorization API
Workflow Executor API
Remote Access API
Download Specifications
A complete package of API specifications can be obtained here: API_Specs