In my previous post (Communication between Simatic S7-1500 and Python using OPC UA (unencrypted)) I showed you a setup which connects a Simatic S7-1500 and a python application (running on either Windows, Linux, macOS or Embedded Linux) using OPC UA. To start things easy, we used plaintext data transfer and a simple user authentication, we did not use any cryptographic measure to secure the channel. In this post I want to dive deeper into security and show you how to protect the communication by setting up a secure channel (SSL/TLS/PKI). Again, we use the same library, TIA project and hardware setup as introduced in the previous post.
Since our original architecture stays the same (Python application is OPC UA client and S7-1500 is OPC UA Server), the following steps summarize the procedure to setup an encrypted and authenticated communication between our two peers:
- In TIA portal the use of global security settings need to be enabled
- Client and server certificates need to be generated to achieve mutual authentication
- In TIA portal the security level needs to be increased by enforcing encrypted/authenticated communication and rejecting plaintext messages
- Exporting the client certificates from TIA
- Converting the exported certificates using OpenSSL to be used in our python application
- Preparing our python application to use the certificates
In the past it was hard to interface with industrial PLCs because the only possibility to connect was to make use of their proprietary field bus protocols. Nowadays, these field bus protocols make use of Ethernet technology and the TCP/IP stack but still remain proprietary - no reliable open source implementations exist. With the rise of Industry 4.0 and IIoT concepts new protocols were developed, which allow open communication between different devices, such as PLCs, PCs, embedded controllers, edge devices, etc. Two major and common used protocols are OPC UA and MQTT, reference implementations in various programming languages (licensed under OSS) exist and can be used. In this blog post I want to show how to set up a Siemens Simatic S7-1500 to communicate with an application written in Python using OPC UA and the library FreeOpcUa/python-opcua.
When it comes to image processing and development of computer-vision applications, it is quite handy to have an appropriate set of algorithms available to support your task. A major toolset for image processing is OpenCV, when additionally OCR (optical character recognition) is required tesseract-ocr is famous and reliable library. Once these tools are installed it is quite comfortable to work with both if them.
While Linux user have an integrated package manager (apt-get, yum, etc.) which makes it easy to install all the necessary libraries and dependencies, macOS user could use Homebrew or MacPorts. Another possibility to install the required packages on macOS is to compile them from source. This can become cumbersome, but nevertheless I feel comfortable by building the libraries on my own.
This article will cover the following:
- Building tesseract-ocr from source (including the dependencies)
- Setting up the development environment by installing OpenCV and pytesseract using pip into a virtualenv
- Running a simple example which scans a business card and extracts text data recognised by tesseract-ocr
MQTT is a lightweight Machine-to-Machine (M2M) communication protocol often used in Industry 4.0 environments and IoT applications. Implementations and libraries exist for nearly every hardware, such as Arduino, Raspberry, PC, Smartphone, PLCs, etc.
MQTT (short for Message Queue Telemetry Transport) is an open standard (ISO/IEC PRF 20922) and is based on the publish-subscribe pattern. It works on top of the TCP/IP stack. It's main purpose is to exchange messages between clients and a server (broker). The clients can decide by themselves whether a message is important for them, based on the topics they have subscribed.
In this article I will shortly introduce how to setup the Simatic S7-1200 as a MQTT client (publisher role) and publish data to a MQTT broker on my local network.
The MQTT library for the Simatic PLC is taken from Siemens (from official Industry Support Portal) and as a broker I am using the hbmqtt library written in Python.
In the previous post (RESTful API for Simatic S7-1200 PLC & Python Client (Part 1)) I showed how to design and implement a simple ReST API for the Simatic S7-1200 and the integrated web server. A client (written in python) was accessing the API. It was assumed, that no access restrictions were configured for the PLC and therefore the ReST API was accessible by everyone (anonymous user). Such a configuration is not conceivable for productive environments.
In this post I will shortly introduce how to use python (with the requests library) to login through the login form presented on the welcome page when you access the Simatic S7 using a web browser over HTTP/S. Once you have retrieved the authentication cookie successfully, you can access your API and your user-defined pages with your own clients.