While using volttron-cfg, I was asked some questions:
Include volttron central platform agent on volttron central? [Y] Is VC platform agent is the backend agent and VC is the frontend?
What is port 22916 (vip port)? The content returned from
"localhost:22916" is not readable.
Thanks.
The VOLTTRON central agent(VC) connects to the individual VOLTTRON instances through the VOLTTRON central platform agent(VCP).
Both the VC and VCP agents are not considered platform agents because they aren't started up when you start VOLTTRON by default.
When using the volttron-cfg command the question is asking you do you want to have a VCP as well as a VC installed on whatever instance you are setting up.
The port 22916 is the VIP (VOLTTRON Interconnect Protocol) port that allows all of the VOLTTRON agents to connect with the VOLTTRON router. If you have a VOLTTRON instance running (and left as the default port), you can telnet to it and see that it is indeed running. You will not be able to browse to it however as it is not serving http requests from that port.
Related
If I have a VOLTTRON central instance running 7.x and updated my 1 VOLTTRON edge device to 8.1.3 where I can see data flow, do I need to update my VOLTTRON central instance if it is working?
Edge device is running the ForwardHistorian and the VOLTTRON Central is running the SQL agent.
Just curious if there would be any negative impacts of not updating the Central instance.
If there is a VOLTTRON central deployment on ZMQ, would I need to have network ports on a firewall opened up if the actual VOLTTRON central instance is behind a firewall?
Basically I am looking at deploying an edge device in a building to collect some BACnet data (temporary research deployment) and hoping to aim this edge device instance to our central VOLTTRON instance that runs a SQL historian that is behind a firewall.
Does ZMQ run on port 5555? And I would I need to have our firewall opened up or port forwarding on this port to handle the bi-directional ZMQ bus?
VOLTTRON itself by default is on port 22916 (this is the zmq port volttron uses). This is configured independently from the web port. When initializing a web instance there are some more dependencies that are required than just the initial bootstrap.py so you will want to use bootstrap.py --web to make sure those are added.
If the edge devices will have a web server on them, then there must be an inbound connection from browser or code to reach that end device. In order for a volttron central agent to connect to an edge device, the edge device instance must have the vip-address of the central instance in its $VOLTTRON_HOME/config file or within the platform agent's config file. Edge devices should have the volttroncentralplatform agent installed on it for this scenario.
ZMQ could run on whatever port you configure it to. To configure volttron to use it specify the vip-address in the ~/.volttron/config file to whatever port you would like i.e. vip-address=tcp://127.0.0.1:22916 (only bound to 127.0.0.1 ip address).
I have a number of VMs under one domain. I am setting up kerberos and a part of it is installing the Azure AD App Proxy connector. I have installed the connector in one of the servers but the application that I published is in a different server. Would this still work or I need to install the connector to the specific server where the published application is?
The connectors must be installed on a Windows Server that has access to the backend application
Install the connector on a machine running Windows Server 2012 R2 or later. The connector needs to communicate with the Application Proxy service and the on-premises applications that you publish.
The windows server needs to have TLS 1.2 enabled before you install the Application Proxy connector
If you are installing the connector on Windows Server 2019, you must disable HTTP2 protocol support in the WinHttp component for Kerberos Constrained Delegation to properly work. This is disabled by default in earlier versions of supported operating systems.
You may refer this for more information https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-connectors
I would like to connect a volttron platform running on a raspberry pi connected to the local network of a building to a second volttron platform running on a virtual personal server.
I know that two volttron platforms can interact with each other using the Volttron Central Management Agent or using the ForwardAgent. However, it is not clear to me what security method is used. Our ICT manager only agrees to set up a connection if the information is exchanged through https.
Could you help me formulating an answer to ICT regarding the security issue? And give me some pratical tips on how to set up the volttron configuration files? I'm not very familiar with network/security technologies. Maybe important to know: the server has a proxy and a reverse-proxy security.
Thx!
Your security person is correct. You should only set the platform up in a "real" environment through https. Since you have a proxy, that should be forwarded to the volttron central agent.
internet (443) -> proxy -> http://127.0.0.1:8080
The proxy in this case is on the same machine as the volttron central platform.
This is how we are doing it with apache as our proxy. One could do the same thing with a different web server such as nginx.
Hopefully that helps
If you are indeed trying to connect from a single instance to another instance (e.g. the way the forwarder does). Then the answer is the security is using public/private key pairs with curve mq providing perfect forward security. All traffic between platforms is 100% encrypted and only authorized agents can transmit across the instances bus.
http://curvezmq.org/
The current setup,
Google Compute Engine running Windows Server 2012 (GCE Server 2012)
Google Compute Engine running Debian Wheezy (GCE Server Wheezy)
GCE Server 2012 has one open port, tcp 3389 to GCE Server Wheezy
GCE Server Wheezy is running Guacamole with NLA enabled and Tomcat 7 and is working off x.x.x.x:8080/guacamole/
So I have, what I hope, is a secure connection between GCE Server 2012 and GCE Server Wheezy. Now I want to be able to access x.x.x.x:8080/guacamole/ securely, but the setup with SSL has been difficult.
What I want to know is if it's possible to access GCE Server Wheezy through Google App Engine, which already has great SSL protection. Essentially, I would like to be able to open one port and IP address (range) and/or some sort of internal connection between a GCE website and GAE, and then access everything through GAE. My assumption is that since traffic from GCE and GAE never leave Google's internal infrastructure and they are tied only to each other, this would be an easy and affordable way to add powerful SSL encryption to my Guacamole/Tomcat setup.
Alternative ideas to easily add SSL to my setup would also be greatly appreciated.
Setup the HTTP Load balancer and you're set in a few mouse clicks...
HTTP/HTTPS load balancing provides global load balancing for incoming
HTTP or HTTPS requests, allowing these requests to be sent to
different sets of backends based on patterns in the URL. HTTP requests
can be load balanced based on port 80 or port 8080. HTTPS requests can
be load balanced on port 443. HTTPS load balancing also supports SPDY
and HTTP/2. HTTP/HTTPS load balancing does not support WebSocket.
See https://cloud.google.com/compute/docs/load-balancing/http/