Index | Prev | Next

Station-side system layers

Each NiagaraStation registered with the cloud platform has a secured channel to send and receive messages using AMQPS/AMQPWS protocols.

Each NiagaraStation has its own authorization subsystem. To provide the required level of security, each command received by the station should be verified and logged by the customer-controlled, station-based authorization system.

This diagram shows the general flow for the cloud-to-device security commands.

Figure 6.   Security commands general flow
Image

The execution of cloud commands introduces additional security risk for the station. Famous use case: a cloud command, which writes boiler target temperature to 500 degrees.

Execution of all commands is disabled by default. To enable command execution, a customer or integrator must explicitly enable it.

ACTION

  • Enable Cloud Commands execution configures NCD to enable execution of incoming cloud commands

Related Links

  • Identity provider trust (station layer)
  • Cloud/station role mapping (station and application layers)
  • Overall station command flow (station layer)
  • Predefined commands (station and application layers)
  • Predefined command responses (station and application layers)
  • Develop your own custom command
  • Security recommendations (Parent Topic)

    • Index | Prev | Next