What is the security way to communicate through internet?
-
I have a computer to collect sensor's data through Modbus, and I want to transfer data to 2 cities' data center through Internet, what's the security way to send and receive data? I mean choose which datasource is the best way?
-
Hi naloy, welcome to the forum!
If you're using Mango on both ends of the connection, you could use the Persistent TCP data source. By itself it is not encrypted, but you can run it over a VPN or through an SSH tunnel to get a security layer. This data source is designed to publish and synchronize data between Mango instances.
If you're not using Mango on the receiving end, you could use any of the publishers through a VPN or SSH tunnel, or write a script that exports a CSV and SFTP it to the receiving server. Probably the HTTP publisher would be the sender for traveling the internet. You shoud be able to use it with an https URL, so that's a distinct option.
Since all these rely on using a different security layer, no data source / publisher decision is inherently more secure since you could use any security layer (maybe modbus requests are structured enough to betray encryption and the modbus pubisher would be a less secure option, I'm not sure, that's beyond my expertise) with any degree of security protocol in place.
-
@phildunlap said in What is the security way to communicate through internet?:
HTTP publisher
Thanks, but I do not understand how HTTP publisher works, is that first publish to destination IP address, for example, New York data center IP, then in New York site people can just visit that IP through web browser without mango installed? seems not reasonable,
-
If you are publishing data to a data center, something at that data center would receive the data, and then host it for other clients. If you're just talking about exposing the data in a Mango to a public URL securely, you can enable SSL in Mango and run it over HTTPS: https://help.infiniteautomation.com/installation-configuration/#ssl-properties
Using SSL also enables you to use ALPN (and ext-available script) and HTTP/2 which can speed things up.
-
we do not want to publish to public, and wish to view those monitor pages online from remote data center, I just do not understand something what at data center that can receive the data, how to set up in remote data center?
-
I misunderstood. I thought you were trying to archive data at the data center, If you're just trying to use it's internet connection to view Mango, it being a data center doesn't matter.
So, you can secure your TCP/IP traffic by using a VPN or SSH tunnel and then further encrypt the HTTP traffic by enabling SSL in Mango. The "data center" side of it just needs to be on the same VPN or have access to the SSH tunnel. Then it'll be their browsers securely opening up the Mango interface as one would on site.
-
Get it! thanks