Hi Jose.
Original Message:
Sent: Aug 21, 2024 03:32 AM
From: jvmesa
Subject: Aruba Central IoT Operations / IoT Connector, to EnOcean IoT Connector Integration
** SOLVED ***
As discussed in the previous post, the problem was that, regardless of the general instructions to configure the Central IoT Operations solution, in this particular case it is NOT necessary to configure an IoT transport profile for the deployed IoT Connector. The communication between C.IOTC and E.IOTC is entirely managed by the AOS8 compatibility app.
In summary, as of today (August 2024), the steps to configure an integration between Central IoT Operations and EnOcean IoT are as follows:
[EnOcean IOT-C v.1.9.0]
[AP OS 10.6.0.2_90095]
- Downloading IoT Connector and Deploying IoT Connector
- Creating an IoT Connector / Viewing IoT Connector / Updating IoT Connector
- Assigning APs to IoT Connector
- Installing Partner-Developed App (EnOcean – USB)
- Installing AOS8 compatibility app / Configuring this app with the AOS8 IoT transport profile data. Pay special attention to:
- SERVER_TYPE: Telemetry-websocket
- SERVER_URL: <The URL of your EnOcean IOT-C wss server: wss//.../aruba.>
- AUTH_METHOD: username-password
- AUTH_URL: <The authentication URL of EnOcean IOT-C: https://..../auth/aruba>
- CLIEN_ID:<your client ID>
- CLIENT_USERNAME: <your user name>
- CLIENT_PASSWORD: <your password>
- DEVICE_CLASS: EnOcean
- Rules: none
- URLs: <your EnOcean IOT-C server URL>
- Certificates: <The valid CA certificate that allows HTTPS/WSS communication with EnOcean IOT-C>
Then, verify communications on the EnOcean IOT-C side.
Again, for this integration, no IoT transport profile is needed for the configured Connector(s) inside IoT Operations.
Thanks to the participating community members for their help.
Best regards,
José Mesa
Original Message:
Sent: Aug 20, 2024 02:25 PM
From: jvmesa
Subject: Aruba Central IoT Operations / IoT Connector, to EnOcean IoT Connector Integration
Hi Jens,
Thank you for your message.
You are absolutely right. That is exactly what I was discussing this afternoon with Aruba TAC. So, I have removed the IoT-transport profile and decided to forget about that "auth" problem. It seems the AOS8 Compatibility app is doing all the work, as the sensors have been reporting well to the EnOcean IoT-C for a couple of hours now.
I'm just waiting until tomorrow to see if everything remains stable before posting the final conclusion and the correct steps to follow, but basically, that's it.
Kind regards,
José Mesa
Original Message:
Sent: Aug 20, 2024 01:05 PM
From: Jens Fluegel
Subject: Aruba Central IoT Operations / IoT Connector, to EnOcean IoT Connector Integration
Hi All,
As far as I know E.IoTC does not support the IoT Ops transport today. The only way to make it work is using the AOS8 App.
In the AOS 8 app settings you configure the same transport settings including authentication as in the AOS VC setup. There is not need to configure the C.IOT connector transport at all.
Be aware that you have to configure the external URL/IP in the AOS 8 app open up the firewall for the app to connect to you E.IoTC.
You may also contact EnOcean support for questions.
Regards,
Jens
Original Message:
Sent: Aug 20, 2024 07:19 AM
From: GorazdKikelj
Subject: Aruba Central IoT Operations / IoT Connector, to EnOcean IoT Connector Integration
Hi Jose.
You can always open a TAC case if you have valid subscription in Central.
When you create the case on Aruba Central Managed select Yes and for Product select Central - AP
It is good that this is lab environment. It is quite possible that you will be asked for tests and examples and debug logs etc... Sometimes also remote sessions to demonstrate the problem.
Best, Gorazd
------------------------------
Gorazd Kikelj
MVP Guru 2024
Original Message:
Sent: Aug 20, 2024 06:49 AM
From: jvmesa
Subject: Aruba Central IoT Operations / IoT Connector, to EnOcean IoT Connector Integration
Well, an update with some progress and the (almost) certainty that the "auth" implementation in Central IOT-C in this case is incorrect.
I ended up having both IoT Operations installed, the EnOcean and the AOS8 compatibility apps. The IoT transport profile for the Central IOT-C was configured with "Use credentials" as the authentication method, and I always got the same error:
https://xxx.XXXX.com:5120/auth/aruba. Fail reason: oauth2: cannot fetch token: 401 Unauthorized Response: <html><title>401: Unauthorized</title><body>401: Unauthorized</body></html>
After reading this document (https://www.langs-world.de/Downloads/ArubaInstant/AI_8.11.2.1/Aruba-Instant-8.10-IoT-Websocket-Interface-Guide.pdf), I decided to check the authentication method myself. I successfully did it with this simple script and the appropriate CA certificate:
import requests#url = "https://xxx.xxxxalan.com:5120/auth/aruba"#data = { "grant_type": "password", "username": "user", "password": "pass", "client_id": "XXXX", "scope": "Aruba_IoT_Framework"}#cert_path = "./my_ca_cert.pem"#try:# response = requests.post(url, json=data, verify=cert_path)# if response.status_code == 200: print("Solicitud exitosa!") print("Respuesta del servidor:", response.json())# else: print(f"Error: {response.status_code}") print(response.text)#except requests.exceptions.SSLError as ssl_err: print(f"Error SSL: {ssl_err}")#except Exception as e: print(f"Error: {e}")
Respuesta del servidor: {'access_token': 'xxxxxxxxxx659b9124b446d47cf63e84bfcdb15b8da50b4d', 'expires_in': 3600, 'api_url': 'wss://xxx.XXXXXalan.com:5120/aruba?client_id=1111'}
As you see, with this POST message, you get the token needed to open the WSS at the designated URL. So, I decided to use that token directly in the Transport-Profile and in the AOS8 app configuration, changing the authentication method to "Use Token." And everything works fine! The sensor data is properly received and processed in the EnOcean IoT Connector just as well as in the AOS 8.12 scenario.
So I think I now have enough data to open a case, but I'm not really sure how to do it since this is a lab using a trial workspace. Maybe you can advise me on it.
Thanks!
José Mesa
Original Message:
Sent: Aug 19, 2024 12:31 PM
From: jvmesa
Subject: Aruba Central IoT Operations / IoT Connector, to EnOcean IoT Connector Integration
Hi Herman, thanks for your message. That was a good point. We have the EnOcean IoT Connector up to date, but it seems that it only supports AOS 8 (with no specific mention of AOS 10).
I didn't notice the AOS8 Compatibility App until you mentioned it. I thought this would be the solution, but unfortunately, it's not yet.
So, let me give you all the information I have.
We started with a Central-managed AOS8 VC (single AP) with its EnOcean USB gateway and this transport profile configuration:
(Notice that "Payload" Content is set to "serial-data")
This results in a successful connection with the EnOcean IoT Connector, and the sensor data is received correctly:
So now we know the right move is the AOS8 Compatibility App. I proceeded with its installation:
Notice that in "DEVICE_CLASS" there is no option to set "serial-data" and only "EnOcean" seems to be the right one.
Next, I configure the "transport-profile" in the Central IoT Connector. I used the same data as in AOS8, but set "EnOcean" as "Device_Class" and "protobuf" as "format type":
Unfortunately, I get the same error:
https://iot.07globalan.com:5120/auth/aruba. Fail reason: oauth2: cannot fetch token: 401 Unauthorized Response: <html><title>401: Unauthorized</title><body>401: Unauthorized</body></html>
On the EnOcean IoT Connector side, the logs reflect the problem:
2024-08-19T15:56:42+00:00 iot-connector-proxy-1.iotclog {"log":"xxx.xxx.247.155 - CLIENT_ID [19/Aug/2024:15:56:42 +0000] \"POST /auth/aruba HTTP/1.1\" 401 75 \"-\" \"Go-http-client/1.1\"\n","stream":"stdout","container":"iot-connector-proxy-1","hostname":"cb56afd5d1b9"}
Now I have these concerns:
- The error occurs before any data from the sensor is transmitted, so it seems the problem is not related to the data format applied to this data; it is just related to the POST message to the defined auth server.
- don't know if this affects the issue, but EnOcean's instructions about Central/AOS8 integration specifically indicate that "serial-data" must be used for device_class. This is not possible when configuring the IoT transport profile using IoT Operations and the AOS8 app.
Again, any idea would be very welcome.
Thanks and best regards.
José Mesa
Original Message:
Sent: Aug 19, 2024 08:14 AM
From: Herman Robers
Subject: Aruba Central IoT Operations / IoT Connector, to EnOcean IoT Connector Integration
Does your EnOcean IoT connector support the AOS10 transports (protobuf)? There is different protobuf scheme, so that may be a reason that you connection does not come up, if only AOS8 is supported. You may use the AOS8 Compatibility App on the Central IoT connector to use the old transports.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Aug 18, 2024 07:12 AM
From: jvmesa
Subject: Aruba Central IoT Operations / IoT Connector, to EnOcean IoT Connector Integration
Thanks for your reply @GorazdKikelj.
I have tried to take a look at the C.IOTC, of course. But the problem is that I barely know where to start. With the C.IOTC VM, the only logs you have access to are the complete set available for download (SFTP) through the VM menu. This set contains dozens of files, and none of them seem to provide clues related to "wss" or "oauth2" logs. I'm lost. Do you know where to search? Is there any available documentation about this C.IOTC VM?
Best regards,
José Mesa
Original Message:
Sent: Aug 18, 2024 02:56 AM
From: GorazdKikelj
Subject: Aruba Central IoT Operations / IoT Connector, to EnOcean IoT Connector Integration
Just few thougths.
Can you chek in IoT Connector logs what are you receiving and what the error is there?
You can try collecting packet capture of the exchange and see if the format of the authentication message is correct?
Best, Gorazd
------------------------------
Gorazd Kikelj
MVP Guru 2024
Original Message:
Sent: Aug 17, 2024 07:50 AM
From: jvmesa
Subject: Aruba Central IoT Operations / IoT Connector, to EnOcean IoT Connector Integration
I'm trying to set up a lab as the first step in building a proof of concept (PoC) for one of our clients. First of all, I need to warn you about the similarity in the naming conventions that both Aruba and EnOcean use for their software, even though they serve very different functions. So, we have the Central IoT Connector (I'll refer to it as C.IOTC) and the EnOcean IoT Connector (I'll refer to it as E.IOTC).
The lab I'm trying to build is as follows:
In the past, we successfully completed the integration with E.IOTC using VC APs (AOS 8.12) managed by Central, so we thought that this new IoT Operations schema should work fine. However, I'm unable to complete it.
Coming from the VC 8.12 setup, which used the same elements, I now have an AP-303H running AOS 10 with an EnOcean USB gateway connected and some sensors in its proximity. The AP is in an AOS10 AP group in Central, and following the IoT documentation, I have completed all these steps:
- - Downloading IoT Connector and Deploying IoT Connector
- - Creating an IoT Connector / Viewing IoT Connector / Updating IoT Connector
- - Creating IoT Radio Profile / Enabling IoT Radio Profile (not applicable)
- - Configuring BLE Beacon Service Profile (not applicable)
- - Assigning AP to IoT Connector
- - Installing Partner-Developed App (EnOcean – USB)
- - Configuring IoT Transport Profile
- - Assigning CA Certificate (same as VC / 8.12 scenario)
- - Synchronizing CA Certificate
All this results in a good-looking dashboard:
So, everything looks ready to go, but I'm not receiving any data in E.IOTC because there is an issue with the configured IoT transport profile. The connection between C.IOTC and E.IOTC is not successfully established:
This is the error:
"connect to https://iot.07globalan.com:5120/auth/aruba. Fail reason: oauth2: cannot fetch token: 401 Unauthorized Response: <html><title>401: Unauthorized</title><body>401: Unauthorized</body></html>"
This is the configuration of the IoT profile for this IoT Operations:
It seems that the E.IOTC Auth server is not accepting the credentials contained in the profile (username/password and client ID), but these are exactly the same ones that work well with the IoT profile configured for AOS 8.12 / VC (triple-checked).
Is there anything else I should check? Any ideas about the nature of this failure?
Aside from this error, I'm uncertain about the following parameters (they are new) in the new IoT profile for E.IOTC integration:
- Device Class: ENOCEAN (Is this OK?)
- Stream Type: Periodic Telemetric. (Is this OK?)
- Format Type: PROTOBUF (Is this OK?)
Any help or idea would be very welcome.
Thanks!