Model

Estimated reading time: 9 minutes

Workload Orchestrator Models allow you to add devices that connect to Workload Orchestrator with different protocols. Supported protocols include MQTT, LWM2M, and DTLS.

What is a Model?

Workload Orchestrator Models are JSON templates for connecting to Devices. Models define what parameters are needed for devices to communicate with Workload Orchestrator. Parameters include values like Host Name, Port, Password, and ClientId. You can add one or more templates to a device model to enable multiple features

  • When you add a device to Workload Orchestrator and set up connectivity in OT Link Platform, the template will apply and the values will fill in automatically for the new device and cloud connection.
  • Models and Devices are specific to a Project.
  • The device model identifies which protocols devices will use to communicate.
  • Device models dictate a device’s configuration. Model protocols include: HTTP, HTTPS, MQTT, MQTTS, LWM2M, and LWM2M with DTLS.
  • Device models can also have custom data blocks.

Protocols and Port Requirements

The following ports must be open to access the full set of Workload Orchestrator features:

Acronym Full Name Port Description
HTTP Hypertext Transfer Protocol 80 This client-server protocol enables web data exchange between browsers and servers.
HTTPS Hypertext Transfer Protocol - Secure 443 The secure version of the HTTP protocol encrypts all requests and responses with Transport Layer Security (TLS) or Secure Socket Layer (SSL).
LWM2M Lightweight Machine-to-Machine 5683

This OMA (Open Mobile Alliance) Lightweight Machine-to-Machine (LWM2M) protocol provides device management via client-server application layer communication. HPE provides the LWM2M server. LWM2M-compatible devices, like OT Link Platform-enabled devices, are the clients.
LWM2M with DTLS Lightweight Machine-to-Machine - Secure 5684 The secure version of the LWM2M protocol uses Datagram Transport Layer Security (DTLS).
BS Bootstrap 15683 Bootstrap is related to LWM2M. It allows the device to initialize configuration parameters from the bootstrap server when it first powers-on.
BS with DTLS Bootstrap - Secure 15684 The secure version of Bootstrap uses Datagram Transport Layer Security (DTLS).
MQTT Message Queuing Telemetry Transport 1883

A lightweight messaging protocol for data transfer to/from IoT devices that is optimized to minimize network bandwidth consumption. MQTT is designed for event-driven interactions with objects that measure physical quantities such as light, gas, temperature, dust, motion, sound, and pressure.
MQTT TLS/SSL Message Queuing Telemetry Transport - Secure 8883 The secure version of the MQTT protocol uses Transport Layer Security (TLS)/Secure Socket Layer (SSL) to provide a secure connection.

OTA

 Over-the-Air Not Applicable Over-the-Air updates facilitate device firmware updates. OTA refers to the methods for distributing software, configuration settings, and updating encryption keys.
Minio


9443 Open this port to enable offline deployments from the Minio storage system.

Example Models

The following examples show the JSON for Device Model templates and what each of the fields mean:

Template Name JSON Parameters
LWM2M Bootstrap. DTLS connection. Pre-shared keys mode 
{
  "lwm2mBsHostName": "%LWM2M_BS_HOST%",
  "lwm2mBsPortDtls": "%LWM2M_BS_DTLS_PORT%",
  "lwm2mEndpoint": "%LWM2M_ENDPOINT%",
  "lwm2mBsPSKIdentity": "%LWM2M_BS_PSK_IDENTITY%",
  "lwm2mBsPSKValue": "%LWM2M_BS_PSK_VALUE%",
  "lwm2mBsPSKValueHex": "%LWM2M_BS_PSK_VALUE%",
  "forceAccessControl": "false",
  "remoteNetwork": "%REMOTE_NETWORK%"
}
  • lwm2mBsHostName: The host name for the LWM2M Bootstrap Server. For example, mycompany.lwm2mbs.hpe-ewo-url
  • lwm2mBsPortDTLS: The port number, 15684, for DTLS on the Bootstrap Server.
  • lwm2mEndpoint: The binary-encoded value of the REST API endpoint for LWM2M.
  • lwm2mBsPSKIdentity: The Pre-Shared Key (PSK) Identity for the Bootstrap Server in binary encoding, typically the host name of the server.
  • lwm2mBsPSKValue: The value for the PSK in binary encoding. It acts as a password.
  • lwm2mBsPSKValueHex: The PSK converted to Hexadecimal encoding.
  • forceAccessControl: Defaults to false since this feature is not implemented yet in Workload Orchestrator.
  • remoteNetwork: Hexadecimal ID of the device network.
LWM2M Bootstrap. Not secured connection parameters 
{
  "lwm2mBsHostName": "%LWM2M_BS_HOST%",
  "lwm2mBsPortNoSec": "%LWM2M_BS_NOSEC_PORT%",
  "lwm2mEndpoint": "%LWM2M_ENDPOINT%",
  "forceAccessControl": "false",
  "remoteNetwork": "%REMOTE_NETWORK%"
}
  • lwm2mBsHostName: The host name for the LWM2M Bootstrap Server. For example, mycompany.lwm2mbs.hpe-ewo-url
  • lwm2mBsPortNoSec: The port number, 15683, for non-secure LWM2M connections.
  • lwm2mEndpoint: The binary-encoded value of the REST API endpoint for LWM2M.
  • forceAccessControl: Defaults to false since this feature is not implemented yet in Workload Orchestrator.
  • remoteNetwork: Hexadecimal ID of the device network.
LWM2M. DTLS connection. Pre-shared keys mode 
{
  "lwm2mHostName": "%LWM2M_HOST%",
  "lwm2mPortDtls": "%LWM2M_DTLS_PORT%",
  "lwm2mEndpoint": "%LWM2M_ENDPOINT%",
  "lwm2mPSKIdentity": "%LWM2M_PSK_IDENITY%",
  "lwm2mPSKValue": "%LWM2M_PSK_VALUE%",
  "lwm2mPSKValueHex": "%LWM2M_PSK_VALUE_HEX%",
  "remoteNetwork": "%REMOTE_NETWORK%"
}
  • lwm2mHostName: The host name for the Workload Orchestrator LWM2M Server. For example, mycompany.lwm2m.hpe-ewo-url
  • lwm2mPortDTLS: The port number, 5684, for DTLS on the Workload Orchestrator LWM2M Server.
  • lwm2mEndpoint: The binary-encoded value of the REST API endpoint for LWM2M.
  • lwm2mBsPSKIdentity: The Pre-Shared Key (PSK) Identity for the Bootstrap Server in binary encoding, typically the host name of the server.
  • lwm2mBsPSKValue: The value for the PSK in binary encoding. It acts as a password.
  • lwm2mBsPSKValueHex: The PSK converted to Hexadecimal encoding.
  • remoteNetwork: Hexadecimal ID of the device network.
LWM2M. Not secured connection parameters 
{
  "lwm2mHostName": "%LWM2M_HOST%",
  "lwm2mPortNoSec": "%LWM2M_NOSEC_PORT%",
  "lwm2mEndpoint": "%LWM2M_ENDPOINT%",
  "remoteNetwork": "%REMOTE_NETWORK%"
}
  • lwm2mBsHostName: The host name for the LWM2M Server. For example, mycompany.lwm2m.hpe-ewo-url
  • lwm2mBsPortNoSec: The port number, 5683, for non-secure LWM2M connections.
  • lwm2mEndpoint: The binary-encoded value of the REST API endpoint for LWM2M.
  • remoteNetwork: Hexadecimal ID of the device network.
MQTT HTTP connection parameters 
{
  "httpUrl": "%MQTT_HTTP%",
  "mqttUserName": "%MQTT_USERNAME%",
  "mqttPassword": "%MQTT_PASSWORD%",
  "mqttClientId": "%MQTT_CLIENT_ID%",
  "mqttReqTopicName": "%MQTT_REQ_TOPIC%",
  "mqttRespTopicName": "%MQTT_RESP_TOPIC%",
  "mqttDataTopicName": "%MQTT_DATA_TOPIC%",
  "remoteNetwork": "%REMOTE_NETWORK%"
}
  • httpUrl: The Workload Orchestrator URL for MQTT service. For Example, http://mycompany.hpe-ewo-url/mqtt/publish
  • mqttUserName: The user name for the MQTT server, encoded in binary.
  • mqttPassword: The password for the MQTT server user.
  • mqttClientId: The client id for the device with MQTT connectivity, encoded in binary.
  • mqttReqTopicName: The topic for making MQTT requests to the device.
  • mqttRespTopicName: The MQTT topic for receiving responses from the device.
  • mqttDataTopicName: The MQTT topic for receiving data from a device.
  • remoteNetwork: Hexadecimal ID of the device network.
MQTT https connection parameters 
{
  "httpsUrl": "%MQTT_HTTPS%",
  "mqttUserName": "%MQTT_USERNAME%",
  "mqttPassword": "%MQTT_PASSWORD%",
  "mqttClientId": "%MQTT_CLIENT_ID%",
  "mqttReqTopicName": "%MQTT_REQ_TOPIC%",
  "mqttRespTopicName": "%MQTT_RESP_TOPIC%",
  "mqttDataTopicName": "%MQTT_DATA_TOPIC%",
  "remoteNetwork": "%REMOTE_NETWORK%"
}
  • httpsUrl: The Workload Orchestrator URL for secure MQTT service. For Example, https://mycompany.hpe-ewo-url/mqtt/publish
  • mqttUserName: The user name for the MQTT server, encoded in binary.
  • mqttPassword: The password for the MQTT server user, encoded in binary.
  • mqttClientId: The client id for the device with MQTT connectivity, encoded in binary.
  • mqttReqTopicName: The topic for making MQTT requests to the device.
  • mqttRespTopicName: The MQTT topic for receiving responses from the device.
  • mqttDataTopicName: The MQTT topic for receiving data from a device.
  • remoteNetwork: Hexadecimal ID of the device network.
MQTT plain TCP connection parameters 
{
  "mqttHostName": "%MQTT_HOST%",
  "mqttTcpPort": "%MQTT_TCP_PORT%",
  "mqttUserName": "%MQTT_USERNAME%",
  "mqttPassword": "%MQTT_PASSWORD%",
  "mqttClientId": "%MQTT_CLIENT_ID%",
  "mqttReqTopicName": "%MQTT_REQ_TOPIC%",
  "mqttRespTopicName": "%MQTT_RESP_TOPIC%",
  "mqttDataTopicName": "%MQTT_DATA_TOPIC%",
  "remoteNetwork": "%REMOTE_NETWORK%"
}
  • mqttHostName: The host name for the MQTT server on Workload Orchestrator. For example, mycompany.mqtt.hpe-ewo-url
  • mqttTcpPort: The TCP port, 1883, on the server for the MQTT connection.
  • mqttUserName: The user name for the MQTT server, encoded in binary.
  • mqttPassword: The password for the MQTT server user, encoded in binary.
  • mqttClientId: The client id for the device with MQTT connectivity, encoded in binary.
  • mqttReqTopicName: The topic for making MQTT requests to the device.
  • mqttRespTopicName: The MQTT topic for receiving responses from the device.
  • mqttDataTopicName: The MQTT topic for receiving data from a device.
  • remoteNetwork: Hexadecimal ID of the device network.
MQTT TLS/SSL connection parameters 
{
  "mqttHostName": "%MQTT_HOST%",
  "mqttSslPort": "%MQTT_SSL_PORT%",
  "mqttServerCA": "%MQTT_CA_CERT%",
  "mqttUserName": "%MQTT_USERNAME%",
  "mqttPassword": "%MQTT_PASSWORD%",
  "mqttClientId": "%MQTT_CLIENT_ID%",
  "mqttReqTopicName": "%MQTT_REQ_TOPIC%",
  "mqttRespTopicName": "%MQTT_RESP_TOPIC%",
  "mqttDataTopicName": "%MQTT_DATA_TOPIC%",
  "remoteNetwork": "%REMOTE_NETWORK%"
}
  • mqttHostName: The host name for the MQTT server on Workload Orchestrator. For example, mycompany.mqtt.hpe-ewo-url
  • mqttSslPort: The SSL port, 8883, on the server for the MQTT connection.
  • mqttServerCA: The SSL Server Certificate Authority (CA) that issues SSL certificates for authentication. 
  • mqttUserName: The user name for the MQTT server, encoded in binary.
  • mqttPassword: The password for the MQTT server user, encoded in binary.
  • mqttClientId: The client id for the device with MQTT connectivity, encoded in binary.
  • mqttReqTopicName: The topic for making MQTT requests to the device.
  • mqttRespTopicName: The MQTT topic for receiving responses from the device.
  • mqttDataTopicName: The MQTT topic for receiving data from a device.
  • remoteNetwork: Hexadecimal ID of the device network.
Over-The-Air device parameters 
{
  "otaPrivateKey": "%OTA_PRIVATE_KEY%",
  "otaCert": "%OTA_CERT%",
  "otaCaCert": "%OTA_CA_CERT%",
  "otaDDIUrl": "%OTA_DDI_URL%"
}
  • otaPrivateKey: The Over-The-Air (OTA) protocol private key, an encrypted string.
  • otaCert: The encrypted certificate for OTA protocol.
  • otaCACert: The encrypted certificate for the OTA Certificate Authority (CA)
  • otaDDIUrl: The URL of the device message monitoring service.