Limitations for IoT Time Series Service can be found here in the link.
Link:
https://developer.mindsphere.io/apis/iot-iottimeseries/api-iottimeseries-overview.html#limitations
Dear customer,
Here at MindSphere, we value your business as we work hard to improve and enhance your digitalization experience. As a MindAccess DevOps Plan subscriber, we wish to inform you about security related changes.
As a preventive measure, we have decided to disable service credentials that are older than 365 days. With the latest release of MindSphere, you can now switch to the newly released Token Manager Service that provides a comparable functionality. In case this functionality does not cover your requirements, please contact us via the MindSphere Support and request to change your service credentials. Please ensure that your request contains the required information as described here https://developer.mindsphere.io/howto/howto-selfhosted-api-access.html#creating-service-credentials.
If we do not receive a request to change the secret we will proceed with disabling the issued service credentials. In case that service credentials are not required anymore, please request the deletion of the service credentials.
You will be able to use the issued service credentials with the old secret until March 31, 2019.
We would also like to inform you that as a subscriber to the MindAccess DevOps Plans, you will be able to rotate your secrets via a new API in near future.
Best regards
SIEMENS AG
MindSphere
1. Use chrome to go your MindSphere tenant.
2. Press Key "F12"
3. Click on the tab "Security".
4. Click on "View certificate".
5. Click on tab "Certification path".
5a. Click on "QouVadis Root CA 2 G3" and "View certificate".
5b. Click on tab "Details" and "copy to file".
6. Repeat 5a and 5b for the "QouVadis Enterprise Trust CA 2 G3" and "Siemens Issuing CA Internet Server 2017" certificate.
The following steps describe how to onboard a MindConnect Nano and how to configure the Data Mapping in the Asset Manager. By doing so, we basically connect the Datasource (Plant) with the Aspects (MindSphere). For this example we use the S7 protocoll and read out an Integer variable from a SIMATIC S7-1500.
Create new Asset and configure MindConnect Agent (Menu “Asset” on the left)
Create new asset based on “core.mcnano” and give a name (e.g. Asset_NanoAgent)
Insert unique box ID and configure Web- and Plant-Interfaces (as shown in the image)
Optional: update Firmware if necessary
2. Download config file and onboard Nano Box
See Screenshot
A factory reset is only necessary for MindConnect Elements that were already connected to MindSphere V2 (SAP). V1 cannot be upgraded.
You will find the necessary steps in the „Getting Connected to MindSphere“ documentation in the chapter "Manual firmware update of MindConnect Element":
https://documentation.mindsphere.io/resources/html/getting-connected/en-US/119926080651.html
Prerequisites:
• USB stick (fat32 formatted)
• ConBox_Commands.json file with a special content and
• the newest firmware version of your MindConnect Device
All required things can be found under the documentation link.
The latest firmware of the MindSphere MindConnect Elements can be found in the SIOS (Siemens Industry Online Support) web-portal:
• MC IoT2040: https://support.industry.siemens.com/cs/document/109745562
• MC Nano: https://support.industry.siemens.com/cs/document/109745561
An installation guide can be found in the "Getting Connected to MindSphere documentation" (https://documentation.mindsphere.io/resources/html/getting-connected/en-US/index.html) in the chapter "Firmware update":
In general, there are two different ways to perform a firmware update:
• Manual firmware update of MindConnect Element
• Firmware update in Asset Manager
The necessary steps can be found in the linked documentation.
The Azure Firmware version named SP28 is in testing phase right now and will be available soon.
You can run diagnostic and maintenance USB commands on your MindConnect Elements.
All necessary steps can be found in the „Getting Connected to MindSphere“ documentation in the chapter "Mounting and installing MindConnect Elements" -> "USB commandos":
https://documentation.mindsphere.io/resources/html/getting-connected/en-US/index.html
Prerequisites:
• USB stick (fat32 formatted)
• ConBox_Commands.json file with a special content
Screenshots are not useable! If you want to share Screenshots, please have a cvloser look if these have specific information which should not be published.
[[Optional]] = marked sentences with optional can be posted, but must not be publish. this is in the decission of the publisher
[[Optional]] In contrast to MindSphere V2, more manual steps to configure the data mapping have to be accomplished in order to see data in your fleet manager.
The following steps describe how to onboard a MindConnect Nano and how to configure the Data Mapping in the Asset Manager. By doing so, we basically connect the Datasource (Plant) with the Aspects (MindSphere). For this example we use the S7 protocoll and read out an Integer variable from a SIMATIC S7-1500.
Create new Asset and configure MindConnect Agent (Menu “Asset” on the left)
Create new asset based on “core.mcnano” and give a name (e.g. Asset_NanoAgent)
Insert unique box ID and configure Web- and Plant-Interfaces
Optional: update Firmware if necessary. Download the config file and onboard Nano Box (equal to MindSphere V2)
Create Datasource and Datapoints
Create new Datasource and specify them
Create Data-points (click on table icon at newDatasource) and specify them
Create Datamapping (click on chain icon at newIntVariable)
Create Aspect and add Variables (Menu “Aspects” on the left)
Create new Aspect and specify the following
Add Variables by specifying the following
!Please note:
Unit and Datatype is important for the data mapping later. These have to match exactly (case sensitive)!
Here the datamapping is made, but at first the counterpart for the MindSphere Aspect has to be configured.
!Please note:
Unit and Datatype is important for the data mapping later. These have to match exactly (case sensitive)!
Create Type and select Aspect (Menu “Types” on the left)
Create new Type and specify the following
Parent Asset Type Has to be BasicDevice
Select Aspect by specifying the following
Create new Asset and configure (Menu “Asset” on the left)
Create new asset based on the type created before (e.g. nbgmsiot.newType) and give a name (e.g. Asset_MindSphere)
Create Datamapping
Browse to the Nano Agent and navigate to Datapoints of Datasource from step 3 (here newDatasource)
Click on chain icon behind datapoint (here newIntVariable) and create new datamapping
Select Asset from step 6 (here: Asset_MindSphere)
Select Aspect from step 5 (here: MindSphereAspect)
Select Variable from step 4 (here: Integer)
An overview over all possible quality codes based on the OPC UA standard can be found in the “Getting Connected to MindSphere” documentation under the chapter appendix:
https://documentation.mindsphere.io/resources/html/getting-connected/en-US/120286086027.html
A detailed information about the the Data Types and Structures you can find here in the link below:
Link:
https://developer.mindsphere.io/resources/mindconnect-lib/doxygen/html/annotated.html
There are two functions an agent must call at some specific periods to be able to send data for long periods.
And here is an example code:
// If everything is successful so far, exchange the store whichcontainstimeseries.
if (MCL_OK == code)
{
printf("Uploading timeseries: ");
code = mcl_communication_exchange(communication, store, NULL);
// If exchange returns unauthorized, then get new access token.
if (MCL_UNAUTHORIZED == code)
{
printf("Getting new access token: ");
code = mcl_communication_get_access_token(communication);
// If getting new access token is successful, then try exchange again.
if (MCL_OK == code)
{ printf("Retrying exchange: "); code = mcl_communication_exchange(communication, store, NULL); }
else if (MCL_BAD_REQUEST == code)
{
// If get access token call returns bad request error then rotate key and try exchanging again.
printf("Calling rotate key: ");
code = mcl_communication_rotate_key(communication);
// If key rotation is successful, then retry exchange.
if (MCL_OK == code)
{ printf("Retrying exchange: "); code = mcl_communication_exchange(communication, store, NULL); }
}
}
}
If the agent does not call these functions it will fail to send data after some time.
You can have a look at the link for more information:
https://developer.mindsphere.io/resources/mindconnect-lib/doxygen/html/index.html
You can also have a look in the files. It's inside "include/mcl/mcl_common.h" and look for "typedef enum E_MCL_ERROR_CODE" line .
By uploading your application via Developer Cockpit, you confirm having evaluated and tested the application with respect to its technology, functionality, performance, security, and user interface. You agree that your application complies with the documentation and any other requirements set out in the MMA or the respective order form.
Please also check the documentation "Get your Application Ready for Productive Use":
https://developer.mindsphere.io/howto/howto-app-publication.html
After uploading the application the preparations and verifications of the productive release will be started. Usually this takes only a few days and should not exceed 14 days. Developers should consider this period in their planning. This process cannot be accelerated. Therefore, please do not send any requests to the MindSphere Support. An email notification is sent to the primary and secondary e-mail address as soon as the application is available for productive use.
This information can be found in Prerequisites chapter of the "Self-Hosted Application" documentation:
https://developer.mindsphere.io/howto/howto-selfhosted-api-access.html
• MindAccess DevOps Plan
• Service Credentials for IoT Value Plan Tenants cannot be created, because a DevOps Plan is needed for developing purposes
With the release in January the Token Manager API will be released which allows customers to issue application (version) specific service credentials in the Developer Cockpit. For more information's, please check the MindSphere Release Notes and the Developer Cockpit documentation after the release.
Please note the "Creating Service Credentials" description in the MindSphere Developer Documentation under the chapter "How Tos":
https://developer.mindsphere.io/howto/howto-selfhosted-api-access.html
Prerequisites:
• MindAccess DevOps Plan - this is your MindSphere account (tenant)
• Service Credentials for IoT Value Plan Tenants cannot be created, because a DevOps Plan is needed for developing purposes
• mdsp:core:TenantAdmin role
• Outbound Traffic Upgrade - this includes a data volume for consuming MindSphere services from outside of the MindSphere platform
Creating Service Credentials:
In order to create new or update existing service credentials, you have to make a service request to the MindSphere Support using a special template which can be found under:
https://developer.mindsphere.io/howto/howto-selfhosted-api-access.html#creating-service-credentials
With the release in January the Token Manager API will be released which allows customers to issue application (version) specific service credentials in the Developer Cockpit. For more information's, please check the MindSphere Release Notes and the Developer Cockpit documentation after the release.
The most important Cloud Foundry CLI commands can be found:
• in the MindSphere Developer Documentation in the chapter "Cloud Foundry How Tos":
https://developer.mindsphere.io/paas/paas-cloudfoundry-howtos.html
• in the corresponding Cloud Foundry documentation:
http://cli.cloudfoundry.org/en-US/cf/
Please note that not all commands can be executed with the OrgManager role. In some cases the SpaceDeveloper role is necessary, e.g. to start or stop apps. You can find a complete overview at the following link:
https://docs.cloudfoundry.org/concepts/roles.html
Open a command line (CLI) and use the following command:
cf login -a https://api.cf.eu1.mindsphere.io --sso
To get the Temporary Authentication Code open the following URL in your browser and klick "Log in with WebKey":
https://login.cf.eu1.mindsphere.io/passcode
Login with your WebKey credentials (like you do for the Tenant login) and then paste the Temporary Authentication Code into the command line.
When the Tenant is created, only the Tenant Owner will be assigned a role in the tenant and in the cloud foundry Org.
The Tenant Owner will be the person that is officially named in the MindSphere contract as TenantAdmin.
The Tenant Admin role and the cloud foundry role refer to two different accounts.
The Tenant Owner is able to assign tenant admin role in the tenant to other users. In Cloud Foundry, like in the tenant, the Tenant Owner has to invite users and create Spaces and assign roles to the Org/Spaces.
In order to get your role in cloud foundry, you need to contact the Tenant Owner.
Please find here the documentation of how your Tenant Owner can add a new user to Cloud Foundry https://developer.mindsphere.io/paas/paas-cloudfoundry-howtos.html
Prerequisites:
You want to invite a new user to your MindSphere Cloud Foundry Organization (Org) with the command cf set-org-role and see the following error:
FAILED:
Server error, status code: 404, error code: 20003, message: The user could not be found: <Email address of the user>
Solution:
Please note the "Add a New User" description in the MindSphere "Cloud Foundry How Tos" documentation:
https://developer.mindsphere.io/paas/paas-cloudfoundry-howtos.html#add-a-new-user
Prerequisites for adding a new user:
• The new user has access to a DevOps Plan.
• The new user has logged into the Cloud Foundry once before (see Connecting to Cloud Foundry via CF CLI).
The IP addresses for your firewall settings in order to enable access to your application server can be found here:
https://developer.mindsphere.io/howto/howto-selfhosted-integration.html#testing-the-application
Note that there can be temporary situations where the IP addresses provided are not reachable (e.g. in case of a fallback). Any permanent change will be updated in the documentation as provided above.
The ip address mention in document is not sufficient
35.156.223.10
18.194.162.141
18.194.195.179
To obtain the access they added two more IP addresses, found them by checking the calls our PC , try to send data to mindsphere.
35.157.214.208
35.157.92.15
Customer need to know whether the ipaddress he is using is robust and secured?
Because these IP address (35.157.214.208
35.157.92.15) is not documented anywhere?
Q: Does the application run directly at the customer in the IoT Value Plan or in the Operator Tenant?
A: The application itself uses the resources assigned to it by the Operator Tenant.
If an IoT Value Plan Tenant purchases a MindApp, it must be provisioned from the Operator to the IoT Tenant.
In the last step, an IoT-Tenant admin must confirm this and grant the necessary authorizations to the persons who are authorized for the MindApp.
Q: If it is running at the customer, is the asset also stored there?
A: The assets are stored in the IoT-Tenant (although MindApp runs on the operator).
MindSphere's validation process ensures that the respective customer data are treated confidentially and are not passed on to third parties.
Q: Is the asset copied from the developer/operator to the IoT-tenant? Will the DataSource configurations / DataMappings be copied?
A: The required assets can either be generated by authorized users of the IoT-tenant or by certain calls of the MindSphere API via the previously provisioned MindApp.
We are currently working on a feature that allows mass DataSource configurations. More information will be available in future release notes.
Q: Since the asset IDs are different, how are they distinguished? Aren't static IDs used during development?
A: All necessary data for the exact association of a certain asset can be retrieved via the MindSphere API. This includes Assets, Asset Types, Aspects and Aspect Types.
When developing applications, it is not recommended to use static IDs. The developers of MindApps decide which criteria are used to differentiate between them.
Q: As a developer, how do I differentiate between assets when they are retrieved via the API?
A: Developers have the option of identifying the assets based on various criteria.
One of the possibilities is to generate the required asset structure including Aspect and Aspect Types at the first start of MindApp.
Once this is done, the MindApps can search the asset structure for the required properties using simple queries in the program code.
Dear Customer,
you can inform yourself about options and possible Apps to order in our MindSphere Store https://store.mindsphere.io.
If you have questions or you know what you want to order, please get in contact with your regional Siemens sales department for further information. Or you press the "Contact Us" Button in the Store. Your sales contact will then reach out to you and assist you with the order.
Dear Customer,
in general all MindSphere contracts have a designated Enddate. Therefore you do not wish to further extend your contract, it will automatically expire. Your tenant, will be deactived after expiration. After a deactivation period it will then be deleted.
If you have further questions, please get in contact with your regional Siemens sales department for further information.
Or if you do not know your Siemens sales contact, you can contact sales via the MindSphere Store https://store.mindsphere.io
You can reset your password yourself. Just go to the following link
https://www2.industrysoftware.automation.siemens.com/webkey/
Under "Forgot:" click on the link "Forgot your password?". Enter your webkey (usually your email address) to request a new mail for changing your password.
You can request it yourself. Just go to the following link
https://www2.industrysoftware.automation.siemens.com/webkey/
Under "Forgot:" click on the link "Forgot your username?". Enter your email-address to request a new mail for receiving an email wiht the next steps.