MQTT is a lightweight Machine-to-Machine (M2M) communication protocol often used in Industry 4.0 environments and IoT applications. Implementations and libraries exist for nearly every hardware, such as Arduino, Raspberry, PC, Smartphone, PLCs, etc.
MQTT (short for Message Queue Telemetry Transport) is an open standard (ISO/IEC PRF 20922) and is based on the publish-subscribe pattern. It works on top of the TCP/IP stack. It's main purpose is to exchange messages between clients and a server (broker). The clients can decide by themselves whether a message is important for them, based on the topics they have subscribed.
In this article I will shortly introduce how to setup the Simatic S7-1200 as a MQTT client (publisher role) and publish data to a MQTT broker on my local network.
The MQTT library for the Simatic PLC is taken from Siemens (from official Industry Support Portal) and as a broker I am using the hbmqtt library written in Python.
Simatic S7-1200 as MQTT client (publisher role)
The clients can act either as publishers or subscribers, or both. The data exchange is topic oriented, publishers can publish messages under specific topics and subscribers subscribe to topics whose messages they want to receive.
Attaching Simatic-S7 PLCs to a MQTT infrastructure is quite simple. Siemens now offers a library for their S7-1200, S7-1500 and S7-300 PLCS, which can easily be imported into own projects (Download Library here). As already described above, MQTT works on top of the TCP/IP stack, which means that it also supports SSL/TLS encryption to secure the communication. The S7-1200 and S7-300 can act as a MQTT publisher, but the traffic is sent in plain text, only the S7-1500 supports message cryptography.
Setting up the library in the TIA portal is simple, just open the library and copy the Types, DBs and FBs to your local project. Then call the DB "LMqtt_Publisher_DB" in your project (see Region _MQTTSend_). TIA will ask you to create a new instance DB for this FB and shows the input and output placeholder-arguments afterwards. The required data types for enable is self-explaining, it takes TRUE as input to activate the client, publish also takes a boolean value. Every time publish faces a rising-edge the PLC will publish a message to the broker. Depending on the application you need to trigger the publisher in a certain interval to post the messages to the broker. Therefore a trigger signal is necessary. I enabled the system clock memory bytes and passed the 1Hz bit as an input to publish, which means that the PLC posts a message once a second.
tcpConnParam and mqttParam requires the data-types which are already initialised in the Lmqtt_Data DB (see PLC types for definition). There you can set all the necessary parameters, which are all (more-or-less) self-explaining.
To work with a single MQTT instance I prepared s very simple scheduler, which copies the tags to the "LMqtt_Data" DB prior to call the MQTT instance (see region _schedulerPrepareData_). This includes setting the topic and the message.
In region _setMQTTConfigParams_ I set the most important parameters for the MQTT instance, I am simply doing this in the source code rather than in the DB because I wanted to separate the most important ones and have them clearly arranged. (These parameters may later be set from a HMI.) For the first trials, I left the field username and password blank to reduce the possible sources of errors.
The MQTT broker hbmqtt is written in Python3 and can easily be installed using the pip command (also on Windows). If you have not setup the Python environment variables in Windows correctly you can alternatively install the package using Visual Studio.
On your computer (which is on the same subnet as your PLC of course) you now run hbmqtt -d from the command line to start the broker. Afterwards you can put your PLC into run mode and you will see the messages being pushed to your MQTT broker. Notice: currently the clients authenticate anonymously, to force and test proper authentication based on username and password you just need to configure your hbmqtt broker and enter the credentials in the PLC under LMqtt_data. See hbmqtt's Read the Docs for further instructions. Beware: data transmission is still carried out in plain text, therefore appropriate measures should be performed to increase network security.
Completing this simple architecture can be done by introducing a MQTT client which is implementing the subscriber role. This can also be done using hbmqtt_sub, call hbmqtt_sub -d -url mqtt://127.0.0.1:1883 -t <yourtopic/topic1> from the command line. It will show all the messages send by the PLC under the given topic.
According to the specification, MQTT uses the following ports, depending on the configuration:
- plain text: 1883
- encrypted: 8883
- encrypted (client certificate required): 8884
- plain text via WebSockets: 8080
- encrypted via WebSockets: 8081
Feel free to download the sample project below. This project is based on the following two articles and therefore also implements the functionality as described in RESTful API for Simatic S7-1200 PLC & Python Client (Part 1) and Logging in to Simatic S7 ReST API using a python client (Part 2).
For a more detailed introduction to the MQTT architecture, read the official Siemens-Manual introducing the library.