I have a few questions regarding a possible project.
Let's say I have a remote panel. I need to control a switch and access some data from a local device.
And have a display in an office for control/data viewing.
I'm assuming i could setup and edge IIOT device in remote location. Regular Ignition in the office.
My real question the MQTT edge to the internet. Is a cellular router the best option? how do I connect to the web to get to the office from an isolated location securely?
All the edge device needs is an internet connection (cellular modem, satellite connection, or however you get it internet). No firewall ports need opened on it for connectivity to your central office. The only thing you may want to do is set up some sort of VPN if you need to ever manage or edit it remotely, as that will require some sort of remote connection into the cellular modem you use to connect to the internet.
Somewhere else you'll need an MQTT broker of some sort. I like EMQx, some use Mosquitto, some use a 3rd party cloud service, and some use the CirrusLink Distributor plugin for Ignition. Wherever this broker resides will need either port 1883 or 8883 for MQTT clients to connect to. Port 1883 is unencrypted and port 8883 is encrypted.
Your Ignition gateway server in your office will need the Cirrus-Link MQTT Engine module, and will connect in a very similar way that the Edge does to the MQTT broker. If everything is configured properly, the tags will "magically" just show up under the MQTT Engine tag provider on your server and you'll be ready to go.
@michael.flagler thanks for the reply. I know a lot of VPN routers with cellular modem exist. But I'm not sure how that works. Do I just need the VPN constantly open in the office?
If the cellular modem can act as a VPN server, and if you can set up some sort of dynamic DNS so it always updates with it's current IP, that works. If you're the end customer, you can set up something like Tailscale on the PC and also on your engineering workstation to create a "mesh" style VPN. If you are the end customer, talk with IT and see if they have a VPN server already that the client can connect in to and set up routing to it that way. There's a lot of ways to do it, but never go the route of opening firewall ports on the edge system firewalls as it's just too risky. (Although we still have customers who insist on it even after I tell them it will attract hackers).
@michael.flagler yeah trying too look it up. The most confusing part is putting the remote device on the internet to get to a MQTT service then onto end site.
The VPN routers don't really advertise internet connection per say. I'm just kind of getting lost on the remote device to internet. So it can talk to everything else.