User Tools

Site Tools


brokers:local_broker

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
brokers:local_broker [2016/04/30 22:43]
buben
brokers:local_broker [2016/05/09 10:24] (current)
Line 1: Line 1:
 +====== Local broker ======
  
 +{{ :​mqopen-infrastructure.png?​200|}}
 +
 +Local broker is small device in one designated area. Its responsibility is provide plain text data exchange for all local devices and encrypted link to central broker. This allows to use very cheap endpoint devices, which has not enough resources for robust data encryption.
 +
 +MQTT implement client authentication based on username/​password,​ but credentials are sent in plaintext only. This is reasonable because MQTT is designed fo small devices, like AVR, which doesn'​t have enough resources to implement modern encryption. For that reason, endpoint devices establish a connection with local broker with no encryption and must be placed in secured perimeter.
 +
 +Local MQTT broker then establish encrypted connection to [[brokers:​central_broker|central MQTT broker]] and creates secure network.  ​
 +
 +There are two ways how to establish encrypted bridge connection between local and central broker:
 +  * Configure broker to use SSL connection
 +  * Use VPN
 +
 +First approach is preferred. See [[brokers:​central_broker#​ssl_connection_vs_vpn|security concerns]].
 +
 +===== Build local broker =====
 +
 +Because network is designed to span over many places, local MQTT broker should be as cheap as possible. It can be even cheaper than endpoint devices.
 +
 +Currently, local broker can be build from these devices:
 +
 +  * [[brokers:​raspberry_pi|Raspberry Pi]]
 +  * [[brokers:​a5_v11|A5-V11 (OpenWrt)]]
 +
 +Local brokers are nothing more that ordinary Linux powered computers. Many other devices can be easily added.
brokers/local_broker.txt · Last modified: 2016/05/09 10:24 (external edit)