Connect IDE to Runtime ====================== Connection is described by the *URI_location* in project's configuration. ``Open project tree root -> Config tab -> URI_location`` eRPC ---- `eRPC `_ (Embedded RPC) is an open source Remote Procedure Call (RPC) developed by NXP. In case of Beremiz, Runtime is the eRPC server and IDE is a client. Transport can be either TCP/IP or Serial. ``URI_location`` for eRPC: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * ``ERPC://host[:port]`` unencrypted connection. Default port is 3000. This connection is highly unsecure, and should never be used on untrusted network. It is intended to be used on peer to peer connection such as ethernet over USB, for initial pairing with IDE. * ``ERPCS://host[:port]`` SSL-PSK encrypted connection. Default port is 4000. * ``LOCAL://`` starts local runtime and connect with it through TCP/IP bound to Localhost using random port. SSL-PSK setup: ^^^^^^^^^^^^^^ In order to provide practical secure communication in between runtime and IDE TLS-PSK connection according to rfc4279. Server (runtime) """""""""""""""" .. highlight:: ini PSK ciphersuite avoids the need for public key operations and certificate management. It is perfect for a performance-constrained environments with limited CPU power as a PLC. `Stunnel `_ is used to wrap unencrypted eRPC server into an TLS-PSK SSL socket. Hereafter is ``stunnel.conf``:: [ERPCPSK] accept = 4000 connect = 127.0.0.1:3000 ciphers = PSK sslVersion = TLSv1.2 PSKsecrets = psk.txt .. highlight:: text List PSK ciphers available in server's openssl:: openssl ciphers -s -psk -tls1_2 Launch ``stunnel``:: stunnel ./stunnel.conf Client (IDE) """""""""""" Compare client's available openssl PSK ciphers with Server's ciphers. At least a few of them should match:: openssl ciphers -s -psk -tls1_2 Use unencrypted peer-to-peer connection such as network over USB or simple Ethernet cable, connect an obtain PSK:: ERPC://hostname[:port] Then use Identity Management dialog in IDE to select matching ID and generate ``ERPCS`` URI:: ERPCS://hostname[:port]#ID WAMP ---- `WAMP `_ is an open standard WebSocket subprotocol that provides two application messaging patterns in one unified protocol: Remote Procedure Calls + Publish & Subscribe. Beremiz WAMP connector implementation uses python ``autobahn`` module, from the `crossbar.io `_ project. Both IDE and runtime are WAMP clients that connect to ``crossbar`` server through HTTP. ``URI_location`` for WAMP: * ``WAMP://host[:port]#realm#ID`` Websocket over unencrypted HTTP transport. * ``WAMPS://host[:port]#realm#ID`` Websocket over secure HTTPS transport. .. TODO : crossbar server setup with example config and minimal backend.