General Information

Library Overview

The MqttHandling library implements the Message Queuing Telemetry Transport (MQTT) client functionality in the application program running on a controller. The MQTT provides data exchange between the clients on a publish/subscribe basis. An MQTT client publishes messages (data) on a topic via an MQTT server. The MQTT server, represented by a server, forwards (publishes) the published messages to clients which are subscribed to the respective topic.

This library supports MQTT via a secured connection using TLS (Transport Layer Security).

Whether a connection using TLS is supported depends on the controller where the FB_TcpClient2 is used. Refer to the specific manual of your controller to verify if TCP communication using TLS is supported.

Characteristics of the Library

The table indicates the characteristics of the library:

Characteristic	Value
Library title	MqttHandling
Company	Schneider Electric
Category	Communication
Component	Internet Protocol Suite
Default namespace	SE_MQTT
Language model attribute	qualified-access-only
Forward compatible library	Yes (FCL)

NOTE: For this library, qualified-access-only is set. This means, that the POUs, data structures, enumerations, and constants have to be accessed using the namespace of the library. The default namespace of the library is SE_MQTT.

Example Project

In conjunction with the library, an example project is provided. The example project demonstrates how to implement the components from the MqttHandling library.

The example project is installed on your PC along with the programming software. To open the project example, proceed as follows:

Step	Action	Comment
1	In the EcoStruxure Machine Expert Logic Builder, execute the command New Project .	–
2	In the New Project dialog box, select From Example from the Project type list.	–
3	On the right-hand side of the New Project dialog box, click the button Toggle Filter .	Result: Available examples are listed in the drop down menu.
4	Select your example from the drop down menu.	–
5	Select your controller from the Controllers list.	–
6	Enter a name for the new project, and select the file location.	–
7	Click the OK button.	Result: A new project is created based on the selected example.

General Considerations

Only IPv4 IP addresses are supported for the communication functions provided with this library.

The TcpUdpCommunication (Schneider Electric) and the CAA Net Base Services library (CAA Technical Workgroup) use the same system resources on the controller. The simultaneous use of both libraries in the same application may lead to disturbances during the operation of the controller.

WARNING
	UNINTENDED EQUIPMENT OPERATION Do not use the library TcpUdpCommunication (Schneider Electric) together with the library CAA Net Base Services (CAA Technical Workgroup) simultaneously in the same application. Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING
	EXCHANGED DATA INCOMPATIBILITY Verify that the exchanged data are compatible because data structure alignments are not the same for all devices. Failure to follow these instructions can result in death, serious injury, or equipment damage.

NOTE: Schneider Electric adheres to industry best practices in the development and implementation of control systems. This includes a "Defense-in-Depth" approach to secure an Industrial Control System. This approach places the controllers behind one or more firewalls to restrict access to authorized personnel and protocols only.

WARNING
	UNAUTHENTICATED ACCESS AND SUBSEQUENT UNAUTHORIZED MACHINE OPERATION Evaluate whether your environment or your machines are connected to your critical infrastructure and, if so, take appropriate steps in terms of prevention, based on Defense-in-Depth, before connecting the automation system to any network. Limit the number of devices connected to a network to the minimum necessary. Isolate your industrial network from other networks inside your company. Protect any network against unintended access by using firewalls, VPN, or other, proven security measures. Monitor activities within your systems. Prevent subject devices from direct access or direct link by unauthorized parties or unauthenticated actions. Prepare a recovery plan including backup of your system and process information. Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING

UNAUTHENTICATED ACCESS AND SUBSEQUENT UNAUTHORIZED MACHINE OPERATION

Evaluate whether your environment or your machines are connected to your critical infrastructure and, if so, take appropriate steps in terms of prevention, based on Defense-in-Depth, before connecting the automation system to any network.
Limit the number of devices connected to a network to the minimum necessary.
Isolate your industrial network from other networks inside your company.
Protect any network against unintended access by using firewalls, VPN, or other, proven security measures.
Monitor activities within your systems.
Prevent subject devices from direct access or direct link by unauthorized parties or unauthenticated actions.
Prepare a recovery plan including backup of your system and process information.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

For more information on organizational measures and rules covering access to infrastructures, refer to ISO/IEC 27000 series, Common Criteria for Information Technology Security Evaluation, ISO/IEC 15408, IEC 62351, ISA/IEC 62443, NIST Cybersecurity Framework, Information Security Forum - Standard of Good Practice for Information Security and refer to Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment.