IoT Tips

Hi everybody, In this blogpost I want to share with you my local ThingWorx installation, with some optimizations that I did for local development. -use the -XX:+UseConcMarkSweepGC . This uses the older Garbage Collector from the JVM, instead of the newer G1GC recommended by the ThingWorx Installation guide since version 7.2. The advantage of ConcMarkSweepGC is that the startup time is faster and the total memory footprint of the Tomcat is far lower than G1GC. -use -agentlib:jdwp=transport=dt_socket,address=1049,server=y,suspend=n. This allows using your Java IDE of choice to connect directly to the Tomcat server, then debugging your Extension code, or even the ThingWorx code using the Eclipse Class Decompilers for example. Please modify the 1049 to your port of choice for exposing the server debugging port. -use -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=60000 -Dcom.sun.management.jmxremote.ssl=false                  -Dcom.sun.management.jmxremote.authenticate=false           This sets up the server to allow JMX monitoring. I usually use VisualVM from the JDK bin folder, but you can use any JMX monitoring tool.           This uses no Authentication, no SSL and uses port 6000 - modify if you need. I usually startup Tomcat manually from a folder via startup.bat, and the setenv.bat looks like: set JAVA_HOME=C:\Program Files\Java\jdk1.8.0_102 set JRE_HOME=C:\Program Files\Java\jdk1.8.0_102 set THINGWORX_PLATFORM_SETTINGS=D:\Work\servers\apache-tomcat-8.0.33 // this is where the platform-settings.json file is located set CATALINA_OPTS=-d64 -XX:+UseNUMA -XX:+UseConcMarkSweepGC -Dfile.encoding=UTF-8 -agentlib:jdwp=transport=dt_socket,address=1049,server=y,suspend=n -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=60000 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false In this mode I can look at any errors in almost real time from the console and it makes killing the server for Java Extension reload a breeze -> Ctrl+C Please don't hesitate to provide feedback on this document, I certainly welcome it. Be warned: THESE ARE NOT PRODUCTION SETTINGS. Best regards, Vladimir

This post adds to my previous post: Deploying H2 Docker versions quickly   In addition to configuring the basic Docker Images and Containers, it's also possible to deploy them with a TLS / SSL certificate and access the instances via HTTPS protocol.   For this a valid certificate is required inside a .jks keystore. I'm using a self-signed certificate, but commercial ones are even better! The certificate must be in the name of the machine which runs Docker and which is accessed by the users via browser. In my case this is "mne-docker". The password for the keystore and the private key must be the same - this is a Tomcat limitation. In my case it's super secret and "Password123456".   I have the following directory structure on my Operating System   /home/ts/docker/ certificates mne-docker.jks twx.8.2.x.h2 Dockerfile settings platform-settings.json <license_file> storage Thingworx.war   The Recipe File   In the Recipe File I make sure that I create a new Connector on port 8443, removing the old one on port 8080. I do this by just replacing via the sed command - also introducing options for content compression. I'm only replacing the first line of the xml node as it holds all the information I need to change.   Changes to the original version I posted are in green   FROM tomcat:latest MAINTAINER mneumann@ptc.com LABEL version = "8.2.0" LABEL database = "H2" RUN mkdir -p /cert RUN mkdir -p /ThingworxPlatform RUN mkdir -p /ThingworxStorage RUN mkdir -p /ThingworxBackupStorage ENV LANG=C.UTF-8 ENV JAVA_OPTS="-server -d64 -Djava.awt.headless=true -Djava.net.preferIPv4Stack=true -Dfile.encoding=UTF-8 -Duser.timezone=GMT -XX:+UseNUMA -XX:+UseG1GC -Djava.library.path=/usr/local/tomcat/webapps/Thingworx/WEB-INF/extensions RUN sed -i 's/<Connector port="8080" protocol="HTTP\/1.1"/<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" enableLookups="false" keystoreFile="\/cert\/mne-docker.jks" keystorePass="Password123456" ciphers="TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA" compression="on" compressableMimeType="text\/html,text\/xml,text\/plain,text\/css,text\/javascript,application\/javascript,application\/json"/g' /usr/local/tomcat/conf/server.xml COPY Thingworx.war /usr/local/tomcat/webapps VOLUME ["/ThingworxPlatform", "/ThingworxStorage", "/cert"] EXPOSE 8443   Note that I also map the /cert directory to the outside, so all of my Containers can access the same certificate. I will access it read-only.   Deploying     sudo docker build -t twx.8.2.x.h2 . sudo docker run -d --name=twx.8.2.x.h2 -p 88:8443 -v /home/ts/docker/twx.8.2.x.h2/storage:/ThingworxStorage -v /home/ts/docker/twx.8.2.x.h2/settings:/ThingworxPlatform -v /home/ts/docker/certificates:/cert:ro twx.8.2.x.h2   Mapping to the 8443 port ensures to only allow HTTPS connections. The :ro in the directory mapping ensures read-only access.   What next   Go ahead! Only secure stuff is kind of secure 😉 For more information on how to import the certificate into a the Windows Certificate Manager so browsers recognize it, see also the Trusting the Root CA chapter in Trust & Encryption - Hands On

This video shows the commands to execute to deploy the training and results microservices as docker container. This is based on Docker Toolbox to highlight the specific settings required on Toolbox.   Updated Link for access to this video:  Deploying Training & Result Microservices via Docker Containers for Anomaly Detection

ThingWorx Manufacturing Apps Setup and Configuration Guide 8.0.1   Note: The ThingWorx Manufacturing Apps Freemium (Express) 8.1 and Dev Kit 8.1 installers will be available in late November 2017. This document contains information on the installation and use of the ThingWorx Manufacturing Apps Freemium (Express) installer 8.0.1 and ThingWorx Manufacturing Apps Dev Kit installer 8.0.1.   The ThingWorx Manufacturing Apps Extensions 8.1.0 have now been released. For documentation on this version, please see these updated documents:   ThingWorx Manufacturing Apps 8.1.0 Documentation ThingWorx Manufacturing Apps 8.1.0 Available for Download!

If you've installed and used version 8.0.0 of the Manufacturing Apps and would like to extend your usage beyond the trial expiration time, we invite you to use the new version of the Apps (8.0.1), which now includes Production Advisor.   You will need to uninstall and reinstall the application to begin this process.  You will be able to preserve your configuration data by exporting it, but you will only be able to import it in the commercial version of the Application.  To export your configuration: navigate to the hamburger menu at the top right of the screen and select "Export Configuration and Data" To move to the latest release of the free edition of the application (8.0.1): 1. Uninstall the applications.  Navigate to the Start Menu > ThingWorx Manufacturing Apps > Uninstall. 2. Download the latest version: https://www.ptc.com/en/thingworx/manufacturing-apps/Dashboard/Download-Apps 3. Run the installer.   If you have any questions or concerns, feel free to post a question in the manufacturing apps community, or in response to this post; we will be happy to assist you!   - The PTC Manufacturing Team

Video Author:                     Stefan Taka Original Post Date:            June 6, 2016   Description: This tutorial video will walk you through the installation process for the Neo4j based version of the ThingWorx Platform in a Windows environment.  All required software components will be covered in this video.      

Finally there is an article which combines all of the available resources on certificate configuration to better enable developers to complete their production-worthy edge devices. Please see the official PTC documentation located here. Please feel free to comment with any questions, comments, or feedback on this! Happy developing!

The .NET Framework versions 3.5 and 4.5 are required external dependencies. The ThingWorx Manufacturing Apps installer will prompt you to install these. For more information on the System requirements and External dependencies, see: Not authorized to view the specified document 3992 If you are a previous ThingWorx user, and are not using the full ThingWorx Manufacturing Apps installer, you will need to add these framework versions to the Windows operating system. An installer is available from the PTC App store for this purpose, or this can be done manually by following the instructions below. Note: both the .NET 3.5 and .NET 4.5 Frameworks are required. Do not install the .NET 3.5 Framework alone. Manually add the .NET 3.5/4.5 Framework to Windows: 1. Open the Windows Control Panel | select Programs and Features. 2. Select the option to "Turn Windows features on or off" 3. In Windows 7 (or other Standard editions), you can select the .NET framework from the list and follow the steps for installation. 4. In Windows Server 2012 (and other Server editions), select the option to "Add roles and features," then Next. For Installation type, select "Role-based or feature-based installation," then Next. Choose your server from the Server Selection menu, then Next. Then choose the framework versions and complete the install.

As many already know, ThingWorx versions 8.0+ now support both Apache Tomcat versions 8.0.44+ and versions of 8.5.13+. For this reason, many will want to consider using the latest Apache version for their ThingWorx instance, even despite the fact that the installation documentation does not seem to provide examples for the 8.5.x versions. This is because much of the configuration between the two versions remains the same. One may question these similarities when looking at the updated documentation from Apache on configuring SSL Connector ports. It would seem like some of the more traditional elements are now unusable, since they are marked for deprecation (including keystoreFile, keystorePass, and clientAuth). However, for now, these elements are still usable because Tomcat will convert whatever is provided in the Connector tag to the brand new SSLHostConfig tag (used primarily by Tomcat going forward). Apache has noted that these configuration options will continue to be usable throughout the next few major versions of Tomcat. PTC is already working on documentation which helps utilize the new configuration options in the future, but it won't be available for some time. In the meantime, for step-by-step instructions and further reading, see our Knowledgebase Article using self-signed certs (this article uses a CA). Happy developing!

In this video we are walking through the installation steps of ThingWorx Analytics Server 8.1. This cover the Native Linux installation though the steps will be similar for a docker installation on Windows or Linux.   Updated Link for access to this video:  Installing ThingWorx Analytics Server 8.1 - Native Linux

The RabbitMQ Management plugin provides a web-based interface into the inner workings of the messaging bus behind ThingWorx Flow. It is installed by the Flow installers but is an HTTP service by default and is a totally different web server than the NGINX used to front-end ThingWorx Flow. This will describe how to integrate it into the NGINX on your ThingWorx Flow server. This is necessitated by some recent browser behavior changes that make it very hard to get to the http port once you've used an https service on the same machine from the same browser.   First - let's find the user name and password for the RabbitMQ Management plugin. On a Linux server, the file /etc/rabbitmq/definitions.json will hold the name and password for the plugin's UI:         "users": [{                 "name": "flowuser",                 "password": "1780edc6b8628ace2ace72465cdc7b048c88",                 "tags": "administrator"         }],   On a Windows server, the definitions.json file can be found under [flow install location]\modules\RabbitMQ.   Of course, access to these directories should be limited.   Second - let's integrate the plugin into NGINX The best way to integrate the plugin into Flow is to let NGINX reverse proxy to the other http server running the UI for the plugin, which is exactly what happens for Thingworx itself. That way, only NGINX has to be configured for https and no other ports need to be opened to allow access to the plugin.   You need to find the file vhost-flow.conf on your system. On Linux, this will be /etc/nginx/conf.d/vhost-flow.conf. On Windows, it will be at C:\Program Files\nginx-[version]\conf\conf.d\vhost-flow.conf by default. Add the following fragment after the last location xxx {…} segment in the file:       # deal with the rabbitMQ admin tool     location ~* /rabbitmq/api/(.*?)/(.*) {         proxy_pass http://127.0.0.1:15672/api/$1/%2F/$2?$query_string;         proxy_buffering                    off;         proxy_set_header Host              $http_host;         proxy_set_header X-Real-IP         $remote_addr;         proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;         proxy_set_header X-Forwarded-Proto $scheme;     }       location /rabbitmq {         rewrite ^/rabbitmq$ /rabbitmq/ permanent;      }       location ~* /rabbitmq/(.*) {         rewrite ^/rabbitmq/(.*)$ /$1 break;         proxy_pass http://127.0.0.1:15672;         proxy_buffering                    off;         proxy_set_header Host              $http_host;         proxy_set_header X-Real-IP         $remote_addr;         proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;         proxy_set_header X-Forwarded-Proto $scheme;     }   This makes the request for /rabbitmq get pushed over to the web server at port 15672 on the Flow server.   Test the updated config file with (nginx may not exist in your normal path): nginx -t   Restart the NGINX service: Linux (one of these will work depending upon your Linux version): systemctl restart nginx service nginx restart Windows: Net stop ThingWorxOrchestrationNginx Net start ThingWorxOrchestrationNginx -or- use the Services app to restart the service   Thanks to https://groups.google.com/forum/#!topic/rabbitmq-users/l_IxtiXeZC8 for the needed config changes.   You can now use https://yourserver/rabbitmq to get to the login page for the management plugin. Login with the user and password from the definitions.json file on your system and you can now monitor the behavior of your RabbitMQ environment.

While it is not a requirement, it is a best practice to install KEPServerEX (v6.2 or higher) before installing ThingWorx (v8.0.1 or higher). If ThingWorx is already installed, close the application and complete the install of KEPServerEX by following these install instructions: How do I download and install KEPServerEX? Now, when you attempt to launch ThingWorx, if you are presented with a "null pointer exception" error, follow this workaround: 1. Navigate to the 'PostgreSQL\installer' directory, within the directory where the Manufacturing Apps are installed. By default this will be: <ThingWorx install path>\ThingWorxManufacturingApps\PostgreSQL\installer 2. Run the 'vcredist.exe' located there. This application should re-install the conflicting redistributables, and you should be able to launch ThingWorx again normally.

Video Author:                     Christophe Morfin Original Post Date:            October 10, 2016 Applicable Releases:        ThingWorx Analytics 52.x and 7.4   Description: In this video we review the prerequisites needed prior to installing ThingWorx Analytics Server.  

The ThingWorx Manufacturing Apps 8.0.1 are tested and supported for use with ThingWorx 8.0.1. The ThingWorx Manufacturing Apps 8.1.0 are tested and supported for use with ThingWorx 8.1.0.

Video Author:                     Christophe Morfin Original Post Date:            October 2, 2017 Applicable Releases:        ThingWorx Analytics 8.1   Description:​ In this video we will walk thru a few steps to ensure the installation process was successful.    

Updates: App Keys defaults - Now stored in secure keystore - Newly created app keys stored automatically - On upgrated existing app keys are migrated to secure keystore Change the app key default expiration time to 1 day - Changed from 100 years - UI date picker - If date not picked now defaults to 1 day Best Practice: - Carefully consider expiration - Set to desired value at time of creation - Scripts should carefully choose time -Knowledge base article in the works Edge SSL updates C SDK TLS/SSL: C-SDK support for OpenSSL: - Version 1.0.2 that supports tls  1.2. - Tomcat 8 compatible ciphers - EMS will follow soon BYO SSL - Abstraction layer &Documentation - Path to building any SSL for supported environments - Porting - Different version of open ssl: straight forward - Other SSL: some expertise required - Enables other SSL providers: - Burden to validate on SDK developer Possibilities: -AxTLS -WolfSSL -Mocana EMS improvements SafeInt Library -C++ library -Helps prevent integer overflows Better certificate loading support -EMS and LUA script resource can authenticate -Bidirectional EMS's HTTP server now defaults to requiring authentication for LSR Overall theme: secure by default Q: If appkey expired in 1 day, does a new one get automatically created? A: Automatic one is not created, change the expiration date when creating the app key. When it expires - have to create a new one.

This is a note/reminder in cross-reference to https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS267248&lang=en_US Java 9 is expected to be released by Oracle September 21 2017 and is not currently supported for ThingWorx, refer to ThingWorx System Requirement guides for support details: ThingWorx 8 ThingWorx 7 ThingWorx 6

In this video we are going through a few steps to ensure the installation process went fine.   Updated Link for access to this video:  Validating a ThingWorx Analytics Server 8.1 Installation

New Framework in 8.5 -Install Builder produced installers -Installation orchestrated by Chef - UX Improvements - Cosmetic changes - Increased and improved help texts  - Documentation improvements - Changed layout for clarity - Security improvements Prerequisites:  -Install&Setup DB prior to installation -Set up ThingWorx DB User and database -DB command line tools installed & in the path (psql, msqlcmd) -Java 1.8.144 minimum -Clean machine for the install Common Issues -Command line tools not in path -DB user not set up -DB user with incorrect permissions -Java not installed or in path -Not running on a clean machine -Installed java 32bit instead of 64   Contacts: PM Mike Tresh TPM Jennifer Keane Dev Lead Mickey Kimchi   Q: The Windows/RHEL supported OS is just for installers? Running Thingworx on Ubuntu manually, is still supported? A: Yes. The matrix of supported OS for ThingWorx is larger than what we currently support for automated installs. ThingWorx can still run on Ubuntu Q: Is the support of Ubutu dropped completely , or just for the initial release? A: Support of Ubuntu is not there for the automated installers, it is still there for ThingWorx itself. Q: Would the installers provide a scrolling log or a direct link to the log file ? A: We provide the locations of the log files at the end of the install in the summary, and also the locations are noted in the documentation if you need to see log details. We also provide a progress bar with some info while install is running. The ThingWorx session will now be terminated by the Logout sequence yes. We now show a login browser prompt for TWX if they try to go back. Q: How do we upgrade a TWX 8.4 to TWX 8.5? A: For now, it's the manual upgrade process that you will already be familiar with as documented. Q: Is uninstaller available? A: Yes, there is an uninstaller for Foundation available, it should be present for you after running the installer. Q: Is Docker supported? A: We do support Docker and have samples available.