2019/04/10

The 2019/04/10 release of EnOS Cloud image offers the following udpates:

What’s New?

This section lists the new services and features in this release.

Device Management

In the Device Management Offering, we added support of CoAP, enhanced security by implementing access control for device management, model, and asset tree services, and provides APIs for Alert Service.

Device Connection through CoAP

Support to connect devices and ingest data through CoAP: CoAP/UDP can typically be used for NB-IoT devices to connect to EnOS, the support of CoAP ensures that devices operates on low power consumption, and at the same time, achieves upstream and downstream data transmission and device lifecycle managment.

Access Control on Services

In this release, we’ve implemented access control on users and service accounts against the Model, Device Management, and Asset Tree services. To grant access for a user, user group, or application to use these services, an OU administrator can configure the access policy in IAM > User, IAM > User Group, and IAM > Service Account.

  • Users or user groups have Read Only permission by default. OU administrators can grant built-in role-based access or custom access to users or user groups, so that they can create, delete, and edit devices, models, and asset trees. OU administrators have Full Access by default to all resources.
  • Service accounts have no permission to these services by default.
    • OU administrators can grant Read Only permission to service accounts so that applications can invoke APIs that reads data from devices, models, and asset trees.
    • OU administrators can grant Full Access so that applications can invoke APIs that create, edit, and delete devices, models, and asset trees.

Note

  • With access control on services enforced, the write access to Model, Device Management, and Asset Tree services are revoked. OU administrator must grant Full Access or relevant role-based access policy to users who need write access.
  • With access control on services enforced, applications can no longer access Model, Device Management, and Asset Tree service APIs. OU administrator must grant Full Access, Read Only or relevant role-based access policy to service accounts that need to invoke relevant service APIs.

Access Control on Assets

For assets on a specific asset tree, OU administrators can grant Read, Control, or Write permissions to users and service accounts.

  • Users and service accounts with Read permission can retrieve asset data.
  • Users and service accounts with Write permission can modify asset data.
  • Users and service accounts with Control permission can send measure point data to devices.

Note

With access control on assets enforced, users only have Read access to asset data by default, a user needs to obtain Control and Write permissions from OU admininistrator if needed. Services accounts have no access to asset data by default, an application needs to obtain relevant access to the data needed.

For more information, see Policy, Role, and Access.

Alert APIs

  • The following APIs are added for querying alert configuration:
    • getAlertSeverity
    • getAlertType
    • getAlertContent
    • getAlertRule
    • listAlertSeverities
    • listAlertTypes
    • listAlertContents
    • listAlertRules
  • The following APIs are added for adding, deleting, editing, and querying alert content:
    • listActiveAlerts
    • listHistoryAlerts
    • scrollActiveAlerts
    • scrollHistoryAlerts
    • insertActiveAlerts
    • insertHistoryAlerts
    • updateActiveAlertTags
    • updateHistoryAlertTags
    • closeActiveAlerts
    • deleteActiveAlerts
    • deleteHistoryAlerts

For more information, log in to EnOS console and select EnOS API > API Documents > Event Service.

Data Asset Management

In the Data Asset Management offering, we added support of new stream analytics template, computation cluster monitoring, and new data service APIs.

Stream Analytics

  • Multi-Point Aggregation template: Initial release of the template. The template enables aggregation of multiple measure points on the same device. The initial release supports the following features:

    • Triggering by point: When designing a data processing policy record, you can select a measure point as the triggering point. The data processing job is triggered when the data of this measure point arrives.
    • Triggering by frequency: The data processing task is triggered at a specified frequency. The system time of EnOS Stream Processing Engine is used for controlling the trigger. When a data processing job is triggered, the latest data of the measure points are used for calculation.
    • Automatic detection and completion of variables in expressions: As you enter the calculation expressions, the system automatically detects all models, measure points, and attributes in the current OU to help you auto-complete the expression.

    To access the Multi-Point Aggregation template, log into EnOS Console, in the Data Asset Management section of the left navigation panel, select Stream Data Processing > Stream Development, click + and select Multi-Point Aggregation from the Template drop-down list.

    For more information, see Multi-Point Aggregation Template.

  • Monitoring of stream computation cluster: Supports the monitoring of stream computation resource, such as the scheduler metrics and space metrics of the organization.

    To access the monitor, log into EnOS Console, in the Data Analytics section of the left navigation panel, select Cluster Monitoring.

Data Service API

  • getAssetsLatestData:Get the latest data of all measure points of the specified assets.
  • getPointsTSDBMetaData:Get the TSDB storage metadata of the specified model.

For more information, log in to EnOS Console, select EnOS API > API Documents > Data Service.

What’s Changed?

This section lists the enhancements and changed behaviors of this release.

Security

The following security enhancements have been made:

IAM

  • Organization profile: supports modifying basic information of an organization and changing organization owner. For more information, see Managing Organization Information.
  • Service account: supports granting access for a service account. For more information, see Managing Service Account.
  • Policy: Supports configuring built-in policies and custom policies for users and service accounts. For more information, see Policy, roles, and access.
  • Security setting: supports configuring password policy, login-IP restrictions, and session expiration time. For more information, see Security Setting.
  • Multi-factor authorization (MFA): In addition to the OU-level MFA setting, supports enabling MFA at the user account level. For more information, see Enabling Multi-factor Authorization.
  • Role-based engineering: In addition to the Administrator role, supports build-in policies for the following roles:
    • Security Auditor
    • Model Administrator
    • Model User
    • Asset Tree Administrator
    • Asset Tree User
    • Device Management Administrator
    • Device Management User For more information, see Policy, roles, and access.

EnOS API Signature Algorithm

The algorithm for signature has been changed to SHA-256. For more information, see Generating Signature for API Requests

Data Asset Management

The maximum query result to return for certain APIs has been changed:

  • Original limit: (devices × measure points × pagesize) not exceeding 640,000
  • New limit: (devices × measure points) not exceeding 3,000:

This change currently applies to the following APIs:

  • getAssetsRawDataByTimeRange
  • getAssetsAIRawData
  • getAssetsAINormalizedData
  • getAssetsGenericData

For more information, log in to EnOS Console and select EnOS API > API Documents > Data Service.