EMQX Newsletter 2022-06｜Integration with HStreamDB, development of charging pile communication protocol OCPP gateway…

Following the release of EMQX 5.0.0-rc.4, the development of v5.0 is nearing completion. In addition to continuing to optimize the UI/UX of Dashboard to improve the user experience, and to test and fix various bugs to improve software stability, the EMQX team is also making comprehensive improvements and updates to the user documentation, which will soon bring users a more Powerful and easy-to-use EMQX 5.0.

In terms of cloud services, EMQX Cloud added JWT authentication support this month, giving users another option for authentication. In addition, the trading experience has also been optimized.

EMQX

QUIC Improvement: Adapt to MsQuic 2.0 & Refactor Internal Resource Management

In EMQX 5.0, we provided the world's first implementation of MQTT over QUIC, which supports users to switch the transport layer protocol of MQTT from TCP or WebSocket to QUIC. Previously, our QUIC project was implemented based on version 1.8 of Microsoft's open source project MsQuic. This month, we adapted the API implementation of MsQuic 2.0.2 and refactored internal resource management. Compared to MsQuic 1.8, version 2.0 brings a number of improvements in OpenSSL version upgrades and certificate handling. These changes will be launched with the official version of EMQX 5.0.

Support for persisting data to HStreamDB through the rule engine

As the first streaming database specially designed for streaming data launched by EMQ, HStreamDB has low-latency and reliable streaming data persistent storage performance, and can easily support and manage large-scale data streams. This month, we implemented the integration of EMQX with HStreamDB, and users will now be able to persist data to HStreamDB through the rules engine. At present, we have reached the write performance test of 10w TPS, and the pressure test of higher throughput is still in progress, in order to explore the performance limit of EMQX integrated HStream. This feature will be officially launched in a recent version update.

Support OCPP over WebSocket

This month we launched the development of the OCPP protocol gateway, which is the most widely used open charging pile communication protocol in the world. What we are implementing is the OCPP-J 1.6 protocol based on WebSocket. Although the latest version of OCPP has come to 2.0.1, 1.6 is currently the most popular version of the commercial deployment protocol. The OCPP gateway will provide capabilities including charging pile connection, authentication and authorization, and transparent transmission. This function will be launched in a recent version update.

Support OCSP Stapling

With the strengthening of the network security awareness of the majority of users, more and more users choose to use TLS to encrypt the connection between the client and EMQX. In the actual use process, the certificate may be revoked due to private key leakage and other reasons. Therefore, both the client and the server need to be able to know in time whether the certificate used by the other end is still legal. To solve this problem, we implemented support for OCSP Stapling, which has better privacy and connection performance than OCSP. We support EMQX to return the certificate carrying the OCSP response to the client (for one-way authentication), and also support the client to send the certificate carrying the OCSP response to EMQX (for two-way authentication).

For some clients that may not support OCSP, we will provide support for CRL (Certificate Revocation List), and in the process, we also fixed a bug in Erlang/OTP CRL related code.

The above features are currently in development, but are still being tested, and they will be available in a future version update.

SASL/GSSAPI (Kerberos) authentication for Kafka

Kafka supports SASL/GSSAPI (Kerberos) authentication. Compared with ordinary username and password authentication, it does not transmit passwords in the network, and can provide mutual authentication between server and client, with stronger security.

The EMQX team recently started the development of the Kafka SASL/GSSAPI authentication mechanism. At present, we have completed the development and verification of the driver layer. Next, we will add support for SASL/GSSAP to the Kafka resource of the rule engine. This feature will also be officially launched in a recent version update.

4.3 & 4.4 Maintenance Release Upgrade

EMQX open source version v4.3.15 & v4.4.4 and enterprise version v4.3.10 & v4.4.4 have been officially released at the beginning of the month, which brings many problems such as no error prompt when EMQX fails to start under Windows, and supports the use of JWT Several functional improvements for licensing.

We have already mentioned more changes in the Newsletter last month, you can check it out: https://www.emqx.com/zh/blog/emqx-newsletter-202205

Or directly check the Release Note of the corresponding version for more detailed information: EMQX v4.4.4 , EMQX Enterprise v4.4.4 .

The development of the next maintenance version of 4.3 & 4.4 is now nearing completion and will be released in the near future, so stay tuned.

EMQX Cloud

Transaction record query optimization

Users can now search and filter by transaction time to find records between a certain period of time. At the same time, transaction records can be filtered by "transaction method": domestic users can view Alipay, WeChat, balance or offline remittance to filter the corresponding transaction records, while overseas users support credit card, balance, and transfer inquiries. In addition, you can also find a record by querying the transaction ticket number.

External authentication supports JWT authentication

Json web token (JWT) is a JSON-based open standard ( RFC 7519 ) implemented for passing claims between web application environments. The token has a compact and secure design, and is especially suitable for single sign-on (SSO) scenarios in distributed sites. JWT declarations are generally used to transfer authenticated user identity information between identity providers and service providers in order to obtain resources from resource servers, and can also add some additional declaration information necessary for other business logic. Can be used directly for authentication or encryption.

Users can find it in [Authentication] - [External Authentication] on the left menu of EMQX Cloud deployment details. Using JWT, you can carry JWT as authentication information through Username or Password to authenticate the device. It also supports the configuration of the JWKs server address. EMQX Cloud will periodically query the latest public key list from the JWKs server and use it to verify whether the received JWT is legal. It is suitable for JWTs signed by RSA or ECDSA algorithm.

Years can be directly subcontracted after the trial deployment is stopped

Deployments are stopped and held for a few days after the 14-day free trial ends. Previously, if you wanted to switch to annual deployment after the trial deployment was stopped, the user needed to recharge to the balance first, and then started the deployment before subscribing to the annual deployment. Now, users can directly convert retired trial deployments to annual subscriptions and use them immediately. In [Deployment Overview] - [Subcontract Year], select the required subcontract year length, and after creating an order for payment, the deployment can be converted to a subcontract year, which is more convenient to operate.

EMQX Kubernetes Operator

The EMQX Operator 1.2.1 version to be released early next month will have the following new features:

Feature update

• The port adjustment pod will not restart, which further improves service stability
• By adjusting the listener in the EMQX Dashboard, it can be automatically updated without changing the K8s related configuration
• EMQX Plugin CRD implementation, easier and more convenient for plug-in management
• Support query EMQX cluster status through EMQX API, and update Status of EMQX Custom Resource
• Support EMQX multi-protocol listener

perfect optimization

• Fixed the problem that EMQX Plugin did not initialize the configuration Dashboard and reported an error

coming soon

The large-scale distributed IoT MQTT message server EMQX is about to release version 5.0, bringing high availability features such as stateless nodes and automatic scaling. EMQX Operator will also fully support the new version 5.0, so stay tuned.

Copyright statement: This article is original by EMQ, please indicate the source when reprinting.

Original link: https://www.emqx.com/zh/blog/emqx-newsletter-202206