Data is not "retained" in Kepware in any sense we care about.
Data can be modeled like this:
- We can think of each device as having a set of "memory registers" for things like, last-max-torque, is-disabled, battery-level, etc
- Kepware ensures a correspondence between the values in those device registers and "local" values stored on the Kepware server
- Any time a device value is updated, that update is copied up to Kepware
- If a (writeable) register is written-to on the Kepware server, Kepware ensures the device register is updated as well
So as long as a value in a register hasn't been over-written, it is "retained" by the Kepware server. As soon as a new value comes in, however, the old value is gone forever.
Note that this answer does not make any durability or availability guarantees. Based on what I gathered from a chat with a Kepware rep, we would have to build whatever guarantees we want on top of less-reliable Kepware components.
We're already considering the following:
- HTTP basic auth
- firewalls that only open certain ports to certain IP addresses
In addition, it might be likely that customers wish to have an "air gap" between the internal control network of their site and the outside world. This could be accomplished by the use of an additional KepServerEx instance serving almost like a bastion host in front of the main KepServerEx instance that's directly connected to factory floor devices. The "outside" host and the "inside" host would talk to one another over OPC. How that changes Parsable's plan isn't yet clear.
Given our multitenant use case, is there a common pattern for mapping devices and sites to customers/tenants?
No, they did not have any tricks to recommend.
It is possible. Brent from Kepware confirmed it. I'll have to follow up with him for more details, but I'm pretty sure it's a capability of the product, IoT Gateway, using the "HTTP Client" component.
Via the IoT Gateway product's HTTP Client component. This component can sit next to a KepServerEx host and forward new tag values to registered servers (e.g. Mothership). Having spoken with Mark Poole, I now agree with him that this might not be an advisable strategy for Parsable, as we are then responsible for yet more customer data.
Yes, but only with a very limited set of drivers, with an even more limited set of driver versions. The only non-Microsoft driver is for MySQL. However, that driver's version is so old, I haven't been able to get it to connect successfully with the earliest MySQL version available in AWS RDS.