Introduction
ThingWorx 10.0 introduces targeted improvements for real-time industrial data ingestion, secure transport, and scalable persistence. Below is a developer-focused breakdown of components, protocols, and deployment topologies, including diagrams and code/configuration snippets.
Platform Updates Summary
- Runtime: Java 21 LTS; Servlet container: Apache Tomcat 11; Framework: Spring 6.
- Security: TLS 1.3, hardened CSP, modern cipher suites, mTLS option for edge links.
- Persistence: PostgreSQL default; InfluxDB for time-series; Cassandra for high-throughput, horizontally scaled clusters.
- Messaging/Edge: Native MQTT/OPC UA connectivity; improved connection server throughput; optional Kafka/Event Hubs integration.
Key Enhancements
IoT Streams (time-series ingestion)
Optimized for near-real-time ingestion and forwarding to external analytics fabrics. Supports durable queueing for lossless delivery.
{
"queue": {
"type": "durable",
"target": "kafka://broker1:9092",
"topic": "thingworx-streams",
"acks": "all",
"compression.type": "lz4"
}
}Secure transport
Edge Agent <--TLS 1.3 / mTLS--> Connection Server --TLS 1.3--> Foundation Nodes
OPC UA (signed/encrypted) -------^ MQTT (TLS) -------------^// Example Spring Security hardening for custom endpoints proxied via ThingWorx
http
.cors().and()
.csrf().disable()
.headers(h -> h.contentSecurityPolicy(c -> c.policyDirectives(
"default-src 'self'; img-src 'self' data: https:; script-src 'self'; object-src 'none'")))
.authorizeHttpRequests(auth -> auth
.requestMatchers("/health", "/login").permitAll()
.anyRequest().authenticated())
.oauth2ResourceServer(oauth2 -> oauth2.jwt());Analytics and APIs
Historical queries and property history for modelled Things:
GET /Thingworx/Things/{thingName}/Properties/{propertyName}/History?startDate=...&endDate=...&maxItems=10000Reference Architecture
+-------------------+ +------------------------+
| Edge Devices |--MQTT-->| MQTT Broker (HA) |
| PLCs, Sensors |--OPC UA->| OPC UA Gateway/Kepware|
+---------+---------+ +-----------+------------+
| |
v v
+------+-------+ +-------+--------+
| ThingWorx | HTTPS/TLS1.3 | Load Balancer|
| Connection +----------------->| (L4/L7) |
| Server(s) | +---+--------+---+
+------+-------+ | |
| +---v---+ +--v----+
| |Node A | |Node B |
| |(Found.)| |(Found.)|
| +---+---+ +---+----+
| | |
| v v
| +-----+--------+-----+
| | Persistence Layer |
| | (PostgreSQL/ |
| | InfluxDB/Cassandra)|
| +---------------------+Event-driven Pattern (MQTT Pub/Sub)
flowchart TD
S1[PLC/Sensor] -- MQTT Publish --> BRK[MQTT Broker]
S2[Edge Gateway] -- MQTT Publish --> BRK
BRK -- MQTT Subscribe --> TWX[ThingWorx Sub]
BRK -- MQTT Subscribe --> AN[Analytics]
BRK -- MQTT Subscribe --> MES[Manufacturing ES]
Implementation Notes
- Sizing (min): 4 vCPU, 16 GB RAM, fast SSD (100+ GB). Prefer separate nodes for DB and broker.
- Persistence selection:
- PostgreSQL: default/value streams, transactional workloads.
- InfluxDB: time-series queries (downsampling, retention policies).
- Cassandra: very high write throughput, multi-region HA.
- UNS modeling: adopt hierarchical topics/names (site/line/cell/asset/property) to minimize integration friction.
- Security baseline: enforce TLS 1.3 everywhere, rotate credentials, least-privilege app roles, network ACLs.
- Observability: enable access logs, structured app logs, and exporter-based metrics (JMX/Prometheus).
Additional Diagrams
+-------------------+ TLS 1.3 +-------------------+
| ThingWorx Edge | <---------------------> | ThingWorx Server |
+-------------------+ +-------------------+
| |
| TLS 1.3 |
+-----------------+----------------------------+
|
+-------------------+
| External Systems |
+-------------------+Quick Checklist
- Enable TLS 1.3; disable legacy protocols/ciphers.
- Pick persistence by workload profile (TPS/retention/query mix).
- Use durable queues for off-platform analytics pipelines.
- Cluster and load-balance production nodes; test node failover.
- Model assets early with UNS; standardize topic naming.
Discover more from My Tricky Notes
Subscribe to get the latest posts sent to your email.