Secure DDS and Asynchronous Publications

2 posts / 0 new
Last post
Offline
Last seen: 2 years 9 months ago
Joined: 08/19/2014
Posts: 4
Secure DDS and Asynchronous Publications

I have an operational network that needs to publish data  one way from one VLAN to another. We will be using secure DDS for the security of publications.    My question is can you use secure DDS on a one way asychronous publication?  If so what changes should be considered in the QOS?

cristiangguerrero's picture
Offline
Last seen: 4 years 1 month ago
Joined: 11/09/2018
Posts: 2

Asynchronous publishing is independent of RTI Security Plugins, and they can be enabled simultaneously. Indeed, Security Plugins supports Key Exchange fragmentation, which requires changing the publish mode to asynchronous publishing (see Enabling Asynchronous Publishing for the Key Exchange Topic in RTI Security Plugins Getting Started Guide for further information).

An example on enabling asynchronous publishing can be found on the RTI Community’s GitHub repository. Brief, to enable asynchronous publishing you will need to set your DataWriter’s publishing mode to ASYNCHRONOUS_PUBLISH_MODE_QOS. You should also select which flow controller will be used for asynchronous publishing, as in the following snippet:

            <!-- QoS used to configure the data writer created in the example code -->                
            <datawriter_qos>
                <!-- QoS for asynchronous publishing -->
                <publish_mode>
                    <kind>ASYNCHRONOUS_PUBLISH_MODE_QOS</kind>
                    <flow_controller_name>DDS_FIXED_RATE_FLOW_CONTROLLER_NAME</flow_controller_name>
                </publish_mode>
            </datawriter_qos>

Please, note that asynchronous publishing may impact your system resource usage, depending on the activity of the asynchronous thread controlled by the FlowController. For further information, refer to ASYNCHRONOUS_PUBLISHER QosPolicy (DDS Extension) in RTI Connext DDS User’s Manual.

To enable RTI Security plugins, you may want to base your QoS profile on the Generic.Security builtin profile. This is the approach followed by the shipped security examples that you can find under rti_workspace/6.0.0/examples/connext_dds/c/hello_security. The Generic.Security builtin profile makes sure RTI Security Plugins are enabled by loading the security plugin suite, loading the nddssecurity library dynamically and setting the plugins’ creation function, (see Table 8.1 Properties for Enabling Security in the RTI Security Plugins Getting Started Guide).

In addition, you will need to specify some security artifacts to your DomainParticipants, as shown in the following snippet:

        <qos_profile name="A" base_name="BuiltinQosLib::Generic.Security" is_default_qos="true">
            
            <!-- QoS used to configure the data writer created in the example code -->                
            <datawriter_qos>
                <!-- QoS for asynchronous publishing -->
                <publish_mode>
                    <kind>ASYNCHRONOUS_PUBLISH_MODE_QOS</kind>
                    <flow_controller_name>DDS_FIXED_RATE_FLOW_CONTROLLER_NAME</flow_controller_name>
                </publish_mode>
            </datawriter_qos>

            <participant_qos>
                <property>
                    <value>
                        <element>
                            <name>dds.sec.auth.identity_ca</name>
                            <value>file:../../../dds_security/cert/cacert.pem</value>
                        </element>
                        <element>
                            <name>dds.sec.auth.identity_certificate</name>
                            <value>file:../../../dds_security/cert/peer1.pem</value>
                        </element>
                        <element>
                            <name>dds.sec.auth.private_key</name>
                            <value>file:../../../dds_security/cert/peer1key.pem</value>
                        </element>
                        <element>
                            <name>dds.sec.access.permissions_ca</name>
                            <value>file:../../../dds_security/cert/cacert.pem</value>
                        </element>
                        <element>
                            <name>dds.sec.access.governance</name>
                            <value>file:../../../dds_security/xml/signed/signed_Governance.p7s</value>
                        </element>
                        <element>
                            <name>dds.sec.access.permissions</name>
                            <value>file:../../../dds_security/xml/signed/signed_PermissionsA.p7s</value>
                        </element>
                    </value>
                </property>
            </participant_qos>
        </qos_profile>



Please let me know if this clarifies your question.