Everyware Software Framework Developer's Hub

Everyware Software Framework (ESF) is an enterprise-ready IoT Edge Framework distributed and supported by Eurotech. Based on Eclipse Kura, the open source Java/OSGi middleware for IoT gateways, ESF adds provisioning, advanced security, remote access, diagnostics monitoring. It supports ready-to-use field protocols (including Modbus, OPC-UA, S7), MQTT connectivity, and a web-based visual data flow programming to acquire data from the field, process it at the edge, and publish it to IoT Cloud Platforms. ESF features full remote device management through its integration with Everyware Cloud, Eurotech’s IoT Integration Platform.

Get Started

Framework Execution Modalities

Since ESF 3.2+ two execution modalities are supported by the framework:

  • development mode - enables some specific features that simplify the development process and provide remote debugging. This is the factory default.

  • production mode - strengthens the security checks; remote debugging and profiling are not allowed.

Warning!

Eurotech recommends the usage of ESF development mode​ only in the early stages of software development, while suggests switching to production mode for deployed solutions.

The execution modality may be determined through the ESF Gateway Administration Console. In development mode, the lower part of the console displays a warning message as shown in the screen capture below.

In production mode, no warning messages are displayed.

Switch to Production Mode

This section will describe the suggested steps that need to be followed to move ESF from Development to Production mode.

If steps are not executed in the proper order, the switching to Production mode can fail and might require ESF reinstallation.

  1. Shutdown​ ESF
# Note: on Linux distribution based on System V init scripts, the ESF process
# is monitored by Monit which will restart ESF is this is stopped.

/etc/init.d/monit stop
/etc/init.d/kura stop
  1. Replace the default /opt/eurotech/esf/kura/security.policy with one suitable for production mode (see above). At a minimum the value of the permit-debug property must be set to false
<?xml version="1.0" encoding="UTF-8"?>
<esf:security xmlns:esf="http://eurotech.com/esf/2.0" version="1">
  <esf:properties>
    <esf:property>
      <esf:name>permit-debug</esf:name>
      <esf:value>false</esf:value>
    </esf:property>
  </esf:properties>
  <esf:policies>
    <esf:policy>
      <esf:access>ALLOW</esf:access>
      <esf:conditions>
        <esf:condition>
          <esf:name>
            BundleSignerCondition
          </esf:name>
          <esf:value>
            "CN=\"Eclipse.org Foundation\, Inc.\", OU=IT, O=\"Eclipse.org Foundation\, Inc.\", L=Ottawa, ST=Ontario, C=CA; CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US;-"
          </esf:value>
        </esf:condition>
      </esf:conditions>

      <esf:permissions>
        <esf:permission>
          <esf:name>java.security.AllPermission</esf:name>
          <esf:values>
            <esf:value>
              *
            </esf:value>
            <esf:value>
              *
            </esf:value>
          </esf:values>
        </esf:permission>
      </esf:permissions>
      <esf:name>
        All permissions to Eclipse
      </esf:name>
    </esf:policy>

    <esf:policy>
      <esf:access>ALLOW</esf:access>
      <esf:conditions>
        <esf:condition>
          <esf:name>
            BundleSignerCondition
          </esf:name>
          <esf:value>
            "*;CN=EUROTECH S.p.A. Root Software ESF CA,OU=www.eurotech.com,O=EUROTECH S.p.A.,L=Amaro,ST=Udine,C=IT;-"
          </esf:value>
        </esf:condition>
      </esf:conditions>
      <esf:permissions>
        <esf:permission>
          <esf:name>java.security.AllPermission</esf:name>
          <esf:values>
            <esf:value>
              *
            </esf:value>
            <esf:value>
              *
            </esf:value>
          </esf:values>
        </esf:permission>
      </esf:permissions>
      <esf:name>
        All permissions to ESF signed bundles
      </esf:name>
    </esf:policy>
  </esf:policies>
</esf:security>
  1. Restart ESF
# Monit will restart ESF

/etc/init.d/monit start

Upon starting in production mode, ESF automatically fingerprints the new security policy file and the command line of its process.
The method will also work straight after ESF installation, omitting step number 1.