Architecture Overview
| Platform: | AvailableWebNot availableMobile |
|---|---|
| Plan Type: | Not availableBasicNot availableEssentialAvailablePremiumAvailableEnterprise |
| User Type: | Not availableRequesterNot availableFull UserAvailableAdministrator |
This article provides an overview of the architecture of the MaintainX® On-Premise Agent (OPA), focusing on how it connects an MQTT broker to MaintainX and its security characteristics.
How It Connects​
You install the OPA on a host system. Your MQTT broker sends data to the OPA, and the OPA connects to an instance of the MQTT connector integration in the MaintainX application using a unique access token.
You can create multiple instances of the MQTT connector in MaintainX. In that case, each instance requires its own:
- MQTT broker
- Host system
- OPA
- MaintainX MQTT connector integration instance
Security​
Read-Only Access​
The OPA operates in read-only mode. It only subscribes to and processes messages from your MQTT broker, and never writes back to it.
Secure Outbound Communication​
The OPA communicates with MaintainX over a secure, outbound HTTPS connection. Outgoing traffic from the host system reaches https://agent.maintainx.com/ on port 443.
| Parameter | Value |
|---|---|
| Protocol | HTTPS (TLS) |
| Direction | Outbound only |
| Destination URL | https://agent.maintainx.com/ |
| Port | 443 |
Broker Connection Security​
By default, the OPA uses a secure Transport Layer Security (TLS) connection to communicate with the MQTT broker, and only trusts certificates signed by recognized authorities. You can also configure client certificate authentication and add your own Certificate Authority (CA) certificate. For details, see TLS and Certificate Authentication.