Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 2 years ago.
Improve this question
Is there any decent alternative to OPC-UA as a solution for accessing process data of a system composed of various PLCs? Something that is platform independent and can "speak" with products of different brands ?
I've heard of MQTT but it seems to be much more like a transport protocol, and only that. It does not have all the higher level stuff like the information modeling, etc.
Thanks for your help!
OPC is the only standard way for communicating with PLCs. OPC DA is the old alternative. OPC UA is the new one and recommended, nowadays. Before OPC there was just proprietary protocols and shared protocols like Modbus, but they are just lower level transport protocols as you've mentioned.
OPC UA is pretty unique with the Information Modeling, especially. With that feature it is enabling new communication possibilities for higher level systems and applications as well, in addition to plain PLC communication.
Note that some PLCs can also talk OPC UA natively, which makes it a standard in that way.
And OPC UA is really standardised as IEC 62541, ensuring that it's independent.
Update 17/07/19: OPC UA is now defined also as the Industry 4.0 Communication as I wrote in my recent article.
Update 20/05/05: OPC UA version 1.04 defines Pub/Sub alternatives, using UDP for secure data multicast in local networks and AMQP/MQTT for secure broker based data & event delivery to cloud systems. Version 1.04 also defines a WebSocket/JSON protocol alternative, which enable easier usage in web applications. None of these are broadly available, yet, but hopefully will become popular in 2020-21 time frame.
OPC-UA has some very interesting parts, especially concerning information modelling, interoperability and the publish/subscribe pattern.
However, even though it's a standard in the strictest of senses, I've found that to use it in a webapp you need to code a gateway server. Because it uses raw sockets and a binary (although fast) serialization protocol.
This is why we created an alternative protocol called Woopsa at my university. We decided to base it on HTTP + JSON. We tried to make a protocol that's similar to OPC-UA: it has Information Modelling, publish/subscribe, and even multi-requests. It's all completely open-source.
We've just released version 1.0 here: http://www.woopsa.org/
You can get the source code directly on our GitHub: https://github.com/woopsa-protocol/Woopsa
Basically, our protocol is just a standardized RESTful API using HTTP+JSON. For example, you can read a value by making a GET /woopsa/read/Temperature and it will reply you in JSON:
{"Value":24.2,"Type":"Real"}
You can also get the object tree by using the meta word, for example: GET /woopsa/meta/ which will give you something like that:
{
"Name":"WeatherStation",
"Properties": [
{"Name":"Temperature","Type":"Real"},
...
],
"Methods": { ... }
"Items": [
"Thermostat",
...
]
}
In a practical industrial application, MQTT is not an alternative to OPC-UA. The original goal of OPC, back in the '90s, was to provide a standard communication mechanism and data model that would provide interoperability among clients and servers that implemented the specification. OPC-UA expands and generalizes the data model and the communication without giving up on that core goal. In order to do this, the standard must specify things like the format of a time stamp, the encoding of data types, historical values, alarms, etc.
MQTT is a message transport layer that does not provide interoperability by design. It does not stipulate the format of the payload, does not specify how one transmits a particular data type, timestamp, value, hierarchy, or anything else that would allow an application to understand the data being transmitted. You can create a valid MQTT server that emits XML, JSON, or custom formatted data that is plain-text, encrypted, base-64 encoded, or anything else you like. The only way a client application can interact with your server is by knowing in advance what data format the server will produce and accept.
OPC-UA has recently introduced a publish/subscribe mechanism to improve bandwidth utilization, reducing a communication bandwidth advantage that MQTT currently offers. At the same time, the MQTT specification will need to grow to specify data formats in order to promote interoperability. Expect to see a convergence of functionality between MQTT and OPC-UA, mostly MQTT growing to meet OPC-UA.
MQTT is a much simpler implementation at the moment, which holds advantages for embedded and resource-constrained systems. The addition of a data modeling specification would act to reduce this advantage.
The bottom line is that OPC-UA is for interoperability and MQTT is for simple custom communication. MQTT needs to grow before it can be an alternative to OPC-UA.
MQTT is growing in popularity as the protocol of choice for I.o.T. It does have its short comings - however its simplicity is often seen as a strength whereas OPCUA carries the overhead of design by committee.
If you need to combine the two, you may like to consider trying our simple gateway mqtt2opcua
Unserver is a product designed to solve the exact problem described in this question.
It is capable of talking to different field devices and provide a unified HTTP API on
top of them.
It integrates with devices via Modbus RTU, but other common protocols will be added in the future.
In short, first you configure a data 'tag' like this:
{
"name": "tank1",
"device": "plc1",
"properties": [
{
"name": "level",
"address": "HR0",
"type": "numeric",
"raw": "int16"
}
]
}
Then you can work with the tag using an API endpoint created automatically:
GET http://localhost:9000/tags/tank1
{
data:{
level: 1
}
}
Check out the documentation for more info.
The product is free for evaluation and non-commercial use.
Disclaimer: I'm part of the team. Hope this is useful.
I just released another approach to this challenge. The project is called ELTRA IoT.
It's cloud service as mediator and end-user components that act as device representation or operator interface (https://www.eltra.ch/)
Primarily, it was created to simplify integration of CANopen devices with smartphone applications, but I quickly realized, that it can be used for any IoT project.
This project is inspired mainly by CANopen and FDT architecture.
The first idea was to deliver the solution, that allows bringing your device into internet using web standards like REST/JSON (avoid binary protocols, gateways, firewall, proxies issues and all this staff, that makes this whole process more complicated) within short time.
Web standard like HTTP/REST/JSON/WebSocket plays well with all operating systems and architectures and allows also easy end-user app integration in any modern language.
Main features:
Same API both sides (device and operator)
CANopen CiA-311 data model representation
Nodes, object dictionary, index, subindex, strong data typing, ranges etc. You know CANopen = you are at home
History data
RPC support - custom commands execution
Simple cloud service API https://eltra.ch/docs
Standard authentication scheme
SSL encryption
Cross-platform solution for Windows, Linux, Android, IPhone, Raspberry PI
SDK is available as open source on Github:
https://github.com/eltra-ch/eltra-sdk
At the moment, the library is implemented in .NET Standard and tested with Windows, Linux (x64 and ARM32), Android, IPhone.
Nuget package is available under:
https://www.nuget.org/packages/Eltra.Connector/
If the complexity of OPC UA is an overkill and Woopsa doesn't fit your design, then ELTRA could be an alternative.
disclaimer: This project is part of my masterthesis and eltra.ch service is my privately held website
Related
This is a basic questions. I want to apply to an entry level java developer position with the following requirement:
Familiarity with the Sailpoint Identity IQ standard adapters/connectors
By standard connectors do they basically mean how Sailpoint exchanges data with third party tools? And by adapter do they mean that the adapter pattern would be used? Thanks
This is going to probably appear well after your interview - but to answer the question:
1) Standard adapters/connectors:
SailPoint ships with a "standard" set of connectors which are part of the purchase price there are those ie EPIC which do not ship as part of the standard product and must be enabled. To give you a deeper view into connectors..
Connectivity Methods:
Direct Connectivity - This is where a connector communicates directly to a system using APIs or data-sources. Some advantages of using direct connect are that you don't have to generate or transmit files, and you can be more efficient in processing only things that have changed. Some disadvantages are the they are subject to availability and downtime concerns like any connected system. They are also typically subject to advantages and disadvantages that APIs might impose as well.
Some people also refer to this as an 'online' method of connectivity.
File-Based Connectivity - This is where a connector reads from a snapshot of data presented in a file, rather than connecting directly to the system. Some advantages of using a file, are that files are portable, easily inspected for data issues, and not typically subject to availability. Some disadvantages are that files are usually processed in their entirety, and may require processing or transformation in order to work effectively.
Some people also refer to this as a 'decoupled' or 'offline' method of connectivity.
Connector Implementations
Source-Specific Implementation - These are connectors built with a specific target-system in mind. These typically use specific APIs targeted to the system they are integrated with. Because the systems and APIs are known, these typically require less configurations to get working.
Examples of these are Active Directory, Workday, Salesforce, SAP, etc.
General Implementation - These are general-purpose connectors which can be used to connect to a variety of sources or systems. These tend to be more flexible in general, but typically do require a bit more setup and configuration to meet needs.
Examples of these are Web Services, SCIM, JDBC, Delimited Files, etc.
Custom Implementation - These are completely custom connectors and tailored to the system and API of your choice. This approach offers the most flexibility of all connector options, however making custom connectors is definitely a development-level activity, and is not to be taken lightly. The code written for custom connectors is maintained and supported by the customer who owns the connector.
Examples of these are custom in-house applications, etc.
Understanding these connector implementations is important, because if a source-specific implementation isn't available, another general or custom connector implementation may be used instead.
I have some data that I need to share between multiple services on multiple machines. Stuffing the data into a database or shuffling it over http won't work in this situation and ideally the different pieces of software will need to communicate with each other directly (or through one central coordinator that can send and receive).
Is it recommended to create and implement a network protocol or use some tool to do the communication?
If I did go the route of creating a protocol myself, it wouldn't have to be very complex. Under 10 different message types, but it would have to be re-implemented in a few different languages for this project, and support unicode. I have read plenty (and done some) with handling sockets, but don't have much knowledge in handling a protocol I create. Are there any good resources on this?
There are also things like ICE and RPC that look intresting. The limit of my experience is using ICE and XMLRPC for a few days each. Is this the better route to go? If so what tools are out there?
Recently I've been using Google Protocol Buffers for encoding and shipping data between different machines running software written in different languages. It is quite easy to do, and takes away a lot of the hassle of designing a custom protocol.
Without knowing what technologies and platforms you are dealing with, it's difficult to give you a very specific answer - so I'll try to give you some general feedback.
If the system(s) you are wishing to connect span more than a single platform and/or technology you are probably better using an existing transport mechanism and protocol to maximize the chance your base platform will already have a library (or multiple) to interact over it. Also, integrating security and other features in a stack with known behaviors is more likely to be documented (with examples floating around). RPC (and ICE, though I've less familiarity with it) has some useful capabilities, but it also requires a lot of control over the environment and security can be convoluted (particularly if you are passing objects between different languages).
With regards to avoiding polling, this is a performance related issue; there are design patterns which can help you to handle such things - if you understand how you need the system to work (e.g. the observer pattern - kind of a dont-call-us-we'll-call-you approach). The network environment you are playing in will dictate which options are actually viable (e.g. a local LAN will have different considerations from something which runs over a WAN or the internet). Factors like firewall tunneling, VPN traversal, etc. should play part in your final selected technology profile.
The only other major consideration (that I can think of just now... ;-)) would be to consider the type of data you need to pass about. Is it just text, or do you need to stream binary objects? Would an encoding format (like XML or JSON or bJSON) do the trick? You mention "less than ten message types" as part of the question, but is that the only information which would ever need to be communicated by the system?
Either way, unless the overhead of existing protocols is unacceptable you're better of leveraging established work 99% of the time. Creativity is great - but commercial projects usually benefit from well-known behaviors, even if not the coolest or slickest (kind of the "as long as it works..." approach).
hth!
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I would like to know a list of the most common application/websites/solutions where Erlang is used, successfully or not.
Explaining why it is used into a specific solution instead of others programming languages would be very much appreciated, too.
Listing BAD Erlang case studies (cases in which Erlang is misused) it would be interesting, as well.
From Programming Erlang:
(source: google.com)
Many companies are using Erlang in their production systems:
• Amazon uses Erlang to implement SimpleDB, providing database services as a part
of the Amazon Elastic Compute Cloud (EC2).
• Yahoo! uses it in its social bookmarking service, Delicious, which has more than
5 million users and 150 million bookmarked URLs.
• Facebook uses Erlang to power the backend of its chat service, handling more than
100 million active users.
• WhatsApp uses Erlang to run messaging servers, achieving up to 2 million connected users per server.
• T-Mobile uses Erlang in its SMS and authentication systems.
• Motorola is using Erlang in call processing products in the public-safety industry.
• Ericsson uses Erlang in its support nodes, used in GPRS and 3G mobile networks
worldwide.
The most popular open source Erlang applications include the following:
• The 3D subdivision modeler Wings 3D, used to model and texture polygon
meshes.
• The Ejabberd system, which provides an Extensible Messaging and Presence Protocol
(XMPP) based instant messaging (IM) application server.
• The CouchDB “schema-less” document-oriented database, providing scalability
across multicore and multiserver clusters.
• The MochiWeb library that provides support for building lightweight HTTP servers.
It is used to power services such as MochiBot and MochiAds, which serve
dynamically generated content to millions of viewers daily.
• RabbitMQ, an AMQP messaging protocol implementation. AMQP is an emerging
standard for high-performance enterprise messaging.
ejabberd is one of the most well know erlang application and the one I learnt erlang with.
I think it's the one of most interesting project for learning erlang because it is really building on erlang's strength. (However some will argue that it's not OTP, but don't worry there's still a trove of great code inside...)
Why ?
An XMPP server (like ejabberd) can be seen as a high level router, routing messages between end users. Of course there are other features, but this is the most important aspect of an instant messaging server. It has to route many messages simultaneously, and handle many a lot of TCP/IP connections.
So we have 2 features:
handle many connections
route messages given some aspects of the message
These are examples where erlang shines.
handle many connections
It is very easy to build scalable non-blocking TCP/IP servers with erlang. In fact, it was designed to solve this problem.
And given it can spawn hundreds of thousand of processes (and not threads, it's a share-nothing approach, which is simpler to design), ejabberd is designed as a set of erlang processes (which can be distributed over several servers) :
client connection process
router process
chatroom process
server to server processes
All of them exchanging messages.
route messages given some aspects of the message
Another very lovable feature of erlang is pattern matching.
It is used throughout the language.
For instance, in the following :
access(moderator, _Config)-> rw;
access(participant, _Config)-> rw;
access(visitor, #config{type="public"})-> r;
access(visitor, #config{type="public_rw"})-> rw;
access(_User,_Config)-> none.
That's 5 different versions of the access function.
Erlang will select the most appropriate version given the arguments received. (Config is a structure of type #config which has a type attribute).
That means it is very easy and much clearer than chaining if/else or switch/case to make business rules.
To wrap up
Writing scalable servers, that's the whole point of erlang. Everything is designed it making this easy. On the two previous features, I'd add :
hot code upgrade
mnesia, distributed relational database (included in the base distribution)
mochiweb, on which most http erlang servers are built on
binary support (decoding and encoding binary protocol easy as ever)
a great community with great open source projects (ejabberd, couchdb but also webmachine, riak and a slew of library very easy to embed)
Fewer LOCs
There is also this article from Richard Jones. He rewrote an application from C++ to erlang: 75% fewer lines in erlang.
The list of most common applications for Erlang as been covered (CouchDb, ejabberd, RabbitMQ etc) but I would like to contribute the following.
The reason why it is used in these applications comes from the core strength of Erlang: managing application availability.
Erlang was built from ground up for the telco environment requiring that systems meet at least 5x9's availability (99.999% yearly up-time). This figure doesn't leave much room for downtime during a year! For this reason primarily, Erlang comes loaded with the following features (non-exhaustive):
Horizontal scalability (ability to distribute jobs across machine boundaries easily through seamless intra & inter machine communications). The built-in database (Mnesia) is also distributed by nature.
Vertical scalability (ability to distribute jobs across processing resources on the same machine): SMP is handled natively.
Code Hot-Swapping: the ability to update/upgrade code live during operations
Asynchronous: the real world is async so Erlang was built to account for this basic nature. One feature that contributes to this requirement: Erlang's "free" processes (>32000 can run concurrently).
Supervision: many different strategies for process supervision with restart strategies, thresholds etc. Helps recover from corner-cases/overloading more easily whilst still maintaining traces of the problems for later trouble-shooting, post-mortem analysis etc.
Resource Management: scheduling strategies, resource monitoring etc. Note that the default process scheduler operates with O(1) scaling.
Live debugging: the ability to "log" into live nodes at will helps trouble-shooting activities. Debugging can be undertaken live with full access to any process' running state. Also the built-in error reporting tools are very useful (but sometimes somewhat awkward to use).
Of course I could talk about its functional roots but this aspect is somewhat orthogonal to the main goal (high availability). The main component of the functional nature which contributes generously to the target goal is, IMO: "share nothing". This characteristic helps contain "side effects" and reduce the need for costly synchronization mechanisms.
I guess all these characteristics help extending a case for using Erlang in business critical applications.
One thing Erlang isn't really good at: processing big blocks of data.
We built a betting exchange (aka prediction market) using Erlang. We chose Erlang over some of the more traditional financial languages (C++, Java etc) because of the built-in concurrency. Markets function very similarly to telephony exchanges. Our CTO gave a talk on our use of Erlang at CTO talk.
We also use CouchDB and RabbitMQ as part of our stack.
Erlang comes from Ericsson, and is used within some of their telecoms systems.
Outside telecoms, CouchDb (a document-oriented database) is possibly the best known Erlang application so far.
Why Erlang ? From the overview (worth reading in full):
The document, view, security and
replication models, the special
purpose query language, the efficient
and robust disk layout and the
concurrent and reliable nature of the
Erlang platform are all carefully
integrated for a reliable and
efficient system.
I came across this is in the process of writing up a report: Erlang in Acoustic Ray Tracing.
It's an experience report on a research group's attempt to use Erlang for Acoustic Ray Tracing. They found that while it was easier to write the program, less buggy, etc. It scaled worse, and performed 10x slower than a comparable C program. So one spot where it may not be well suited is CPU intensive scenarios.
Do note though, that the people wrote the paper were in the stages of first learning Erlang, and may not have known the proper development procedures for CPU intensive Erlang.
Apparently, Yahoo used Erlang to make something it calls Harvester. Article about it here: http://www.ddj.com/architect/220600332
What is erlang good for?
http://beebole.com/en/blog/erlang/why-erlang/
http://www.aquabu.com/2008/2/15/erlang-pragmatic-studio-day-3-notes
http://www.reddit.com/r/programming/comments/9q0lr/erlang_and_highfrequency_trading/
(jerf's answer)
It's important to realize that Erlang's 4 parts: the language itself, the VMs(BEAM, hipe) standard libs (plus modules on github, CEAN, etc.) and development environment are being steadily updated / expanded/improved. For example, i remember reading that the floating point performance improved when Wings3d's author realized it needed to improve (I can't find a source for this). And this guy just wrote about it:
http://marian-dan.com/wordpress/?p=324
A couple years ago, Tim Bray's Wide Finder publicity and all the folks starting to do web app frameworks and HTTP servers lead (at least in part) to improved regex and binaries handling. And there's all the work integrating HiPE and SMP, the dialyzer project, multiple unit testing and build libs springing up, ..
So its sweet spot is expanding, The difficult thing is that the official docs can't keep up very well, and the mailing list and erlang blogosphere volume are growing quickly
We are using Erlang to provide the back-end muscle power for our really real-time browser-based multi-player game Pixza. We don't use Flash or any other third-party plugins, though the game is real-time multi-player. We use pure JS and COMET techniques instead. And Erlang supports the "really realtimeliness" of Pixza.
I'm working for wooga, a social game company and we use Erlang for some of our game backends (basically http apis for millions of daily users) and auxiliary services like ios push notification provider, payment etc.
I think it really shines in network related tasks and it makes it kind of straight forward to structure and implement simple and complex network services alike in it. Distribution, fault tolerance and performance are easy to achieve because Erlang already has some of the key ingredients built in and they are being used for a long time in critical production infrastructure. So its not like "the new hip technology thing 0.0.2 alpha".
I know that other game companies use Erlang as well. You should be able to find presentations on slideshare about that.
Erlang draws its strength from being a functional language with no shared memory. Hence IMO, Erlang won't be suitable for applications that require in place memory manipulations. Image editing for example.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I've been tasked with writing a monitoring program for my company's server software that integrates with zenoss via snmp.
To be brief, I can't get anything up off the ground. I think my first goal is to figure out the correct way to write an snmp agent (in any language to start, although it will eventually be in java). Are there any good test harnesses out there? I've used snmptest, which ships with zenoss, but it's not much good to me if I can't get a test agent off the ground. Anything that I know the zenoss manual has a lot of info, but it seems to presume a prior knowledge of standard systems monitoring practices and tools, and I can barely penetrate it.
Also, is it generally a good practice to use snmp to monitor software?
Short description of a typical SNMP agent:
Set the agent up. This usually entails telling it what server to send alerts to.
Run it.
Send appropriate SNMP messages to the configured server when things happen.
Reply to requests from the configured server.
All of the request/reply stuff is done using SNMP messages. If your company does not have a specially designed/assigned OID for the server software, you'll need to look into the standard MIB definitions to determine which OID(s) are appropriate.
MIB: Management Information Block. These come in standard and custom flavors. Standard ones are defined by a standards body (IETF?). Custom ones are created by vendors to support information unique to their product(s). MIBs are basically collections of OIDs.
OID: Object IDentifier - this is a dotted-notation number string that identifies the piece of hardware/software, and the bit of information you're looking for from it - for example, the number of TX collisions on an ethernet port might look something like: 1.5.82.316.8.4.3 (though that's not a valid OID, it's just a made-up example).
More detail available at Wikipedia. Download a free MIB browser to get an idea of what OIDs look like, and how detailed they can get. Check the RFCs for more detailed information. Look at something like perl's Net-SNMP - you may even be able to use the snmpd software that's included with it to do most of your work.
SNMP is certainly an acceptable way to monitor your network, devices and servers. Because it uses UDP it won't unduly stress the network via TCP retries and the like (SNMP clients are, or should be, architected to handle dropped packets etc.). Plus you'll have a huge array of client solutions to monitor your system and integrate against.
If you envisage a final solution in Java, see the Java/SNMP documentation and SNMP4J
SNMP.com (founded by Jeffrey Case, one of the SNMP architects) sells extensible SNMP agents. One of these may save you a world of grief.
nSoftware has an SNMP agent (not free). This might be easier than rolling your own.
Also check out William Stalling's book: SNMP.
Zenoss is quite complicated and comes with many pre-defined SNMP stuff. Do you really need to code your own SNMP agents?
SNMP is a big topic, with lots of complexity if you go into all the details and all the historical versions of the protocol and related tools. I'd suggest picking up a copy of Essential SNMP by Mauro and Schmidt, which gives a very clear introduction to both the fundamental ideas behind SNMP as well as practical examples of how to get started with it and use it in parctice with a number of different tools.
you can aim lower and try the Cacti (http://www.cacti.net/).
I too tried the Zenoss but gave up. The Cacti was up and running pretty fast. I just monitor use of bandwith of quite a few routers and many many ports in switches all over the country. But there are templates for monitoring all kind of things more related to a single server (temp, fan speed etc.)
BR. Anders
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
I was recently approached by a network-engineer, co-worker who would like to offload his minor network admin duties to a junior-level helpdesk tech. The specific location in need of management acts as an ISP for tenants on its single-site property, so there's a lot of small adjustments being made on a daily basis.
I am thinking it would be helpful to write him a winform app to manage the 32 Cisco devices, on-site. I'd like to initially provide functionality which could modify access control lists, port VLAN assignments, and bandwidth limitations per VLAN... adding more to the list as its deemed valuable.
My initial thought was to emulate a telnet session with the network device; utilizing my network-engineer's familiarity with the command-line / IOS interaction. Minimal time would be required to learn Cisco IOS conventions, myself.
Though while searching for solutions, it appears that most people favor SNMP. That, or, their specific circumstances pushed them in the direction of SNMP.
I wanted to know if I've overlooked an obvious benefit of SNMP. Should I be using SNMP? Why or why not?
SNMP is great for getting information out of a Cisco device, but is not very useful controlling the device. (although technically, you can push a new config to a Cisco IOS device using a combination of SNMP and TFTP. But sending a whole new config is a pretty blunt instrument for controlling your router or switch).
One of the other commenters mentioned the Cisco IOS XR XML API. It's important to note that the IOS XR XML API is only available on devices that run IOS XR. IOS XR is only used on a few of Cisco's high end carrier class devices, so for 99% of all Cisco routers and switches the IOS XR XML API is not an option.
Other possibilities are SSH or HTTP (many Cisco routers, switches, AP, etc. have an optional web interface). But I'd recommend against either of those. To my knowledge, the web interface isn't very consistent across devices, and a rather surprising number of Cisco devices don't support SSH, or at least don't support it in the base license.
Telnet is really the only way to go, unless you're only targeting a small range of device models. To give you something to compare against, Cisco's own CiscoWorks network management software uses Telnet to connect to managed devices.
I wouldn't use SNMP, instead look at a little language called 'expect'. it makes for a very nice expect/response processor for these routers.
I have done a reasonable amount of real world SNMP programming with Cisco switches and find Python on top of Net-SNMP to be quite reasonable. Here is an example, via Google books, of uploading a new Cisco configuration via Net-SNMP and Python: Cisco Switch Upload via Net-SNMP and Python. I should disclose I was the co-author of the book referenced in the link.
Everyone's milage may vary, but I personally do not like using expect, and prefer to use SNMP because it was actually designed to be a "Simple Network Management Protocol". In a pinch, expect is ok, but it would not be my first choice. One of the reasons some companies use expect is that a developer just gets used to using expect. I wouldn't necessarily chock up bypassing SNMP just because there is an example of someone automating telnet or ssh. Try it out for self first.
There can be some truly horrible things that happen with expect, that may not be obvious as well. Because expect waits for input, under the right conditions there be very subtle problems that are difficult to debug. This doesn't mean a very experienced developer can't develop reliable code with expect, but it something to be aware of as well.
One of the other things you may want to look at is an example of using the multiprocessing module to write non-blocking SNMP code. Because this is my first post to stackoverflow I cannot post more then one link, but if you google for it you can find it, or another one on using IPython and Net-SNMP.
One thing to keep in mind when writing SNMP code is that it involves reading a lot of documentation and doing trial and error. In the case of Cisco, the documentation is quite good though.
SNMP isn't bad but it may not be able to do everything you need it to do. Depending on the library you use and how it hides the details of interacting with SNMP you may have a hard time finding the correct parts of the MIB to change and even knowing what or how to change them to do what you want.
One reason not to use SNMP is that you can do all the configuration you need using the IOS XR XML API. It could be a lot easier to bundle up the commands you want to send to the devices using that than to interact with SNMP.
I've found SNMP to be a pain for management. If you just need to grab a little data it's great; if you need to change things or use if heavily it can be very time consuming. In my case I'm comfortable with the CLI so a Telnet approach works well. I've written some Python scripts to perform administrative tasks on various pieces of network gear using Telnetlib
SNMP has quite a significant CPU hit on the devices in question compared to telnet; I'd recommend telnet wherever possible. (As stated in a previous answer, the IOS XR XML API would be nice, but as far as I know IOS XR is only deployed on high-end carrier grade routers).
In terms of existing configuration management systems, two commercial players are HP Opsware, and EMC Voyence. Both will probably do what you need. I'm not aware of many open source solutions that actually support deploying changes. (RANCID, for example, only does configuration monitoring, not pre-staging and deploying config changes).
If you are going to roll your own solution, one thing I would recommend is sitting down with your network admin and coming up with a best-practice deployment model for the service he's providing (e.g. standardised ACL, QoS queue, and VLAN names; similar entries in ACLs that have the same function for different customers, etc.). Ensure that all the existing deployed config complies with this BP before you start your design, it will make the problem much more manageable. Best of luck.
Sidenote: before you reinvent the wheel writing another service provisioning system/network management system, try looking for existing ones. I know quite a lot of commercial solutions of various degrees of flexibility/functionality, but I am sure there are quite a lot opensource ones.
Cisco has included menu options for helpdesk applications. Basically you telnet to the box and it presents a nice clean menu (press 1, 2, 3). For more info check this link:
http://www.cisco.com/en/US/docs/ios/12_2/configfun/command/reference/frf001.html#wp1050026
Another vote for expect.
Also, you don't want to allow configuration of your firewalls via either telnet or SNMP - ssh is the only way to go. The reason is that ssh encrypts its payload, and will not expose the privileged management credentials to potential interception.
If for some reason you cannot use ssh directly, consider connecting up an ssh-enabled serial console server to the firewall's console port and configuring it that way.