yes! this is a good overview over the issues! I might add: - messages might get stuck or lost, so each message must have a integrated "notBefore" and "notAfter" to ensure that they dont appear a couple of hours alter and start doing things on the PLC - to have a response/fail response/success topics to get notified, so that in case something did not work the operator can press the button in the HMI again to retry it - have some automatic retry mechanisms within each message (so should htis only be treid once, and then reported back, or should this try to set the variable for a couple ofm inutes)