Building the Internet of Things



Download 258.06 Kb.
Page8/13
Date10.06.2017
Size258.06 Kb.
#20222
1   ...   5   6   7   8   9   10   11   12   13

i.Designing for scale


The opportunity for IoT is in the ubiquity of connected devices, the volume of data that those devices will supply, the intelligence to be gained from that data, and the command/control that we can exert on the devices. All of these aspects mean that the solution must be designed to scale at all levels.

In many respects, designing an IoT solution to effectively scale carries the same aspects as any large scale solution. While IoT does not require a cloud-based deployment, in most cases, taking advantage of the cloud makes sense because of usage-based pricing, a simple model that scales, geographic availability, and infrastructure support provided by the cloud vendor. Many documents and articles have been written about cloud application scalability and availability. For a good overview of this topic, see “Failsafe: Guidance for Resilient Cloud Architectures.”67 The Microsoft patterns & practices team also has a large body of work on Cloud Development that provides guidance on building scalable cloud systems.68

There are specific scalability areas that come up more frequently in IoT scenarios that may not appear in other IT solutions, however. One area is identity. For web properties, the concept of identity federation has taken hold, and most modern consumer web properties now allow a user to use their identity from other well-known identity stores, such as an account registered with Microsoft, Facebook, Google, Yahoo, and so on. Additionally, corporate accounts can be federated with platform as a service (PaaS) vendors and partners. But with the addition of devices, there will often be identities associated with those devices, relationships between those devices and human identities, and relationships between multiple humans and devices. This potentially complex set of relationships should be considered early in an IoT project, and the solution should strive to simplify these relationships as much as possible.

In our project experience we have not yet seen a pattern that satisfies this level of complexity with satisfactory results. The initial projects have used Azure Active Directory for human identities, and external data stores for device identity and the associations with Azure Active Directory users. Design, prototyping, and testing is an ongoing process to find more scalable, resilient and feature complete solutions.


Communication and ingestion


Another scalability area that is tested are the communication paths for ingestion. Most solutions will require secure, authenticated communication between devices and the collection point. Additionally, any implementation choice for messaging technology will have scalability points, limits in certain properties, such as messages per unit (for example queue, topic, and so on), and bandwidth per implementation unit (subscription, instance, and so on). These parameters must be well understood, planned for from the beginning of the project, and tested and verified as the architecture and solution progress.

Our projects have used the Microsoft Azure Service Bus69, with Azure Active Directory Access Control (ACS)70 keys granted for each device. In a generic solution, some type of secure key must be generated that will make a device unique, and one that only that device knows about. The system it connects to must know about the device and its key, and then verify that they match when messages arrive. The Service Bus and ACS provide these capabilities, making them a good fit. The solutions use Topics and Subscriptions71, and they are designed to take into account the scalability parameters of the Service Bus72, and use as many topics as needed to comfortably support the number of devices in the system and scale to additional topics if and when additional devices are added to the system.


Data storage scalability


Scalable data storage is another area that will be important in these projects. Because of the expected volume of data, blob storage will normally be the preferred choice. The reason for this is that blob storage is the lowest cost storage option, and Big Data analysis tools are built to work against blob storage. Depending on the volume and the geographic dispersion of the devices, the solution may need to use multiple storage accounts, and it may also need to move data from collection data centers into a single data center in order to perform analysis on that data. For additional guidance on managing the data, see “Data Management Patterns and Guidance”73 on the Microsoft Developer Network.

j.Device registration


Registering devices is the critical first step to take to ensure that the system is secure and remains secure, only allows data to be ingested from trusted endpoints, and devices only accept commands from trusted systems. A device must be uniquely identified, the system must authenticate its identity, and the device must know that it is communicating securely with only the correct collection endpoint.

Often a device will be created with the knowledge of the expected endpoints, or at least have some influence over the collection point. An example of this is a vehicle whose manufacturer is selling a connected vehicle experience. In this scenario, when the device is manufactured, a unique key will be stored on the device. Either that key or a public key associated with it will be stored in a database, and when the device is enabled, the service can check the database and verify that the device is an approved device. These keys may be service-generated, such as by Azure Active Directory Access Control Services (ACS), or keys created to support the TLS-PSK pattern as described earlier in this paper, or keys intended for service-specific authentication. Typically, even when the device carries a key out of the factory, the device will become “active” in another step; for example, when a customer purchases, installs, and configures the device. Configuration will associate a user with the device, which transforms it to an active device. The device may be issued a new key at this time.

In other cases, the set of potentially connected devices will not be known at manufacturing time, so keys cannot be installed on the device prior to its release. In this case, device registration must happen when the device is installed or activated. An example of this might be a traffic service that will collect GPS and movement telemetry from a smartphone, and in turn provide free traffic information for users who opt in to share data. In this case, there would be a registration step where a user must identify the device to the service, the service then sends a key to the device, and then that key is used to manage communication.

Equally important to device registration is the ability to unregister the device, or disable it. This is critical because even though the communication with the device is secure, the device itself can become compromised. Being able to unregister the device and refuse communication is a critical aspect of the system. With device specific keys, the keys can be revoked and the system can quickly stop accepting telemetry from the device.




Download 258.06 Kb.

Share with your friends:
1   ...   5   6   7   8   9   10   11   12   13




The database is protected by copyright ©ininet.org 2024
send message

    Main page