Building the Internet of Things

Download 258.06 Kb.

Page	8/13
Date	10.06.2017
Size	258.06 Kb.
	#20222

1 ... 5 6 7 8 9 10 11 12 13

Communication and ingestion
Data storage scalability

i.Designing for scale

The opportunity for IoT is in the ubiquity of connected devices, the volume of data that those devices will supply, the intelligence to be gained from that data, and the command/control that we can exert on the devices. All of these aspects mean that the solution must be designed to scale at all levels.

In many respects, designing an IoT solution to effectively scale carries the same aspects as any large scale solution. While IoT does not require a cloud-based deployment, in most cases, taking advantage of the cloud makes sense because of usage-based pricing, a simple model that scales, geographic availability, and infrastructure support provided by the cloud vendor. Many documents and articles have been written about cloud application scalability and availability. For a good overview of this topic, see “Failsafe: Guidance for Resilient Cloud Architectures.”⁶⁷ The Microsoft patterns & practices team also has a large body of work on Cloud Development that provides guidance on building scalable cloud systems.⁶⁸

There are specific scalability areas that come up more frequently in IoT scenarios that may not appear in other IT solutions, however. One area is identity. For web properties, the concept of identity federation has taken hold, and most modern consumer web properties now allow a user to use their identity from other well-known identity stores, such as an account registered with Microsoft, Facebook, Google, Yahoo, and so on. Additionally, corporate accounts can be federated with platform as a service (PaaS) vendors and partners. But with the addition of devices, there will often be identities associated with those devices, relationships between those devices and human identities, and relationships between multiple humans and devices. This potentially complex set of relationships should be considered early in an IoT project, and the solution should strive to simplify these relationships as much as possible.

In our project experience we have not yet seen a pattern that satisfies this level of complexity with satisfactory results. The initial projects have used Azure Active Directory for human identities, and external data stores for device identity and the associations with Azure Active Directory users. Design, prototyping, and testing is an ongoing process to find more scalable, resilient and feature complete solutions.

Communication and ingestion

Another scalability area that is tested are the communication paths for ingestion. Most solutions will require secure, authenticated communication between devices and the collection point. Additionally, any implementation choice for messaging technology will have scalability points, limits in certain properties, such as messages per unit (for example queue, topic, and so on), and bandwidth per implementation unit (subscription, instance, and so on). These parameters must be well understood, planned for from the beginning of the project, and tested and verified as the architecture and solution progress.

Our projects have used the Microsoft Azure Service Bus⁶⁹, with Azure Active Directory Access Control (ACS)⁷⁰ keys granted for each device. In a generic solution, some type of secure key must be generated that will make a device unique, and one that only that device knows about. The system it connects to must know about the device and its key, and then verify that they match when messages arrive. The Service Bus and ACS provide these capabilities, making them a good fit. The solutions use Topics and Subscriptions⁷¹, and they are designed to take into account the scalability parameters of the Service Bus⁷², and use as many topics as needed to comfortably support the number of devices in the system and scale to additional topics if and when additional devices are added to the system.

Data storage scalability

Scalable data storage is another area that will be important in these projects. Because of the expected volume of data, blob storage will normally be the preferred choice. The reason for this is that blob storage is the lowest cost storage option, and Big Data analysis tools are built to work against blob storage. Depending on the volume and the geographic dispersion of the devices, the solution may need to use multiple storage accounts, and it may also need to move data from collection data centers into a single data center in order to perform analysis on that data. For additional guidance on managing the data, see “Data Management Patterns and Guidance”⁷³ on the Microsoft Developer Network.

j.Device registration

Registering devices is the critical first step to take to ensure that the system is secure and remains secure, only allows data to be ingested from trusted endpoints, and devices only accept commands from trusted systems. A device must be uniquely identified, the system must authenticate its identity, and the device must know that it is communicating securely with only the correct collection endpoint.

Often a device will be created with the knowledge of the expected endpoints, or at least have some influence over the collection point. An example of this is a vehicle whose manufacturer is selling a connected vehicle experience. In this scenario, when the device is manufactured, a unique key will be stored on the device. Either that key or a public key associated with it will be stored in a database, and when the device is enabled, the service can check the database and verify that the device is an approved device. These keys may be service-generated, such as by Azure Active Directory Access Control Services (ACS), or keys created to support the TLS-PSK pattern as described earlier in this paper, or keys intended for service-specific authentication. Typically, even when the device carries a key out of the factory, the device will become “active” in another step; for example, when a customer purchases, installs, and configures the device. Configuration will associate a user with the device, which transforms it to an active device. The device may be issued a new key at this time.

In other cases, the set of potentially connected devices will not be known at manufacturing time, so keys cannot be installed on the device prior to its release. In this case, device registration must happen when the device is installed or activated. An example of this might be a traffic service that will collect GPS and movement telemetry from a smartphone, and in turn provide free traffic information for users who opt in to share data. In this case, there would be a registration step where a user must identify the device to the service, the service then sends a key to the device, and then that key is used to manage communication.

Equally important to device registration is the ability to unregister the device, or disable it. This is critical because even though the communication with the device is secure, the device itself can become compromised. Being able to unregister the device and refuse communication is a critical aspect of the system. With device specific keys, the keys can be revoked and the system can quickly stop accepting telemetry from the device.

Directory: download
download -> Performance Tuning Guidelines for Windows Server 2008 May 20, 2009 Abstract
download -> Northern England’s set-jetting locations
download -> Bbc archives: Beyond the programme download
download -> Occupational health and safety
download -> Dynatest 3031 lwd light Weight Deflectometer
download -> Forth coming competitive exams
download -> English Olympiad Tasks: 10 th form Аудіювання, 10 клас. Текст
download -> Brush High School Morning Announcements Friday, September 05, 2014 all school
download -> Year 9 The Arts — Music
download -> Years 7 and 8 standard elaborations — Australian Curriculum: Music draft

Download 258.06 Kb.

Share with your friends:

1 ... 5 6 7 8 9 10 11 12 13