A panoramic overview of the IoT architecture building blocks on AWS (Part one)
Without any doubt, the Internet of Things (IoT) is one of the most trending technologies in the IT space. IoT systems are used by multiple sectors such as agriculture, healthcare, supply chain, retail, manufacturing, hospitality and many more. The amount of devices in the market is growing as the amount of data is generated from them.
It is crucial to understand how to interact with millions of devices, ingest, store and retrieve this knowledge, and present these telemetries to the end-users. It is important to take into consideration how to protect the whole system from possible external attacks in specific scenarios and how to guarantee the data immutability.
All these requirements are hard to achieve in the old on-premises environments. Thanks to the power of the cloud and the flexibility of the new cloud-native solutions, it is possible to build architectures able to scale on the generated traffic, be reliable, and highly available against possible software failures. Cloud technologies made the development life cycle easier, focusing only on the business logic behind the product and without investing an unnecessary extreme budget.
This article will present all the information you need to start designing an IoT architecture on Amazon AWS, with a panoramic overview of five important areas: the IoT devices, the edge layer, the ingestion phase, the end-user interaction and the system security. The first two are discussed in this part and the next three in the next part.
IoT devices
An IoT device varies from a single sensor capable of communicating with another system element to more sophisticated devices able to compute operations, store data and execute actions.
Another important distinguishing factor to take into consideration is the power source of the device. A device connected to the power line is able to stay wake-up for the whole time using expensive communication technologies such as WiFi and standard Bluetooth. A device powered by a finite battery or with an auxiliary power source such as a solar panel or wind turbine needs to manage the finite energy by using different solutions to save energy and use energy-efficient communication technologies.
Based on these assumptions, not all devices are capable of running complex operating systems or using the same network topology.
Operating system
One of the most used operating systems for embedded devices is FreeRTOS. This OS is the market leader in real-time operating systems (RTOS) for microcontrollers and microprocessors. Supporting 40+ processor architectures, it is a tiny and power-save kernel and from 2017 AWS has taken stewardship of the FreeRTOS code integrating numerous external libraries to facilitate the communication with the cloud.
The Amazon library suite extends the open-source operating system with functionalities regarding MQTT communication, AWS IoT Greengrass integration, over the air (OTA) updates, and strong security components to manage keys, certificate authentication and code-signing.
Network topology
In order to choose the best network topology for your use case there are different factors to take into consideration, because of simplicity, we will analyze only two different scenarios:
- in the first case, the device is able to connect directly to the internet and to the cloud,
- In the second case, the devices are forced to communicate with a gateway at the edge.
In the first topology, the devices are able to communicate directly with the cloud. The main advantage is the simplicity of the system, every link is directly established and there is no single point of failure.
Different disadvantages are also present: the main one is the high energy communications cost which usually means a direct connection to the power line or the usage of rechargeable batteries. In these scenarios it is essential to use communication protocols such as LoraWAN or Sigfox, leveraging on standard batteries, but the amount of data transmitted is unfortunately limited. Other communication technologies, such as WiFi, are used to send more data but the lifetime of the devices is really limited. Because of this, the end-user has to change batteries many times or directly connect the sensors to the power line.
The second disadvantage is the absence of an edge or border device. Without this network element, it is hard to pre-aggregate data and filter out malformed packets and a possible attacker has direct communication to every device.
Edge layer
Every IoT system, based on the cloud, should start to design the architecture from the edge components. We know that these devices are not part of the cloud network but the role is so important for the whole system that it should be considered as critical as all the other elements. The edge components are usually called gateways or IoT Hubs in the IoT world. These nodes are usually more powerful than the small sensors and the main role is to establish the communication with the cloud, manipulate the received data and enforce a central security gate. Manipulation of data is not only for standardization and filtering purposes but is also used as a strategy for saving money or reducing the traffic between the IoT site and the cloud. Usually, this is achieved by applying compression algorithms or pre-aggregating the telemetries.
Amazon AWS offers the solution for facilitating the development of edge devices. AWS IoT Greengrass provides standardized functionalities such as data management, messaging services, local data processing using machine learning models, configuration updates and pre-built software libraries. Greengrass is perfectly integrated with Amazon FreeRTOS and the cloud AWS services, bringing to the customer an easy and fast way to connect to the cloud.
In the case of energy limitations, compliance, or other requirements where it is not possible to configure Greengrass, it is possible to build a simple gateway using Python and send the received data through standard communication protocols such as MQTT, HTTPS RestAPI and AMQP. MQTT is the most used and probably the standard de facto for this kind of connection. It is designed to be lightweight, works with a very low connectivities level and uses the publish-subscribe paradigm in order to connect remote devices to the cloud.
On the other side of the channel between the edge and the cloud, there is AWS IoT Core. This component is the main door to the cloud and the main AWS solution to connect to the IoT networks. IoT Core connects to devices using different protocols such as MQTT (also over Web Socket), HTTPS and LoraWAN. IoT Core establishes the communication, enforces encryption between the parts and is able to make a mirror state for all your devices. In case the gateway was not intelligent enough to do small processes on the data, IoT Core is able to perform simple tasks before ingesting the telemetries.
An extension to IoT Core that can work in parallel (importing data from) or standalone, is AWS IoT Sitewise. This service is designed for the Industrial IoT (IIoT) and ingests data from other less common protocols such as OPC-UA, Modbus and Ethernet/IP. These AWS services are capable of collecting, verifying and sending data to different internal pipelines in order to ingest, store and analyze the telemetry data received from the network. This is also not a one-way communication channel, because users or the cloud itself can send configurations, commands and other kinds of data to the IoT field.
The final but not less important reflection to make is where to deploy AWS border services. Supposing the use case scenario is sensible to the receiving time, it is always preferred to have IoT Core or IoT Sitewise deployed close to your IoT network in order to minimize the time travel communication. Having multiple regions for the ingestion components will increase the availability and the resiliency of the edge communication. After the ingestion process, it is optional to replicate or merge all the telemetry in a central region.
In the next part, we will discuss the cloud section of an IoT system focusing on the ingestion process, storing and analyzing data received, the end-user interaction with the building blocks for a web app, and at the end a security overview.
The second article will focus on the cloud environment and is reachable on this page.
