serverless IoT-Applications BED-Con 2017 Niko Will, innoQ - - PowerPoint PPT Presentation
serverless IoT-Applications BED-Con 2017 Niko Will, innoQ @n1ko_w1ll about me > Developer since 2005 > living in a Smarthome since 2012 > became an IoT Geek > before: worked on Bosch IoT Suite for 2 years > now: Consultant at
BED-Con 2017
Niko Will, innoQ @n1ko_w1ll
@n1ko_w1ll
> Developer since 2005 > living in a Smarthome since 2012
> became an IoT Geek
> before: worked on Bosch IoT Suite for 2 years > now: Consultant at innoQ > follow me on Twitter: @n1ko_w1ll
@n1ko_w1ll
> microservices approach > AWS, Lambda & IoT > use-cases
> JITR | on-boarding | pairing > list / search things | command & control | telemetry > connected / disconnected / LWT > encrypted fjle transfer | fjrmware update
@n1ko_w1ll
@n1ko_w1ll
> fault tolerance > scalability > agility > visibility > security > cost-effjciency
@n1ko_w1ll
thing mobile client browser IoT-application
API Gateway MQTT Broker
database Users Devices Policies Rules Analytics …
@n1ko_w1ll
API Gateway MQTT Broker
database Devices … microservices Devices Devices … … Message Broker Service Discovery IAM Keystore
API Gateway API Gateway MQTT Broker MQTT Broker
Service Discovery Service Discovery Message Broker Message Broker IAM IAM Keystore HSM docker / kubernetes
@n1ko_w1ll
Devices microservices docker / kubernetes Alert Manager prometheus Grafana fluentd Kibana elasticsearch
(DevOps) logging monitoring alerting
@n1ko_w1ll
source: https://www.memecenter.com/fun/5802169/what-could-possibly-go-wrong
@n1ko_w1ll
@n1ko_w1ll
Amazon S3 Amazon Elasticsearch Amazon Kinesis Amazon SNS Amazon SQS Amazon DynamoDB Amazon Cognito Amazon API Gateway AWS Lambda Amazon CloudWatch AWS IoT
State Fast Data
@n1ko_w1ll
@n1ko_w1ll
> Functions-as-a-Service (FaaS)
> serverless > „small“ functions
> stateless compute containers > event-driven
@n1ko_w1ll
> advantages
> scalable > pay-per-execution / pay-as-you-go
> no upfront capacity planning
> signifjcantly reduce operational cost
@n1ko_w1ll
> disadvantages
> vendor lock-in > startup latency > testing > debugging > execution duration
@n1ko_w1ll
@n1ko_w1ll
@n1ko_w1ll
> managed service > message broker > rules engine > shadows > registry > security
@n1ko_w1ll
> topic based > publish / subscribe
> topic wildcards
> protocols
> MQTT > MQTT + WebSockets > HTTP
$aws/events/presence/connected/clientId $aws/events/presence/disconnected/clientId $aws/things/thingName/shadow/update $aws/things/thingName/shadow/update/delta
@n1ko_w1ll
> SQL-like syntax > augument or fjlter data > rule actions
> state stores > fast data pipelines > CloudWatch > Lambda > republish
SELECT *, newuuid() AS requestId, clientId() AS clientId, timestamp() AS timestamp, topic(2) AS deviceId, topic(4) AS sensorId FROM 'device/+/sensor/+/v1' WHERE temperature > 50 AND color <> 'red'
@n1ko_w1ll
> JSON document > current state of thing > connection independent > supports client tokens > supports versioning > MQTT topics > RESTful API
{ "state" : { "desired" : { "color" : "RED" }, "reported" : { "color" : „GREEN" } }, "metadata" : { "desired" : { "color" : { "timestamp" : 12345 } }, "reported" : { "color" : { "timestamp" : 12345 } } }, "version" : 10, "clientToken" : "UniqueClientToken", "timestamp": 123456789 }
@n1ko_w1ll
> manage your things
> physical device or sensor > logical entity
> attributes > thing types
{ "version": 3, "thingName": "MyLightBulb", "defaultClientId": "MyLightBulb", "thingTypeName": "LightBulb", "attributes": { "model": "123", "wattage": "75" } }
@n1ko_w1ll
> mutual authentication with X509 certifjcates + TLS 1.2
> or SigV4 for HTTPS and WebSockets
> bring your own certifjcate
> JITR > Atmel ECC508
> policy based access with dynamic values > role based rules action execution
@n1ko_w1ll
@n1ko_w1ll
thing AWS IoT Device Registry $aws/events/certifjcates/ registered/caCertifjcateID IoT Policy IoT Rule AWS Lambda
@n1ko_w1ll
thing AWS IoT AWS Lambda custom/clientId/register IoT Rule IoT Policy Device Shadow Amazon DynamoDB
@n1ko_w1ll thing IoT Policy Device Shadow mobile client AWS Lambda Amazon Cognito Amazon API Gateway AWS IoT
exchange OAuth token for AWS credentials
@n1ko_w1ll
things mobile client AWS Lambda Amazon Cognito Amazon API Gateway AWS IoT Amazon DynamoDB
@n1ko_w1ll
thing mobile client AWS Lambda Amazon Cognito Amazon API Gateway AWS IoT Device Shadow
@n1ko_w1ll
thing mobile client Amazon Cognito AWS IoT Device Shadow
@n1ko_w1ll
thing Amazon Cognito AWS IoT Amazon Echo AWS Lambda Alexa Skill Device Shadow
@n1ko_w1ll
AWS IoT things Amazon Kinesis Amazon DynamoDB telemetry rule telemetry topic Amazon EMR
@n1ko_w1ll
{ "state": { "reported": { "connected": true } } } { "state": { "reported": { "connected": true } } }
Device Shadow thing AWS IoT shadow update topic
@n1ko_w1ll
{ "state": { "reported": { "connected": true } } } { "state": { "reported": { "connected": false } } } { "state": { "reported": { "connected": false } } }
Device Shadow thing AWS IoT shadow update topic
@n1ko_w1ll
{ "state": { "reported": { "connected": true } } } { "state": { "reported": { "connected": false } } }
Device Shadow thing AWS IoT LWT rule custom LWT topic
LWT
{ "state": { "reported": { "connected": false } } }
shadow update topic
republish
@n1ko_w1ll
Amazon S3 thing AWS IoT AWS Lambda AWS KMS
@n1ko_w1ll
Device Shadow AWS Lambda thing AWS IoT Amazon S3 Amazon DynamoDB
@n1ko_w1ll
> scalable plattform > common IoT use-cases > w/o own infrastructure > w/o upfront capacity planning > very secure > very extensible
@n1ko_w1ll
Niko Will niko.will@innoq.com
innoQ Deutschland GmbH
40789 Monheim am Rhein Germany Phone: +49 2173 3366-0 innoQ Schweiz GmbH
CH-6330 Cham Switzerland Phone: +41 41 743 0116
www.innoq.com
Ohlauer Straße 43 10999 Berlin Germany Phone: +49 2173 3366-0
63067 Ofgenbach Germany Phone: +49 2173 3366-0 Kreuzstraße 16 80331 München Germany Phone: +49 2173 3366-0