serverless iot-applicationsbed-con.org/2017/files/slides/will-serverlose_iot_applikationen.pdf ·...
TRANSCRIPT
serverless IoT-Applications BED-Con 2017
Niko Will, innoQ @n1ko_w1ll
@n1ko_w1ll
about me> Developer since 2005
> living in a Smarthome since 2012
> became an IoT Geek
> before: worked on Bosch IoT Suite for 2 years
> now: Consultant at innoQ
> follow me on Twitter: @n1ko_w1ll
@n1ko_w1ll
agenda> microservices approach
> AWS, Lambda & IoT
> use-cases
> JITR | on-boarding | pairing
> list / search things | command & control | telemetry
> connected / disconnected / LWT
> encrypted file transfer | firmware update
@n1ko_w1ll
microservice approach
@n1ko_w1ll
microservices approach> fault tolerance
> scalability
> agility
> visibility
> security
> cost-efficiency
@n1ko_w1ll
microservices approach
thingmobile client
browser
IoT-application
API G
atew
ay
MQ
TT B
roke
r
database
Users Devices Policies
Rules Analytics …
@n1ko_w1ll
microservices approachAP
I Gat
eway
MQ
TT B
roke
r
database
Devices …
microservices
DevicesDevices ……
Message Broker
Service Discovery
IAM Keystore
API G
atew
ayAP
I Gat
eway
MQ
TT B
roke
rM
QTT
Bro
ker
Service Discovery
Service Discovery
Message BrokerMessage
Broker
IAMIAM KeystoreHSM
docker / kubernetes
@n1ko_w1ll
microservices approach
Devices
microservices
docker / kubernetes
Alert Manager
prometheus
Grafana
fluentd
Kibana
elasticsearch
operations (DevOps)
loggingmonitoring
alerting
@n1ko_w1llsource: https://www.memecenter.com/fun/5802169/what-could-possibly-go-wrong
@n1ko_w1ll
AWS
@n1ko_w1ll
AWS
Amazon S3
Amazon Elasticsearch
Amazon Kinesis
Amazon SNS
Amazon SQSAmazon DynamoDB
Amazon Cognito
Amazon API Gateway
AWS Lambda
Amazon CloudWatch
AWS IoT
State Fast Data
@n1ko_w1ll
AWS Lambda
@n1ko_w1ll
AWS Lambda> Functions-as-a-Service (FaaS)
> serverless
> „small“ functions
> stateless compute containers
> event-driven
@n1ko_w1ll
AWS Lambda> advantages
> scalable
> pay-per-execution / pay-as-you-go
> no upfront capacity planning
> significantly reduce operational cost
@n1ko_w1ll
AWS Lambda> disadvantages
> vendor lock-in
> startup latency
> testing
> debugging
> execution duration
@n1ko_w1ll
@n1ko_w1ll
AWS IoT
@n1ko_w1ll
AWS IoT> managed service
> message broker
> rules engine
> shadows
> registry
> security
@n1ko_w1ll
message broker> topic based
> publish / subscribe
> topic wildcards
> protocols
> MQTT
> MQTT + WebSockets
> HTTP
$aws/events/presence/connected/clientId $aws/events/presence/disconnected/clientId
$aws/things/thingName/shadow/update $aws/things/thingName/shadow/update/delta
@n1ko_w1ll
rules engine> SQL-like syntax
> augument or filter data
> rule actions
> state stores
> fast data pipelines
> CloudWatch
> Lambda
> republish
SELECT *, newuuid() AS requestId, clientId() AS clientId, timestamp() AS timestamp, topic(2) AS deviceId, topic(4) AS sensorId
FROM 'device/+/sensor/+/v1' WHERE temperature > 50 AND color <> 'red'
@n1ko_w1ll
shadows> JSON document
> current state of thing
> connection independent
> supports client tokens
> supports versioning
> MQTT topics
> RESTful API
{
"state" : {
"desired" : { "color" : "RED" },
"reported" : { "color" : „GREEN" }
},
"metadata" : {
"desired" : { "color" : { "timestamp" : 12345 } },
"reported" : { "color" : { "timestamp" : 12345 } }
},
"version" : 10,
"clientToken" : "UniqueClientToken",
"timestamp": 123456789
}
@n1ko_w1ll
registry> manage your things
> physical device or sensor
> logical entity
> attributes
> thing types
{
"version": 3,
"thingName": "MyLightBulb",
"defaultClientId": "MyLightBulb",
"thingTypeName": "LightBulb",
"attributes": {
"model": "123",
"wattage": "75"
}
}
@n1ko_w1ll
security> mutual authentication with X509 certificates + TLS 1.2
> or SigV4 for HTTPS and WebSockets
> bring your own certificate
> JITR
> Atmel ECC508
> policy based access with dynamic values
> role based rules action execution
@n1ko_w1ll
use-cases
@n1ko_w1ll
just in time registration (JITR)
thingAWS IoT
Device Registry$aws/events/certificates/ registered/caCertificateID
IoT Policy
IoT Rule
AWS Lambda
@n1ko_w1ll
on-boarding
thingAWS IoT
AWS Lambda custom/clientId/registerIoT Rule
IoT Policy Device Shadow
Amazon DynamoDB
@n1ko_w1ll
thing
IoT Policy Device Shadow
mobile client
AWS Lambda
Amazon Cognito
Amazon API Gateway
AWS IoT
thing pairing
exchange OAuth token for AWS credentials
@n1ko_w1ll
list / search things
thingsmobile client
AWS Lambda
Amazon Cognito
Amazon API Gateway
AWS IoT
Amazon DynamoDB
@n1ko_w1ll
command & control
thingmobile client
AWS Lambda
Amazon Cognito
Amazon API Gateway
AWS IoT
Device Shadow
@n1ko_w1ll
command & control
thingmobile client Amazon Cognito AWS IoT
Device Shadow
@n1ko_w1ll
command & control
thing
Amazon Cognito
AWS IoTAmazon Echo AWS Lambda
Alexa Skill
Device Shadow
@n1ko_w1ll
telemetry
AWS IoT
things
Amazon Kinesis
Amazon DynamoDB
telemetry rule telemetry topic
Amazon EMR
@n1ko_w1ll
{
"state": {
"reported": {
"connected": true
}
}
}
{
"state": {
"reported": {
"connected": true
}
}
}
connected / disconnected / LWT
Device Shadow
thingAWS IoT
shadow update topic
@n1ko_w1ll
{
"state": {
"reported": {
"connected": true
}
}
}
{
"state": {
"reported": {
"connected": false
}
}
}
{
"state": {
"reported": {
"connected": false
}
}
}
connected / disconnected / LWT
Device Shadow
thingAWS IoT
shadow update topic
@n1ko_w1ll
{
"state": {
"reported": {
"connected": true
}
}
}
{
"state": {
"reported": {
"connected": false
}
}
}
connected / disconnected / LWT
Device Shadow
thingAWS IoTLWT rule custom LWT topic
LWT
{
"state": {
"reported": {
"connected": false
}
}
}shadow update topic
republish
@n1ko_w1ll
encrypted file transfer
Amazon S3
thingAWS IoTAWS Lambda
AWS KMS
@n1ko_w1ll
firmware update
Device Shadow
AWS Lambda thingAWS IoTAmazon S3
Amazon DynamoDB
@n1ko_w1ll
summary> scalable plattform
> common IoT use-cases
> w/o own infrastructure
> w/o upfront capacity planning
> very secure
> very extensible
@n1ko_w1ll
Thank you. Questions? Comments
@n1ko_w1ll Niko Will
innoQ Deutschland GmbH
Krischerstr. 100 40789 Monheim am Rhein Germany Phone: +49 2173 3366-0
innoQ Schweiz GmbH
Gewerbestr. 11 CH-6330 Cham Switzerland Phone: +41 41 743 0116www.innoq.com
Ohlauer Straße 43 10999 Berlin Germany Phone: +49 2173 3366-0
Ludwigstr. 180E 63067 Offenbach Germany Phone: +49 2173 3366-0
Kreuzstraße 1680331 München Germany Phone: +49 2173 3366-0