BACKGROUND IMAGE: stock.adobe.com
Thanks to a number of principles from DevOps, IoT initiatives are rolling out more rapidly than ever before. Robert Stroud, principal analyst at Forrester Research, said, "IoT initiatives are fueling DevOps requirements. Sixty-five percent of respondents to our 2017 DevOps survey identified that IoT programs required them to leverage DevOps practices to drive success. These projects require the rapid release of software to the 'edge' to curate data and drive enhancements to IoT initiatives."
DevOps matters because IoT apps are more dispersed across a wider array of hardware and platforms. They introduce a much wider array of potential security vulnerabilities and failure modes than traditional enterprise apps. There are also bandwidth limitations, environmental impacts and human factors that can limit the ability to update these devices after they are deployed. With a sound strategy that includes DevOps, IoT challenges such as these can be mitigated.
Many IoT applications require edge compute capabilities to collect and synthetize data at the edge, which may lead to a large population of servers that require management. Stroud said, "These frequent updates need to be developed, tested, validated and deployed -- and rolled back in the case of failure -- on a frequent and consistent basis. Additionally, the proliferation of devices that may need software updates is well-suited to the automation that DevOps supports."
New testing strategy required
In many ways, the internet of things is just a new platform to deploy to public clouds and traditional enterprise systems. The key difference is in how the apps are test and deployed. David Linthicum, senior analyst at Cloud Technology Partners Inc., said, "IoT requires different approaches to continuous testing, considering that you're typically testing firmware on a device, as well as connectivity and some centralized systems. The focus of testing should be on security, communications performance and stability. Less of a focus is on the user interface, which may be absent."
The continuous deployment mechanisms of IoT are also like deployments in public clouds. But the focus is on pushing updates to devices in the field, which introduces new attack vectors for hackers.
"There is a huge issue with security here, and a malware vulnerability you need to consider and defend against," Linthicum said. "Focus on security; it's much more critical in the world of IoT considering the dire consequences of a breach. Planes could crash, robots could attack, but most likely the device will just stop working."
These updates are important because with traditional apps, users can work around issues with the software, but IoT devices cannot. Linthicum explained, "Thus, within the world of IoT, bugs and improvements need to be pushed out consistently, and DevOps provides the foundations for continuous improvement."
Real-world complexities like unpredictable networks, system variety (models and versions), inevitable unit failures and intermittent connections work against the DevOps "fast fail" philosophy. Kirit Basu, director of product management at StreamSets Inc., said, "Software failing on an IoT device isn't just a matter of a remote reboot. It may mean loss of device access or, even worse, a bricked device that must be physically replaced. Also, not all aspects of the data 'signal chain' are equally visible to the DevOps engineer, which can greatly hinder development efficiency."
DevOps, IoT, new data streams
One emerging challenge with IoT is figuring out how to make sense of the flood of new data without overwhelming cloud apps at the core. This requires better approaches for pushing analytics and machine learning to the edge and finding efficient ways of aggregating the right data required for improving machine learning and long-term analysis. The dynamic nature of the edge devices in terms of new models, regular upgrades and new algorithms adds another layer of complexity that benefits from an iterative development approach.
Basu said, "Mass consolidation of all data into a central analytics platform is not the best option when dealing with highly capable edge devices and costly or unreliable connectivity -- think cars, drones or even retail point-of-sale systems. We're seeing interest for DevOps teams to push analytics to edge devices when time is of the essence, such as in vehicle navigation or fraud detection, and architect via microservices to isolate risk and facilitate reuse."
One useful strategy lies in building a data movement architecture for IoT that allows the same level of security and audibility as traditional enterprise systems. This can help to mitigate the governance, risk management and compliance risks associated with the proliferation of data flows. Basu said, "Design for proper detection and handling of personally identifiable information at the get-go, and assume new [personally identifiable information] will show up unexpectedly as your architecture evolves."
Organizations also need to ensure these apps manage the flood of data with respect to good corporate governance and risk management practices. These risks are continuing to grow with new regulations like the European Union's General Data Protection Regulation, which threatens big penalties for poor execution.
Distributed architecture adds challenge
IoT architectures need to be able to respond to changes in raw inputs as data formats shift when IoT edge devices are replaced or upgraded. They also need to respond to outputs as business needs drive different analytic techniques and algorithms. Enterprises also need to be able to take advantage of changes in compute technology on the back end, like new field-programmable gate array, graphics processing unit and neural chip-based architectures. This requires finding ways to decouple different components of the architecture.
One of the big challenges with building out IoT applications is the lack of integration standards for communicating across the IoT stack. James Falkner, technology evangelist and technical marketing manager at Red Hat Inc., said, "One of IoT's typical characteristics is its scalability, which translates to lots of devices and gateways out in the field in a typical solution. Work has only just begun, for example, in the Eclipse [Foundation] IoT community or IFTTT, to standardize how IoT solutions are built and integrated together across the different layers." DevOps can help to hide or abstract a lot of the differences in networks, devices and deployment environment.
A promising approach lies in using microcontainer architectures for pushing updates to the edge using a standard container format. This allows developers and ops teams better control of both application code and the configuration settings in an automated way. For example, Red Hat Enterprise Linux Atomic Host can bring Linux container technology to the edge. This enables today's DevOps tooling, where containers are very popular, to be applied to IoT without a massive restructuring of DevOps practices.
Best practices from DevOps, IoT and the business itself are key to project success and keeping all stakeholders happy. DevOps started out as a way of improving communications between developers and operations. In the long run, enterprises are going to have to find ways to include other stakeholders, like business executives, security teams and compliance auditors, in the conversation. Falkner said, "Making sure stakeholders from all affected areas are involved in the buying decisions and implementation is critical to ensuring that the project is successful. It may work 100% correctly once deployed, but if the information isn't useful to the people who paid for it or are expected to use it, then the project will likely fail."
DevOps, IoT recommendations
"The best practice that enterprises can adopt is using the cloud, thinking about code development as intimately associated with the running of that code, so no throwing over the fence to the ops team. Automating everything -- and that includes pipelines, metrics, SecOps and integrating into ChatOps." -- Seb Chakraborty, global CTO, Centrica Connected Homes
"Treat your IoT data movement as a continuous operation. Using the idea of a data factory as a metaphor, you must be monitoring the data movement from source to output, specifically the timeliness, completeness and quality of the data being received. Design your IoT architecture in the context of your overall enterprise architecture. Strive for seamless continuity across building, deploying and operating IoT data flows with an eye toward the data being used across multiple applications. By reducing your technology sprawl, you will also reduce the breadth of skills required to succeed." -- Kirit Basu, director of product management, StreamSets
"Continuous integration is immensely important for IoT efforts. Continuous deployment is very difficult to do in an IoT setting, but we do it for our app development. Ensuring that each build is actually run on hardware and tested thoroughly is very important. Having builds push automatically to hardware has been invaluable in identifying problems before code is pushed onto remote sensors. Additionally, DevOps helps us keep consistent environments on all our devices by treating our environment description as part of the deployment package. We know that if it works on one device it will work on all of them. This simplifies testing greatly, while also providing a boost to the reliability of our stations." -- Alex Kubicek, founder and CEO, Understory Inc.
"Avoid one-off solutions that aren't extensible. Most IoT projects are, of course, customized to the industry as well as the existing infrastructure of the company. However, inevitably the business will change over time, possibly requiring a change in the information provided by the solution. If new requirements mean you have to completely change the solution, that can be expensive and difficult. Using industry standard protocols, such as [Advanced Message Queuing Protocol], [MQ Telemetry Transport], Modbus and so forth, can facilitate interoperability, debuggability, traceability and many other aspects. This also means that off-the-shelf software can be employed for monitoring, auditing, tracing, etc." -- James Falkner, technology evangelist and technical marketing manager, Red Hat