At the EclipseCon Developers conference in San Francisco, there was considerable talk about some of the challenges in developing the infrastructure for the Internet of Things (IoT). The cloud promises to play a key role in bridging the gap between constrained devices and tools for storing and analyzing the flood of data. The rise in the number of devices connected to the IoT will require new thinking around scalability, security and governance.
For example, at the conference, Actuate -- a BI vendor -- and Eurotech Group -- an embedded device vendor -- demonstrated an application for counting attendees and correlating this with changes in environment such as air quality and electrical emissions. The application demonstrated how easy it was to bring in data from multiple disparate sensors, manage it in the cloud and then deliver visualizations that could be seen on dashboards and mobile applications.
Mike Milinkovich, executive director of the Eclipse Foundation said, "What we are seeing here is that with open source code available from Eclipse today, we can sense data, accumulate data, send it uphill to databases and analyze and report that data with BIRT [an open source visualization framework]."
Keep it open
While a considerable number of vendors are starting to embrace this opportunity, the wider adoption of the IoT is being held back by proprietary technologies, protocols and tools, said Milinkovich. The IoT has to be open. If there is anything we have learned from the last couple of years with Snowden, it is the lack of privacy and identity security. "When you have sensors everywhere, it is going to be a challenge to keep the IoT safe for privacy and safety. For me, it is a personal mission to do everything I can to be a forcing function to make the IoT as open as possible."
Mike Milinkovichexecutive director, Eclipse Foundation
He believes that an open approach will win when developers are given the tools to be successful. The Eclipse foundation has already done considerable work to deliver this framework with fourteen projects for leveraging IoT protocols, device management and supporting tools. There is already a great deal of technology for supporting this, said Milinkovich.
Adopting openness is not just about keeping the cost of the tools down, but long term maintenance. Milinkovich pointed out that when Airbus was looking for tools to maintain the code on its latest airplane, they chose open source tools because of concerns regarding the long term viability of proprietary alternatives. The tools needed to be maintained over the fifty-year lifetime of the airplanes and even profitable vendors might go out of business or be acquired in that time frame.
Coding for interconnection
Another challenge for the IoT lies in being able to leverage developer tools across platforms. A developer can't just write one IoT app and be done with it. They need to think about coding for the cloud and resource constrained devices, explained Brice Morin a researcher with SINTEF ICT research organization in Finland and one of the developers of the ThingML project.
He recommends a model driven approach to software development. This method would make it easier to create the application logic while reducing the complexity of the development process -- it could also help to reduce manual coding. Morin has been working on a project for a personal security system that equips guards with sensors when patrolling, then the data is pulled into the cloud for alerting and analysis. The hardest part was finding the right design pattern to ensure alerting without overwhelming the network or compromising battery life.
How do you test, deploy and maintain this mess? Morin said that one methodology is to define the interfaces of the systems, mock up the systems and implement it. Then you can wrap the existing APIs using services. A framework like ThingML can provide higher level concepts for orchestrating data that could be leveraged for Complex Event Processing engines.
Choose the right protocol
Another consideration is choosing sets of protocols best suited for the target applications, said Julien Vermillard, a software engineer at Sierra Wireless. He considers IoT to be about leveraging a large fleet of cloud connected devices to solve a business problem. But when it comes to connecting physical objects, one is faced with several challenges. Data coming from objects need to be efficiently routed to several consumers such as end-users, databases and enterprise information systems.
One promising protocol for addressing these challenges is MQTT, which can be used to build scalable sensor networks. MQTT uses a publish/subscribe paradigm for message distribution and supports WebSockets. A lighter version of MQTT for Sensor Networks can leverage the basic protocol into low bandwidth networks with high failure rates. However in these cases, security needs to be provided by the network. The Eclipse Paho project provides reference implementations of MQTT in several programming languages.
The Constrained Application Protocol (CoAP) is seen as one potential alternative to MQTT. It uses a REST like service model on top of the UDP protocol. However, it does not come with inherent authentication or authorization. CoAP can provide a light device management and application protocol, but is still a relative newcomer.
Start with security
Enterprise architects also need to start with security architecture in mind. Just because many of the protocols can support security, does not necessarily mean they will be secure when the devices are connected together.
Paul Fremantle CTO at WSO2 said there are key differences between IoT and traditional applications. For starters, physical devices need to be designed for a longer lifetime and updates might be harder or impossible. Furthermore many of these devices have limited capabilities -- particularly around cryptography -- also many lack a UI for entering user IDs and passwords.
In many industries, developers relied on the obscurity of the hardware to provide some manner of security. But with the growing importance of IoT connected devices, this lax attitude can leave gaping holes in the enterprise. Freemantle advocates against relying on obscurity for security.
It's also important to think about reducing the impact of security vulnerabilities. Freemantle said that unlocking a single device should risk only that device's data.
"We as a community need to make sure that the next generation of IoT devices are secure," said Freemantle. "To address this need, IoT architects need to create shields, libraries, server software and standards that can guide the development of secure IoT applications.
IoT cloud options appeal to manufacturers