service assisted device communications on microsoft azure
TRANSCRIPT
Service Assisted Device
Communications on Microsoft Azure
Rick G. Garibay
MVP Microsoft Azure
@rickggaaribay
About Me• VP, Distinguished Engineer leading the Development Platform Group at
Neudesic
• Working on IoT, Intelligent Transportation and Hospitality & Gaming
• 8-time Microsoft MVP, Microsoft Azure
• Co-Author, “Windows Server AppFabric Cookbook” by Packt Pub.
• Chairman, Co-Founder Phoenix Connected Systems User Group (PCSUG.org)
• twitter: @rickggaribay
• Official Hashtag: #azureconf
• blog: http://rickgaribay.net
• email: [email protected] | [email protected]
Agenda
• Internet of Things by the Numbers
• Devices, Protocols & Messaging Models
• IoT vs. “Things on the Internet”
• Service Assisted Communication on the Reykjavik Device Gateway
OEM Revenue Opportunity | Market Forecast CY17
Source: IDC Sept 2013 and Microsoft
Auto & Trans Retail Manufacturing Healthcare Energy Computing Telecom Consumer
$7 B $16 B $197 B $3 B $27 B $908 B $179 B $356 B System Revenue
IntelligentSystems
1.7T$
The Internet of Things is the network of physical objects that contain embedded technology to communicate and interact with
their internal states or the external environment.
IoT Device Taxonomy
LargeLargeLargeLarge
MobileMobileMobileMobile
MicroMicroMicroMicro
SmallSmallSmallSmall
POS terminal, ATM, MRI
x86, PC-like, apps
Industry handheld, POS tablet
ARM and x86, shell experience, apps
Gateways, wearables, panels, cars
ARM and x86, diverse hardware, no shell
Controllers, fixed-use, sensors, actuators
ARM, constrained hardware, headless
Beyond the garage, the true significance of IoT is the foundation it creates for providing insights and actions that enable new business capabilities.
Smart Products
Grid
Renewables
Oil/Gas/Coal Recovery and
Distribution
Pointsof Sale
Restaurants
Hotels
FuelStations
Patients
Clinics
Hospitals
NursingHomes
MobileCare
SafetySecurity
ComfortLighting
Automation
Manufacturing Integration and
AutomationRemote
Servicing
Predictive and Reactive
Maintenance
Water
Waste
PollutionControl
Fire
Emergency
PublicSafety
Law Enforcement
Letters
Packages
Containers
Tanks Bulkware
Games
Events
Sports
TelevisionStreaming
Traffic Buses
Cars
Trucks
Trains
Vessels
Aircraft
Bikes
Smart Energy
Smart Retail
Smart Mobility
Smart Logistics
Smart Factory
Smart Cities
Smart Entertain-
ment
Smart Health-
care
Smart Building Home
From IT to Operational Technology
IT
Servers, Applications, Systems
OT
Devices, Telemetry, Command & Control
Data-Driven Insight + Action at a Distance
Data Driven Insight + Action at a Distance
Data –> Information –> Insight ($+)
• Make more efficient use of resources
• Provide more targeted products and services
• Discover patterns, trends that lead to new business insights
Action at a Distance
• Acting on Data Insights (Real-Time and At Rest)
• The ability to act remotely –automatically and intelligently
• Remote control is a source of efficiency
• Enables new forms of customer interaction and engagement
19
Manufacturing: Consumer PRM
20
Insight
• Mineralization reads• # of daily work cycles• Flavor trends
Action
• Request permission to conduct descaling task
• Upsell to more robust model • New alliances, e-coupons,
etc.
Transportation : Smart Parking
21
Insight
• Vehicle ingress/egress from parking spot
• Meter payment• Meter expiry
Action
• Dynamic pricing adjustment based on parking saturation
• Extending meter time remotely via smart phone
• Directed enforcement of ticketing
Retail: Product Placement
22
Insight
• iBeacon signatures • Area/isle/product interaction• * Not just opt-in!
Action
• Triangulation• Customer Experience• Product placement
Message Types
Voluntary information flow from device to
another system.
Requests for information
from device to other systems.
Instructions from other
systems to a device.
Information flow from other systems to the
device.
Telemetry Inquires Commands Notifications
Various Protocols
2G
Wi-Fi
RFID
GPRS SMS
3G
LTE
WiMax
ZigBee
NFC
TCP
UDP
BLE
AMQP
MQTT
CoAP
Custom
HTTP
…
Default Connectivity Model
• Connectivity (IPv6 + VPN)• Give every device a routable IP address• Devices expose services for control/query operations• Command Source is either on premise or remote,
enabled by a bridge of some sort. • Remote access is enabled within the VPN’s routing
domain
Default Connectivity Model
Connections are command source
initiated.
Device exposes a service/API
Command Source
Default Connectivity Challenges• Addressability
• Requires network-layer intervention• Doesn’t work for devices that are loosely connected (roaming, frequently offline)
• Security• By default, every protocol that can be routed over Ethernet can flow – and between any two nodes• SSL/TLS is not an option on many small devices. • VPN controls access to IP addresses and ports, not application endpoints (lack of granular authorization)• Many devices are not VPN-capable due to resource/bandwidth constraints
• Efficient scale• VPN infrastructure is expensive and costly to maintain• Does not address device management.
• Think 1K, 10K, 100K+ devices
On-Premise Brokered Model
• Connectivity (IPv6 + VPN)• Give every device a routable IP address.• Devices participate in pub-sub messaging on-prem or
via VPN using industry standard protocol like MQTT.• Command Source is either on premise or remote,
enabled by a bridge of some sort. • Remote access is enabled within the VPN’s routing
domain.
On-Premise Brokered Model
Device subscribes to broker via TCP, etc.
Device Broker
Typically a socket connection.
Messaging happens on premise, attack surface minimized.
MQTT, etc.Command Source
Must be on premise or somehow bridged.
On-Premise Brokered Challenges• Addressability
• Device and broker are intimately connected.
• Doesn’t work for devices that are loosely connected (roaming, frequently offline).
• Security• SSL/TLS is not an option on many small devices.
• Many devices are not VPN-capable due to resource/bandwidth constraints.
• Efficient scale• VPN infrastructure is expensive and costly to maintain.
• External commands require some kind of a gateway service.
• Does not address device management.
• Think 1K, 10K, 100K+ devices
Service Assisted Communications Model
• Devices connect via open standard protocols• AMQP 1.0 and HTTP supported natively by the Service Bus
• MQTT, CoAP and others can be implemented via custom gateway/adapter model
• Sockets secured via TLS (or a lightweight variant)
• Each device has a dedicated Inbox/Outbox on the Gateway• Device sends telemetry/alerts and routes service invocations via its Outbox
• Device receives commands and queries from its Inbox
• Correlated request/reply patterns can be implemented on top of these two messaging channels
• The device knows, and has access to, only its own specific inbox/outbox endpoints (URI’s)
Backend Components
Cloud Gateway
Inbox
Outbox
Co
mm
and
AP
I
Pro
toco
l H
ead
Device
Service-Assisted Communications
Connections are device-initiated and
outbound
NAT/Firewall Device (Router)
IP NAT
Cloud Gateway
Command Source
Port mapping is automatic, outbound
Device does not listen for unsolicited
traffic
No inbound ports open, attack surface
is minimized
Access-controlled command API
Secure, managed hosting platform
Outbound
DNSmyapp.cloudapp.net
Telemetry Routing with the Azure Service Bus
� Split the stream
� Enable parallel processing
� Implement different Q QoS levels
� Level and balance the load
Topic SubsFilters
Service Bus
Device 2
Receiver 2b
Device 1
Device 3Receiver 2a
Alerts
Data
Receiver 1Alert Processor
StoragePre-processor
Routing Commands with the Azure Service Bus
TopicSubs Filters
Service Bus
Device 2
Device 1
Device 3Sender 2
Model A
Device 3
Sender 1
Model TModel T
Model A
� Target individuals or groups
� Set delivery timeouts (TTL)
� Deal with spotty connectivity
� Traverse NATs/firewalls securely
Event Hub for IoT: Big Data Ingestion
Event Sources Cloud Services
Storage & Analytics
Custom Code & 3rd Party Services
Web/Mobile User Interfaces
Integration Services
Event Hub
- Hyper Scale -
- Fully Managed -
- Interoperable -
- Secure -
- Cost Effective -
Service Assisted Custom/Cloud Gateway Challenges• Device Provisioning
• From a handful to thousands of devices• Self-service, scripted, automated
• Connectivity• Addressability (non-IP devices, firewalls/NATs, online/offline, roaming)• Heterogeneity (OS/firmware, power/network constraints, protocols)• Security (identity, authorization, privacy, data integrity)• Efficient Scale (millions of devices per tenant, at a reasonable cost)
• Messaging• Telemetry (collection, filtering, routing, throughput, per-message QoS)• Notifications (targeting devices/device groups within large populations)• Command/Query and Inquiries (correlation, sessions/batching)
IoT Cloud Platform “Stack” – Abstract Model
Non-IPCapable Devices
IPCapable Devices C
lou
d G
ate
way
Custom Code
Clo
ud
Pla
tfo
rm
Serv
ices
EnterpriseSystems
Third-Party Data and Services
A B C D E F
Fie
ld
Gate
way
Azure Hosting Options
Non-IPCapable Devices
IPCapable Devices C
lou
d G
ate
way
Custom Code
Clo
ud
Pla
tfo
rm
Serv
ices
EnterpriseSystems
Third-Party Data
and Services
A B C D E F
Web Sites
Mobile Services Cloud Services
External Code
VM Roles
Fie
ld
Gate
way
Azure Platform Services
Non-IPCapable Devices
IPCapable Devices C
lou
d G
ate
way
Custom Code
Clo
ud
Pla
tfo
rm
Serv
ices
EnterpriseSystems
Third-Party Data and Services
A B C D E F
HD Insight
Azure Databases
Table/Blob Storage
BizTalk Services
Service Bus
Fie
ld
Gate
way
Media Services
Azure – IoT Cloud Gateway
Non-IPCapable Devices
IPCapable Devices C
lou
d G
ate
way
Custom Code
Clo
ud
Pla
tfo
rm
Serv
ices
EnterpriseSystems
Third-Party Data
and Services
Fie
ld
Gate
way
A B C D E FA B C D
Serv
ice B
us
A/B
Serv
ice B
us
A/B
Cu
sto
mG
W R
ole
Pattern 1: Device Direct Pattern 2: Custom Gateway
Service Bus Messaging
Device Gateway Accelerator – Reference Architecture (Reykjavík)
1. Custom Protocol Gateway
2. Telemetry Pump and Adapters
3. Command Gateway
4. Provisioning Service and Metadata Store
Custom Protocol Gateway Host
MQTT CoAP …
Telemetry/Request Router
Notification/CommandRouter
Adapters Command API Host
Provisioning Service
Device Metadata and Key
Store
HD
Insi
gh
t
Biz
Talk
Orl
ean
s
Azu
re S
tora
ge
Azu
re D
bs
Serv
ice B
us HTTP
HTTP
Devices
AMQP
1
2 3
4
Configuration
HTTP
Yo
ur
Pro
cess
Device (Non-ISS)
Device (Non-ISS)
Event Hub
Azure Storage
Rich Device Registry & Object Model of “Things”
Azure
ISS
Customer Apps
HDInsights
BI Systems
3rd Party Solutions
Data Flow
Intelligent Systems Service (LP)
SQL Azure
Event Hub
Basic Device
Registry
ISS S
ecu
rity
, P
riva
cy &
Sh
ari
ng
Co
ntr
ols
IoT Rule Templates
Natural Language Query
ISS Agents
ISS Agents
ISS Agents
ISS Solution
Sin
gle
Acc
ou
nt,
Per
devi
ce B
illin
g,
etc
.
Command & Control
Azure Event Processing
ISS
Po
rtal
Device Gateway – Partition Topology
• The “Partition” is a set of resources dedicated to a specific device population (or subset thereof).
• The “Master” role manages partition deployment and device provisioning into the partitions.
PartitionMaster
Partition Repo
Command Topics
Service Bus Standard Protocol Custom Protocol
Device Repoin0000 inFFFF…in0001 in0002
AMQP HTTP MQTT Custom Protocol Host
Protocol Adapters
diagall diagall diagall diagall
Telemetry Pump/Router
N Instances
Telemetry Adapter
Telemetry Adapter
Telemetry Adapter
DeploymentRuntime
out0000 outFFFF…out0001 out0002
s0001
s0002
s03E7
s0001
s0002
s03E7
s0001
s0002
s03E7
s0001
s0002
s03E7
g0000/rte0000
g0000/rte0001
ou
t0
ou
t1
ou
t2
n Groups of m Routers
ou
t0
ou
t1
ou
t2
g0001/rte0000
g0001/rte0001
ou
t0
ou
t1
ou
t2
ou
t0
ou
t1
ou
t2
ProvisioningRuntime
Ingestion Topics or Event Hubs (Telemetry)
CommandAPI Host
DEMO 2 DEMO 2 DEMO 2 DEMO 2 –––– REYKJAVIK SNEAK PEAK!REYKJAVIK SNEAK PEAK!REYKJAVIK SNEAK PEAK!REYKJAVIK SNEAK PEAK!Reykjavik Device Gateway Deployment and Provisioning
Device Gateway – Customer Topology
• Global coverage achieved by spreading partitions across multiple Azure regions
• Reference architecture supports up to 1000 distinct partitions
• Number and distribution of partitions driven by data volumes, business continuity, legal and proximity considerations
Consumer: Space Heater
48
Insight
• Current Temperature• Current Fan Speed• Current Fan RPM
Action
• Increase/reduce fan speed• Change temperature• Change readings interval
DEMO 3 DEMO 3 DEMO 3 DEMO 3 ---- REYKJAVIK SNEAK REYKJAVIK SNEAK REYKJAVIK SNEAK REYKJAVIK SNEAK PEAK!PEAK!PEAK!PEAK!Reykjavik Device Gateway Telemetry & Commands
Event Velocity
Device telemetry• Thermostats report data
every 15 minutes
• Cars send telemetry data every minute
Application telemetry• Application perf counters are measured
every second per server
• Mobile app telemetry is captured for every action on your app!
App and operational events• Halo game engine estimate 1,000,000
messages/second
Protocol reach to devices and platforms
Windows
Azure Service Bus
Queues
Topics
Event hubs
/azure-sdk-for-python/
/azure-sdk-for-php/
/azure-sdk-for-node/
/azure-sdk-for-java/
/azure-sdk-for-ruby/
HTTP(S)HTTP(S)HTTP(S)HTTP(S)
https://github.com/windowsAzureAMQP 1.0
Other platforms
AMQP AMQP AMQP AMQP 1.01.01.01.0
EmbeddedEmbeddedEmbeddedEmbedded
Event Hub Pub-Sub Ingestion
FacetFacetFacetFacet ServiceServiceServiceService Bus Event Hub CapabilityBus Event Hub CapabilityBus Event Hub CapabilityBus Event Hub CapabilityVariety: > million publishers with HTTP/AMQPVelocity: > million EventData data ingress/secondVolume: > GB/s ingress, concurrent consumersSecurity: SAS based, unique token per publisherBuffer: Consumer provides its cursor/offsetDurable: Between 1 and 30 days retentionLatency: 50ms end-to-end durableCost: Competitive pricing, PaaS service so pay-as-you-go
52
Service Bus Messaging + Event Hubs!
Device Gateway Accelerator – Reference Architecture (Reykjavík)
1. Custom Protocol Gateway
2. Telemetry Pump and Adapters
3. Command Gateway
4. Provisioning Service and Metadata Store
Custom Protocol Gateway Host
MQTT CoAP …
Telemetry/Request Router
Notification/CommandRouter
Adapters Command API Host
Provisioning Service
Device Metadata and Key
Store
HD
Insi
gh
t
Biz
Talk
Orl
ean
s
Azu
re S
tora
ge
Azu
re D
bs
Serv
ice B
us HTTP
HTTP
Devices
AMQP
1
2 3
4
Configuration
HTTP
Yo
ur
Pro
cess
About Me
• VP, Distinguished Engineer leading the Development Platform Group at Neudesic
• Working on IoT, Intelligent Transportation and Hospitality & Gaming
• 8-time Microsoft MVP, Microsoft Azure
• Co-Author, “Windows Server AppFabric Cookbook” by Packt Pub.
• Chairman, Co-Founder Phoenix Connected Systems User Group (PCSUG.org)
• twitter: @rickggaribay
• blog: http://rickgaribay.net
• email: [email protected] | [email protected]